Play interactive tour

Edit tour

Analysis Report PO_Invoices_pdf.exe

Overview

General Information

Sample Name:	PO_Invoices_pdf.exe
Analysis ID:	347154
MD5:	59d7d8d5dd3e0055e7c0dcc75897f569
SHA1:	b249b28d088d54e971e2d9d8b2688440f8e6d513
SHA256:	ef715cd322f0a805a68840b215c062f2e254977170a11c6800d836eac781fabb
Tags:	exeHawkEyeYahoo
Most interesting Screenshot:

Detection

HawkEye AgentTesla MailPassView Matiex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Detected HawkEye Rat

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Yara detected AgentTesla

Yara detected AntiVM_3

Yara detected HawkEye Keylogger

Yara detected MailPassView

Yara detected Matiex Keylogger

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

Allocates memory in foreign processes

Bypasses PowerShell execution policy

Changes the view of files in windows explorer (hidden files and folders)

Contains functionality to log keystrokes (.Net Source)

Drops PE files to the startup folder

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Installs a global keyboard hook

Machine Learning detection for dropped file

Machine Learning detection for sample

May check the online IP address of the machine

Powershell drops PE file

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Sample uses process hollowing technique

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Instant Messenger accounts or passwords

Tries to steal Mail credentials (via file access)

Uses netsh to modify the Windows network and firewall settings

Writes to foreign memory regions

Yara detected WebBrowserPassView password recovery tool

Adds / modifies Windows certificates

Antivirus or Machine Learning detection for unpacked file

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May infect USB drives

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

One or more processes crash

PE file contains strange resources

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara signature match

Classification

Startup

System is w10x64

PO_Invoices_pdf.exe (PID: 5372 cmdline: 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' MD5: 59D7D8D5DD3E0055E7C0DCC75897F569)

powershell.exe (PID: 5904 cmdline: 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 8 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

RegAsm.exe (PID: 4888 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)

hawkgoods.exe (PID: 3724 cmdline: 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0 MD5: FFDB58533D5D1362E896E96FB6F02A95)

dw20.exe (PID: 6684 cmdline: dw20.exe -x -s 2164 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)

vbc.exe (PID: 6852 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

vbc.exe (PID: 6868 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

WerFault.exe (PID: 7028 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 1996 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

origigoods40.exe (PID: 6172 cmdline: 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0 MD5: AE36F0D16230B9F41FFECBD3C5B1D660)

Matiexgoods.exe (PID: 6264 cmdline: 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0 MD5: 80C61B903400B534858D047DD0919F0E)

netsh.exe (PID: 1744 cmdline: 'netsh' wlan show profile MD5: A0AA3322BB46BBFC36AB9DC1DBBBB807)

conhost.exe (PID: 1200 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

origigoods20.exe (PID: 6352 cmdline: 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0 MD5: 61DC57C6575E1F3F2AE14C1B332AD2FB)

I$s#$lT3ssl.exe (PID: 1808 cmdline: 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' MD5: 59D7D8D5DD3E0055E7C0DCC75897F569)

powershell.exe (PID: 6908 cmdline: 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 6980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

RegAsm.exe (PID: 4828 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)

hawkgoods.exe (PID: 5440 cmdline: 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0 MD5: FFDB58533D5D1362E896E96FB6F02A95)

dw20.exe (PID: 5252 cmdline: dw20.exe -x -s 2092 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)

vbc.exe (PID: 5776 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

vbc.exe (PID: 6108 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt' MD5: C63ED21D5706A527419C9FBD730FFB2E)

WerFault.exe (PID: 4776 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 940 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

origigoods40.exe (PID: 3080 cmdline: 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0 MD5: AE36F0D16230B9F41FFECBD3C5B1D660)

Matiexgoods.exe (PID: 6532 cmdline: 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0 MD5: 80C61B903400B534858D047DD0919F0E)

origigoods20.exe (PID: 7160 cmdline: 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0 MD5: 61DC57C6575E1F3F2AE14C1B332AD2FB)

cleanup

Malware Configuration

Threatname: HawkEye

{"Modules": ["WebBrowserPassView", "mailpv", "Mail PassView"], "Version": ""}

Threatname: Agenttesla

{"Username: ": "", "URL: ": "", "To: ": "", "ByHost: ": "smtp.privateemail.com:587", "Password: ": "", "From: ": ""}

Yara Overview

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\origigoods20.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Local\Temp\origigoods40.exe	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
dropped/hawkgoods.exe	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
dropped/hawkgoods.exe	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
dropped/hawkgoods.exe	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
dropped/hawkgoods.exe	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
dropped/hawkgoods.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
dropped/hawkgoods.exe	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
Click to see the 10 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.285132773.0000000003DE1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001F.00000000.423374232.0000000000722000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000003.425880345.0000000003A2D000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000023.00000002.465758929.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000012.00000002.308131659.0000000000400000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000007.00000002.445463818.0000000000C32000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.430720019.00000000000E2000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.269169616.00000000010E3000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000000.419299258.0000000000E22000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.651684392.0000000007F40000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x12df7:$key: HawkEyeKeylogger 0x1503b:$salt: 099u787978786 0x13438:$string1: HawkEye_Keylogger 0x1428b:$string1: HawkEye_Keylogger 0x14f9b:$string1: HawkEye_Keylogger 0x13821:$string2: holdermail.txt 0x13841:$string2: holdermail.txt 0x13763:$string3: wallet.dat 0x1377b:$string3: wallet.dat 0x13791:$string3: wallet.dat 0x14b5f:$string4: Keylog Records 0x14e77:$string4: Keylog Records 0x15093:$string5: do not script --> 0x12ddf:$string6: \pidloc.txt 0x12e6d:$string7: BSPLIT 0x12e7d:$string7: BSPLIT
00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x13490:$hawkstr1: HawkEye Keylogger 0x142d1:$hawkstr1: HawkEye Keylogger 0x14600:$hawkstr1: HawkEye Keylogger 0x1475b:$hawkstr1: HawkEye Keylogger 0x148be:$hawkstr1: HawkEye Keylogger 0x14b37:$hawkstr1: HawkEye Keylogger 0x1301e:$hawkstr2: Dear HawkEye Customers! 0x14653:$hawkstr2: Dear HawkEye Customers! 0x147aa:$hawkstr2: Dear HawkEye Customers! 0x14911:$hawkstr2: Dear HawkEye Customers! 0x1313f:$hawkstr3: HawkEye Logger Details:
00000005.00000003.272090410.0000000003B4B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000003.414221299.00000000036C1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x12df7:$key: HawkEyeKeylogger 0x1503b:$salt: 099u787978786 0x13438:$string1: HawkEye_Keylogger 0x1428b:$string1: HawkEye_Keylogger 0x14f9b:$string1: HawkEye_Keylogger 0x13821:$string2: holdermail.txt 0x13841:$string2: holdermail.txt 0x13763:$string3: wallet.dat 0x1377b:$string3: wallet.dat 0x13791:$string3: wallet.dat 0x14b5f:$string4: Keylog Records 0x14e77:$string4: Keylog Records 0x15093:$string5: do not script --> 0x12ddf:$string6: \pidloc.txt 0x12e6d:$string7: BSPLIT 0x12e7d:$string7: BSPLIT
00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x13490:$hawkstr1: HawkEye Keylogger 0x142d1:$hawkstr1: HawkEye Keylogger 0x14600:$hawkstr1: HawkEye Keylogger 0x1475b:$hawkstr1: HawkEye Keylogger 0x148be:$hawkstr1: HawkEye Keylogger 0x14b37:$hawkstr1: HawkEye Keylogger 0x1301e:$hawkstr2: Dear HawkEye Customers! 0x14653:$hawkstr2: Dear HawkEye Customers! 0x147aa:$hawkstr2: Dear HawkEye Customers! 0x14911:$hawkstr2: Dear HawkEye Customers! 0x1313f:$hawkstr3: HawkEye Logger Details:
00000005.00000003.276618597.0000000003B4B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.286093751.00000000010E3000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000003.418225668.0000000000E23000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000003.418385560.000000000372B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000003.427152213.00000000039C1000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.651227274.0000000007C90000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000008.00000002.681623451.0000000000F72000.00000002.00020000.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b6c7:$key: HawkEyeKeylogger 0x7d90b:$salt: 099u787978786 0x7bd08:$string1: HawkEye_Keylogger 0x7cb5b:$string1: HawkEye_Keylogger 0x7d86b:$string1: HawkEye_Keylogger 0x7c0f1:$string2: holdermail.txt 0x7c111:$string2: holdermail.txt 0x7c033:$string3: wallet.dat 0x7c04b:$string3: wallet.dat 0x7c061:$string3: wallet.dat 0x7d42f:$string4: Keylog Records 0x7d747:$string4: Keylog Records 0x7d963:$string5: do not script --> 0x7b6af:$string6: \pidloc.txt 0x7b73d:$string7: BSPLIT 0x7b74d:$string7: BSPLIT
0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd60:$hawkstr1: HawkEye Keylogger 0x7cba1:$hawkstr1: HawkEye Keylogger 0x7ced0:$hawkstr1: HawkEye Keylogger 0x7d02b:$hawkstr1: HawkEye Keylogger 0x7d18e:$hawkstr1: HawkEye Keylogger 0x7d407:$hawkstr1: HawkEye Keylogger 0x7b8ee:$hawkstr2: Dear HawkEye Customers! 0x7cf23:$hawkstr2: Dear HawkEye Customers! 0x7d07a:$hawkstr2: Dear HawkEye Customers! 0x7d1e1:$hawkstr2: Dear HawkEye Customers! 0x7ba0f:$hawkstr3: HawkEye Logger Details:
00000007.00000000.273140883.0000000000C32000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000000A.00000000.281843308.00000000000E2000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001A.00000003.428390015.0000000000E23000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b6c7:$key: HawkEyeKeylogger 0x7d90b:$salt: 099u787978786 0x7bd08:$string1: HawkEye_Keylogger 0x7cb5b:$string1: HawkEye_Keylogger 0x7d86b:$string1: HawkEye_Keylogger 0x7c0f1:$string2: holdermail.txt 0x7c111:$string2: holdermail.txt 0x7c033:$string3: wallet.dat 0x7c04b:$string3: wallet.dat 0x7c061:$string3: wallet.dat 0x7d42f:$string4: Keylog Records 0x7d747:$string4: Keylog Records 0x7d963:$string5: do not script --> 0x7b6af:$string6: \pidloc.txt 0x7b73d:$string7: BSPLIT 0x7b74d:$string7: BSPLIT
00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd60:$hawkstr1: HawkEye Keylogger 0x7cba1:$hawkstr1: HawkEye Keylogger 0x7ced0:$hawkstr1: HawkEye Keylogger 0x7d02b:$hawkstr1: HawkEye Keylogger 0x7d18e:$hawkstr1: HawkEye Keylogger 0x7d407:$hawkstr1: HawkEye Keylogger 0x7b8ee:$hawkstr2: Dear HawkEye Customers! 0x7cf23:$hawkstr2: Dear HawkEye Customers! 0x7d07a:$hawkstr2: Dear HawkEye Customers! 0x7d1e1:$hawkstr2: Dear HawkEye Customers! 0x7ba0f:$hawkstr3: HawkEye Logger Details:
0000001F.00000002.681903640.0000000000722000.00000002.00020000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000005.00000003.284634932.0000000003E4D000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000002.398436711.0000000007540000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
00000006.00000002.398332656.00000000073F0000.00000004.00000001.sdmp	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7ba86:$key: HawkEyeKeylogger 0x7dcca:$salt: 099u787978786 0x7c0c7:$string1: HawkEye_Keylogger 0x7cf1a:$string1: HawkEye_Keylogger 0x7dc2a:$string1: HawkEye_Keylogger 0x7c4b0:$string2: holdermail.txt 0x7c4d0:$string2: holdermail.txt 0x7c3f2:$string3: wallet.dat 0x7c40a:$string3: wallet.dat 0x7c420:$string3: wallet.dat 0x7d7ee:$string4: Keylog Records 0x7db06:$string4: Keylog Records 0x7dd22:$string5: do not script --> 0x7ba6e:$string6: \pidloc.txt 0x7bafc:$string7: BSPLIT 0x7bb0c:$string7: BSPLIT
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7c11f:$hawkstr1: HawkEye Keylogger 0x7cf60:$hawkstr1: HawkEye Keylogger 0x7d28f:$hawkstr1: HawkEye Keylogger 0x7d3ea:$hawkstr1: HawkEye Keylogger 0x7d54d:$hawkstr1: HawkEye Keylogger 0x7d7c6:$hawkstr1: HawkEye Keylogger 0x7bcad:$hawkstr2: Dear HawkEye Customers! 0x7d2e2:$hawkstr2: Dear HawkEye Customers! 0x7d439:$hawkstr2: Dear HawkEye Customers! 0x7d5a0:$hawkstr2: Dear HawkEye Customers! 0x7bdce:$hawkstr3: HawkEye Logger Details:
00000022.00000002.446713470.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001A.00000003.419784850.000000000372B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b6c7:$key: HawkEyeKeylogger 0x7d90b:$salt: 099u787978786 0x7bd08:$string1: HawkEye_Keylogger 0x7cb5b:$string1: HawkEye_Keylogger 0x7d86b:$string1: HawkEye_Keylogger 0x7c0f1:$string2: holdermail.txt 0x7c111:$string2: holdermail.txt 0x7c033:$string3: wallet.dat 0x7c04b:$string3: wallet.dat 0x7c061:$string3: wallet.dat 0x7d42f:$string4: Keylog Records 0x7d747:$string4: Keylog Records 0x7d963:$string5: do not script --> 0x7b6af:$string6: \pidloc.txt 0x7b73d:$string7: BSPLIT 0x7b74d:$string7: BSPLIT
0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bd60:$hawkstr1: HawkEye Keylogger 0x7cba1:$hawkstr1: HawkEye Keylogger 0x7ced0:$hawkstr1: HawkEye Keylogger 0x7d02b:$hawkstr1: HawkEye Keylogger 0x7d18e:$hawkstr1: HawkEye Keylogger 0x7d407:$hawkstr1: HawkEye Keylogger 0x7b8ee:$hawkstr2: Dear HawkEye Customers! 0x7cf23:$hawkstr2: Dear HawkEye Customers! 0x7d07a:$hawkstr2: Dear HawkEye Customers! 0x7d1e1:$hawkstr2: Dear HawkEye Customers! 0x7ba0f:$hawkstr3: HawkEye Logger Details:
0000001A.00000003.413803172.0000000000E23000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000011.00000002.296594780.0000000000400000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x2d180:$key: HawkEyeKeylogger 0x2d870:$salt: 099u787978786 0x425cc:$string1: HawkEye_Keylogger 0x479a0:$string1: HawkEye_Keylogger 0x45254:$string2: holdermail.txt 0x45284:$string2: holdermail.txt 0x431ae:$string3: wallet.dat 0x431d6:$string3: wallet.dat 0x431fc:$string3: wallet.dat 0x44510:$string4: Keylog Records 0x44846:$string4: Keylog Records 0x31ef4:$string5: do not script --> 0x2d158:$string6: \pidloc.txt 0x2d260:$string7: BSPLIT 0x2d280:$string7: BSPLIT
0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x4265c:$hawkstr1: HawkEye Keylogger 0x434a0:$hawkstr1: HawkEye Keylogger 0x4388c:$hawkstr1: HawkEye Keylogger 0x444e8:$hawkstr1: HawkEye Keylogger 0x479f8:$hawkstr1: HawkEye Keylogger 0x55564:$hawkstr1: HawkEye Keylogger 0x420d4:$hawkstr2: Dear HawkEye Customers! 0x43504:$hawkstr2: Dear HawkEye Customers! 0x438f0:$hawkstr2: Dear HawkEye Customers! 0x555c4:$hawkstr2: Dear HawkEye Customers! 0x42206:$hawkstr3: HawkEye Logger Details:
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x36c806:$key: HawkEyeKeylogger 0x4cd836:$key: HawkEyeKeylogger 0x62c856:$key: HawkEyeKeylogger 0x36ea4a:$salt: 099u787978786 0x4cfa7a:$salt: 099u787978786 0x62ea9a:$salt: 099u787978786 0x36ce47:$string1: HawkEye_Keylogger 0x36dc9a:$string1: HawkEye_Keylogger 0x36e9aa:$string1: HawkEye_Keylogger 0x4cde77:$string1: HawkEye_Keylogger 0x4cecca:$string1: HawkEye_Keylogger 0x4cf9da:$string1: HawkEye_Keylogger 0x62ce97:$string1: HawkEye_Keylogger 0x62dcea:$string1: HawkEye_Keylogger 0x62e9fa:$string1: HawkEye_Keylogger 0x36d230:$string2: holdermail.txt 0x36d250:$string2: holdermail.txt 0x4ce260:$string2: holdermail.txt 0x4ce280:$string2: holdermail.txt 0x62d280:$string2: holdermail.txt 0x62d2a0:$string2: holdermail.txt
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x36ce9f:$hawkstr1: HawkEye Keylogger 0x36dce0:$hawkstr1: HawkEye Keylogger 0x36e00f:$hawkstr1: HawkEye Keylogger 0x36e16a:$hawkstr1: HawkEye Keylogger 0x36e2cd:$hawkstr1: HawkEye Keylogger 0x36e546:$hawkstr1: HawkEye Keylogger 0x4cdecf:$hawkstr1: HawkEye Keylogger 0x4ced10:$hawkstr1: HawkEye Keylogger 0x4cf03f:$hawkstr1: HawkEye Keylogger 0x4cf19a:$hawkstr1: HawkEye Keylogger 0x4cf2fd:$hawkstr1: HawkEye Keylogger 0x4cf576:$hawkstr1: HawkEye Keylogger 0x62ceef:$hawkstr1: HawkEye Keylogger 0x62dd30:$hawkstr1: HawkEye Keylogger 0x62e05f:$hawkstr1: HawkEye Keylogger 0x62e1ba:$hawkstr1: HawkEye Keylogger 0x62e31d:$hawkstr1: HawkEye Keylogger 0x62e596:$hawkstr1: HawkEye Keylogger 0x36ca2d:$hawkstr2: Dear HawkEye Customers! 0x36e062:$hawkstr2: Dear HawkEye Customers! 0x36e1b9:$hawkstr2: Dear HawkEye Customers!
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7ba86:$key: HawkEyeKeylogger 0x7dcca:$salt: 099u787978786 0x7c0c7:$string1: HawkEye_Keylogger 0x7cf1a:$string1: HawkEye_Keylogger 0x7dc2a:$string1: HawkEye_Keylogger 0x7c4b0:$string2: holdermail.txt 0x7c4d0:$string2: holdermail.txt 0x7c3f2:$string3: wallet.dat 0x7c40a:$string3: wallet.dat 0x7c420:$string3: wallet.dat 0x7d7ee:$string4: Keylog Records 0x7db06:$string4: Keylog Records 0x7dd22:$string5: do not script --> 0x7ba6e:$string6: \pidloc.txt 0x7bafc:$string7: BSPLIT 0x7bb0c:$string7: BSPLIT
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7c11f:$hawkstr1: HawkEye Keylogger 0x7cf60:$hawkstr1: HawkEye Keylogger 0x7d28f:$hawkstr1: HawkEye Keylogger 0x7d3ea:$hawkstr1: HawkEye Keylogger 0x7d54d:$hawkstr1: HawkEye Keylogger 0x7d7c6:$hawkstr1: HawkEye Keylogger 0x7bcad:$hawkstr2: Dear HawkEye Customers! 0x7d2e2:$hawkstr2: Dear HawkEye Customers! 0x7d439:$hawkstr2: Dear HawkEye Customers! 0x7d5a0:$hawkstr2: Dear HawkEye Customers! 0x7bdce:$hawkstr3: HawkEye Logger Details:
0000001A.00000003.424187770.000000000372B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.271788096.00000000010E3000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000005.00000003.283633869.0000000003B4B000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0000001E.00000002.681849072.0000000000BD2000.00000002.00020000.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: origigoods40.exe PID: 6172	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: origigoods40.exe PID: 6172	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: powershell.exe PID: 5904	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegAsm.exe PID: 4888	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: RegAsm.exe PID: 4888	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: RegAsm.exe PID: 4888	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: RegAsm.exe PID: 4888	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Process Memory Space: PO_Invoices_pdf.exe PID: 5372	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: PO_Invoices_pdf.exe PID: 5372	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
Process Memory Space: PO_Invoices_pdf.exe PID: 5372	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
Process Memory Space: PO_Invoices_pdf.exe PID: 5372	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
Click to see the 99 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
17.2.vbc.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
7.0.origigoods40.exe.c30000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
35.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
28.2.origigoods40.exe.e20000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
31.2.origigoods20.exe.720000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.hawkgoods.exe.34fa72.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
10.0.origigoods20.exe.e0000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
10.2.origigoods20.exe.e0000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.hawkgoods.exe.73f0000.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.2.hawkgoods.exe.2f9c0d.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.2.hawkgoods.exe.3a27e00.7.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.3a27e00.7.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a40000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
27.2.hawkgoods.exe.a40000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
27.2.hawkgoods.exe.a40000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.a40000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.2.hawkgoods.exe.a40000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a40000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
27.0.hawkgoods.exe.a9fa72.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.34fa72.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.7540000.11.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.0.hawkgoods.exe.34fa72.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc55:$key: HawkEyeKeylogger 0x1fe99:$salt: 099u787978786 0x1e296:$string1: HawkEye_Keylogger 0x1f0e9:$string1: HawkEye_Keylogger 0x1fdf9:$string1: HawkEye_Keylogger 0x1e67f:$string2: holdermail.txt 0x1e69f:$string2: holdermail.txt 0x1e5c1:$string3: wallet.dat 0x1e5d9:$string3: wallet.dat 0x1e5ef:$string3: wallet.dat 0x1f9bd:$string4: Keylog Records 0x1fcd5:$string4: Keylog Records 0x1fef1:$string5: do not script --> 0x1dc3d:$string6: \pidloc.txt 0x1dccb:$string7: BSPLIT 0x1dcdb:$string7: BSPLIT
6.0.hawkgoods.exe.34fa72.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.34fa72.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.0.hawkgoods.exe.34fa72.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e2ee:$hawkstr1: HawkEye Keylogger 0x1f12f:$hawkstr1: HawkEye Keylogger 0x1f45e:$hawkstr1: HawkEye Keylogger 0x1f5b9:$hawkstr1: HawkEye Keylogger 0x1f71c:$hawkstr1: HawkEye Keylogger 0x1f995:$hawkstr1: HawkEye Keylogger 0x1de7c:$hawkstr2: Dear HawkEye Customers! 0x1f4b1:$hawkstr2: Dear HawkEye Customers! 0x1f608:$hawkstr2: Dear HawkEye Customers! 0x1f76f:$hawkstr2: Dear HawkEye Customers! 0x1df9d:$hawkstr3: HawkEye Logger Details:
6.0.hawkgoods.exe.2f0000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.0.hawkgoods.exe.2f0000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
6.0.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.0.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.0.hawkgoods.exe.2f0000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
6.2.hawkgoods.exe.3a40240.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.0.hawkgoods.exe.a48208.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
27.0.hawkgoods.exe.a48208.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
27.0.hawkgoods.exe.a48208.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a48208.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.0.hawkgoods.exe.a48208.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.0.hawkgoods.exe.a48208.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
8.2.Matiexgoods.exe.f70000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
27.0.hawkgoods.exe.a9fa72.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc55:$key: HawkEyeKeylogger 0x1fe99:$salt: 099u787978786 0x1e296:$string1: HawkEye_Keylogger 0x1f0e9:$string1: HawkEye_Keylogger 0x1fdf9:$string1: HawkEye_Keylogger 0x1e67f:$string2: holdermail.txt 0x1e69f:$string2: holdermail.txt 0x1e5c1:$string3: wallet.dat 0x1e5d9:$string3: wallet.dat 0x1e5ef:$string3: wallet.dat 0x1f9bd:$string4: Keylog Records 0x1fcd5:$string4: Keylog Records 0x1fef1:$string5: do not script --> 0x1dc3d:$string6: \pidloc.txt 0x1dccb:$string7: BSPLIT 0x1dcdb:$string7: BSPLIT
27.0.hawkgoods.exe.a9fa72.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a9fa72.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.0.hawkgoods.exe.a9fa72.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e2ee:$hawkstr1: HawkEye Keylogger 0x1f12f:$hawkstr1: HawkEye Keylogger 0x1f45e:$hawkstr1: HawkEye Keylogger 0x1f5b9:$hawkstr1: HawkEye Keylogger 0x1f71c:$hawkstr1: HawkEye Keylogger 0x1f995:$hawkstr1: HawkEye Keylogger 0x1de7c:$hawkstr2: Dear HawkEye Customers! 0x1f4b1:$hawkstr2: Dear HawkEye Customers! 0x1f608:$hawkstr2: Dear HawkEye Customers! 0x1f76f:$hawkstr2: Dear HawkEye Customers! 0x1df9d:$hawkstr3: HawkEye Logger Details:
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.2.hawkgoods.exe.2f9c0d.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
27.2.hawkgoods.exe.41d0240.6.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a49c0d.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
27.2.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.2.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a49c0d.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
27.2.hawkgoods.exe.41b7e00.7.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.41b7e00.7.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
30.0.Matiexgoods.exe.bd0000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
27.0.hawkgoods.exe.a49c0d.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
27.0.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.0.hawkgoods.exe.a49c0d.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.0.hawkgoods.exe.a49c0d.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
6.0.hawkgoods.exe.2f9c0d.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.4031bf.2.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
26.2.RegAsm.exe.4031bf.2.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79ac7:$key: HawkEyeKeylogger 0x7bd0b:$salt: 099u787978786 0x7a108:$string1: HawkEye_Keylogger 0x7af5b:$string1: HawkEye_Keylogger 0x7bc6b:$string1: HawkEye_Keylogger 0x7a4f1:$string2: holdermail.txt 0x7a511:$string2: holdermail.txt 0x7a433:$string3: wallet.dat 0x7a44b:$string3: wallet.dat 0x7a461:$string3: wallet.dat 0x7b82f:$string4: Keylog Records 0x7bb47:$string4: Keylog Records 0x7bd63:$string5: do not script --> 0x79aaf:$string6: \pidloc.txt 0x79b3d:$string7: BSPLIT 0x79b4d:$string7: BSPLIT
26.2.RegAsm.exe.4031bf.2.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
26.2.RegAsm.exe.4031bf.2.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
26.2.RegAsm.exe.4031bf.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.4031bf.2.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a160:$hawkstr1: HawkEye Keylogger 0x7afa1:$hawkstr1: HawkEye Keylogger 0x7b2d0:$hawkstr1: HawkEye Keylogger 0x7b42b:$hawkstr1: HawkEye Keylogger 0x7b58e:$hawkstr1: HawkEye Keylogger 0x7b807:$hawkstr1: HawkEye Keylogger 0x79cee:$hawkstr2: Dear HawkEye Customers! 0x7b323:$hawkstr2: Dear HawkEye Customers! 0x7b47a:$hawkstr2: Dear HawkEye Customers! 0x7b5e1:$hawkstr2: Dear HawkEye Customers! 0x79e0f:$hawkstr3: HawkEye Logger Details:
27.2.hawkgoods.exe.41d0240.6.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a9fa72.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.a9fa72.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc55:$key: HawkEyeKeylogger 0x1fe99:$salt: 099u787978786 0x1e296:$string1: HawkEye_Keylogger 0x1f0e9:$string1: HawkEye_Keylogger 0x1fdf9:$string1: HawkEye_Keylogger 0x1e67f:$string2: holdermail.txt 0x1e69f:$string2: holdermail.txt 0x1e5c1:$string3: wallet.dat 0x1e5d9:$string3: wallet.dat 0x1e5ef:$string3: wallet.dat 0x1f9bd:$string4: Keylog Records 0x1fcd5:$string4: Keylog Records 0x1fef1:$string5: do not script --> 0x1dc3d:$string6: \pidloc.txt 0x1dccb:$string7: BSPLIT 0x1dcdb:$string7: BSPLIT
27.2.hawkgoods.exe.a9fa72.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.a9fa72.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.2.hawkgoods.exe.a9fa72.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e2ee:$hawkstr1: HawkEye Keylogger 0x1f12f:$hawkstr1: HawkEye Keylogger 0x1f45e:$hawkstr1: HawkEye Keylogger 0x1f5b9:$hawkstr1: HawkEye Keylogger 0x1f71c:$hawkstr1: HawkEye Keylogger 0x1f995:$hawkstr1: HawkEye Keylogger 0x1de7c:$hawkstr2: Dear HawkEye Customers! 0x1f4b1:$hawkstr2: Dear HawkEye Customers! 0x1f608:$hawkstr2: Dear HawkEye Customers! 0x1f76f:$hawkstr2: Dear HawkEye Customers! 0x1df9d:$hawkstr3: HawkEye Logger Details:
8.2.Matiexgoods.exe.f9277c.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
27.2.hawkgoods.exe.41b7e00.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.7c90000.10.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.2.hawkgoods.exe.2f8208.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.2.hawkgoods.exe.2f8208.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
6.2.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.2.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.2.hawkgoods.exe.2f8208.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
28.0.origigoods40.exe.e20000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
6.2.hawkgoods.exe.2f0000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.2.hawkgoods.exe.2f0000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
6.2.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.2.hawkgoods.exe.2f0000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.2.hawkgoods.exe.2f0000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
34.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.2f8208.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.0.hawkgoods.exe.2f8208.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
6.0.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.0.hawkgoods.exe.2f8208.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.0.hawkgoods.exe.2f8208.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
6.2.hawkgoods.exe.3a40240.6.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
7.2.origigoods40.exe.c30000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
30.2.Matiexgoods.exe.bd0000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
31.0.origigoods20.exe.720000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79ac7:$key: HawkEyeKeylogger 0x7bd0b:$salt: 099u787978786 0x7a108:$string1: HawkEye_Keylogger 0x7af5b:$string1: HawkEye_Keylogger 0x7bc6b:$string1: HawkEye_Keylogger 0x7a4f1:$string2: holdermail.txt 0x7a511:$string2: holdermail.txt 0x7a433:$string3: wallet.dat 0x7a44b:$string3: wallet.dat 0x7a461:$string3: wallet.dat 0x7b82f:$string4: Keylog Records 0x7bb47:$string4: Keylog Records 0x7bd63:$string5: do not script --> 0x79aaf:$string6: \pidloc.txt 0x79b3d:$string7: BSPLIT 0x79b4d:$string7: BSPLIT
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a160:$hawkstr1: HawkEye Keylogger 0x7afa1:$hawkstr1: HawkEye Keylogger 0x7b2d0:$hawkstr1: HawkEye Keylogger 0x7b42b:$hawkstr1: HawkEye Keylogger 0x7b58e:$hawkstr1: HawkEye Keylogger 0x7b807:$hawkstr1: HawkEye Keylogger 0x79cee:$hawkstr2: Dear HawkEye Customers! 0x7b323:$hawkstr2: Dear HawkEye Customers! 0x7b47a:$hawkstr2: Dear HawkEye Customers! 0x7b5e1:$hawkstr2: Dear HawkEye Customers! 0x79e0f:$hawkstr3: HawkEye Logger Details:
8.0.Matiexgoods.exe.f9277c.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
5.2.RegAsm.exe.4031bf.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
5.2.RegAsm.exe.4031bf.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
5.2.RegAsm.exe.4031bf.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
5.2.RegAsm.exe.4031bf.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
5.2.RegAsm.exe.4031bf.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
5.2.RegAsm.exe.4031bf.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
5.2.RegAsm.exe.4031bf.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
5.2.RegAsm.exe.40afcc.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.7f40000.11.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
8.0.Matiexgoods.exe.f70000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
26.2.RegAsm.exe.40afcc.3.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
35.2.vbc.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.2.hawkgoods.exe.3a27e00.7.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a40000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
27.0.hawkgoods.exe.a40000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
27.0.hawkgoods.exe.a40000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a40000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.0.hawkgoods.exe.a40000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.0.hawkgoods.exe.a40000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
5.2.RegAsm.exe.4031bf.1.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
5.2.RegAsm.exe.4031bf.1.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79ac7:$key: HawkEyeKeylogger 0x7bd0b:$salt: 099u787978786 0x7a108:$string1: HawkEye_Keylogger 0x7af5b:$string1: HawkEye_Keylogger 0x7bc6b:$string1: HawkEye_Keylogger 0x7a4f1:$string2: holdermail.txt 0x7a511:$string2: holdermail.txt 0x7a433:$string3: wallet.dat 0x7a44b:$string3: wallet.dat 0x7a461:$string3: wallet.dat 0x7b82f:$string4: Keylog Records 0x7bb47:$string4: Keylog Records 0x7bd63:$string5: do not script --> 0x79aaf:$string6: \pidloc.txt 0x79b3d:$string7: BSPLIT 0x79b4d:$string7: BSPLIT
5.2.RegAsm.exe.4031bf.1.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
5.2.RegAsm.exe.4031bf.1.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
5.2.RegAsm.exe.4031bf.1.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
5.2.RegAsm.exe.4031bf.1.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a160:$hawkstr1: HawkEye Keylogger 0x7afa1:$hawkstr1: HawkEye Keylogger 0x7b2d0:$hawkstr1: HawkEye Keylogger 0x7b42b:$hawkstr1: HawkEye Keylogger 0x7b58e:$hawkstr1: HawkEye Keylogger 0x7b807:$hawkstr1: HawkEye Keylogger 0x79cee:$hawkstr2: Dear HawkEye Customers! 0x7b323:$hawkstr2: Dear HawkEye Customers! 0x7b47a:$hawkstr2: Dear HawkEye Customers! 0x7b5e1:$hawkstr2: Dear HawkEye Customers! 0x79e0f:$hawkstr3: HawkEye Logger Details:
34.2.vbc.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.0.hawkgoods.exe.a49c0d.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a48208.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
27.2.hawkgoods.exe.a48208.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
27.2.hawkgoods.exe.a48208.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
27.2.hawkgoods.exe.a48208.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.2.hawkgoods.exe.a48208.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.a48208.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
18.2.vbc.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
27.2.hawkgoods.exe.31f8c9c.5.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
6.0.hawkgoods.exe.2f9c0d.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
17.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x5623:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x79ac7:$key: HawkEyeKeylogger 0x7bd0b:$salt: 099u787978786 0x7a108:$string1: HawkEye_Keylogger 0x7af5b:$string1: HawkEye_Keylogger 0x7bc6b:$string1: HawkEye_Keylogger 0x7a4f1:$string2: holdermail.txt 0x7a511:$string2: holdermail.txt 0x7a433:$string3: wallet.dat 0x7a44b:$string3: wallet.dat 0x7a461:$string3: wallet.dat 0x7b82f:$string4: Keylog Records 0x7bb47:$string4: Keylog Records 0x7bd63:$string5: do not script --> 0x79aaf:$string6: \pidloc.txt 0x79b3d:$string7: BSPLIT 0x79b4d:$string7: BSPLIT
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7a160:$hawkstr1: HawkEye Keylogger 0x7afa1:$hawkstr1: HawkEye Keylogger 0x7b2d0:$hawkstr1: HawkEye Keylogger 0x7b42b:$hawkstr1: HawkEye Keylogger 0x7b58e:$hawkstr1: HawkEye Keylogger 0x7b807:$hawkstr1: HawkEye Keylogger 0x79cee:$hawkstr2: Dear HawkEye Customers! 0x7b323:$hawkstr2: Dear HawkEye Customers! 0x7b47a:$hawkstr2: Dear HawkEye Customers! 0x7b5e1:$hawkstr2: Dear HawkEye Customers! 0x79e0f:$hawkstr3: HawkEye Logger Details:
30.2.Matiexgoods.exe.bf277c.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
26.2.RegAsm.exe.400000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x990e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
26.2.RegAsm.exe.400000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7ddb2:$key: HawkEyeKeylogger 0x7fff6:$salt: 099u787978786 0x7e3f3:$string1: HawkEye_Keylogger 0x7f246:$string1: HawkEye_Keylogger 0x7ff56:$string1: HawkEye_Keylogger 0x7e7dc:$string2: holdermail.txt 0x7e7fc:$string2: holdermail.txt 0x7e71e:$string3: wallet.dat 0x7e736:$string3: wallet.dat 0x7e74c:$string3: wallet.dat 0x7fb1a:$string4: Keylog Records 0x7fe32:$string4: Keylog Records 0x8004e:$string5: do not script --> 0x7dd9a:$string6: \pidloc.txt 0x7de28:$string7: BSPLIT 0x7de38:$string7: BSPLIT
26.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
26.2.RegAsm.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
26.2.RegAsm.exe.400000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
26.2.RegAsm.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.400000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e44b:$hawkstr1: HawkEye Keylogger 0x7f28c:$hawkstr1: HawkEye Keylogger 0x7f5bb:$hawkstr1: HawkEye Keylogger 0x7f716:$hawkstr1: HawkEye Keylogger 0x7f879:$hawkstr1: HawkEye Keylogger 0x7faf2:$hawkstr1: HawkEye Keylogger 0x7dfd9:$hawkstr2: Dear HawkEye Customers! 0x7f60e:$hawkstr2: Dear HawkEye Customers! 0x7f765:$hawkstr2: Dear HawkEye Customers! 0x7f8cc:$hawkstr2: Dear HawkEye Customers! 0x7e0fa:$hawkstr3: HawkEye Logger Details:
27.2.hawkgoods.exe.a49c0d.2.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
18.2.vbc.exe.400000.0.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
30.0.Matiexgoods.exe.bf277c.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
6.2.hawkgoods.exe.34fa72.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x1dc55:$key: HawkEyeKeylogger 0x1fe99:$salt: 099u787978786 0x1e296:$string1: HawkEye_Keylogger 0x1f0e9:$string1: HawkEye_Keylogger 0x1fdf9:$string1: HawkEye_Keylogger 0x1e67f:$string2: holdermail.txt 0x1e69f:$string2: holdermail.txt 0x1e5c1:$string3: wallet.dat 0x1e5d9:$string3: wallet.dat 0x1e5ef:$string3: wallet.dat 0x1f9bd:$string4: Keylog Records 0x1fcd5:$string4: Keylog Records 0x1fef1:$string5: do not script --> 0x1dc3d:$string6: \pidloc.txt 0x1dccb:$string7: BSPLIT 0x1dcdb:$string7: BSPLIT
6.2.hawkgoods.exe.34fa72.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
6.2.hawkgoods.exe.34fa72.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.2.hawkgoods.exe.34fa72.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1e2ee:$hawkstr1: HawkEye Keylogger 0x1f12f:$hawkstr1: HawkEye Keylogger 0x1f45e:$hawkstr1: HawkEye Keylogger 0x1f5b9:$hawkstr1: HawkEye Keylogger 0x1f71c:$hawkstr1: HawkEye Keylogger 0x1f995:$hawkstr1: HawkEye Keylogger 0x1de7c:$hawkstr2: Dear HawkEye Customers! 0x1f4b1:$hawkstr2: Dear HawkEye Customers! 0x1f608:$hawkstr2: Dear HawkEye Customers! 0x1f76f:$hawkstr2: Dear HawkEye Customers! 0x1df9d:$hawkstr3: HawkEye Logger Details:
26.2.RegAsm.exe.4095c7.1.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
26.2.RegAsm.exe.4095c7.1.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
26.2.RegAsm.exe.4095c7.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
26.2.RegAsm.exe.4095c7.1.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
26.2.RegAsm.exe.4095c7.1.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
26.2.RegAsm.exe.4095c7.1.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.4095c7.1.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
5.2.RegAsm.exe.4095c7.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
5.2.RegAsm.exe.4095c7.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x754bf:$key: HawkEyeKeylogger 0x77703:$salt: 099u787978786 0x75b00:$string1: HawkEye_Keylogger 0x76953:$string1: HawkEye_Keylogger 0x77663:$string1: HawkEye_Keylogger 0x75ee9:$string2: holdermail.txt 0x75f09:$string2: holdermail.txt 0x75e2b:$string3: wallet.dat 0x75e43:$string3: wallet.dat 0x75e59:$string3: wallet.dat 0x77227:$string4: Keylog Records 0x7753f:$string4: Keylog Records 0x7775b:$string5: do not script --> 0x754a7:$string6: \pidloc.txt 0x75535:$string7: BSPLIT 0x75545:$string7: BSPLIT
5.2.RegAsm.exe.4095c7.2.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
5.2.RegAsm.exe.4095c7.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
5.2.RegAsm.exe.4095c7.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
5.2.RegAsm.exe.4095c7.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
5.2.RegAsm.exe.4095c7.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x75b58:$hawkstr1: HawkEye Keylogger 0x76999:$hawkstr1: HawkEye Keylogger 0x76cc8:$hawkstr1: HawkEye Keylogger 0x76e23:$hawkstr1: HawkEye Keylogger 0x76f86:$hawkstr1: HawkEye Keylogger 0x771ff:$hawkstr1: HawkEye Keylogger 0x756e6:$hawkstr2: Dear HawkEye Customers! 0x76d1b:$hawkstr2: Dear HawkEye Customers! 0x76e72:$hawkstr2: Dear HawkEye Customers! 0x76fd9:$hawkstr2: Dear HawkEye Customers! 0x75807:$hawkstr3: HawkEye Logger Details:
5.2.RegAsm.exe.40afcc.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
5.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
5.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
5.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
5.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
5.2.RegAsm.exe.40afcc.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
6.2.hawkgoods.exe.2a689b0.5.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
5.2.RegAsm.exe.400000.0.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x990e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
5.2.RegAsm.exe.400000.0.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7ddb2:$key: HawkEyeKeylogger 0x7fff6:$salt: 099u787978786 0x7e3f3:$string1: HawkEye_Keylogger 0x7f246:$string1: HawkEye_Keylogger 0x7ff56:$string1: HawkEye_Keylogger 0x7e7dc:$string2: holdermail.txt 0x7e7fc:$string2: holdermail.txt 0x7e71e:$string3: wallet.dat 0x7e736:$string3: wallet.dat 0x7e74c:$string3: wallet.dat 0x7fb1a:$string4: Keylog Records 0x7fe32:$string4: Keylog Records 0x8004e:$string5: do not script --> 0x7dd9a:$string6: \pidloc.txt 0x7de28:$string7: BSPLIT 0x7de38:$string7: BSPLIT
5.2.RegAsm.exe.400000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
5.2.RegAsm.exe.400000.0.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
5.2.RegAsm.exe.400000.0.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
5.2.RegAsm.exe.400000.0.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
5.2.RegAsm.exe.400000.0.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e44b:$hawkstr1: HawkEye Keylogger 0x7f28c:$hawkstr1: HawkEye Keylogger 0x7f5bb:$hawkstr1: HawkEye Keylogger 0x7f716:$hawkstr1: HawkEye Keylogger 0x7f879:$hawkstr1: HawkEye Keylogger 0x7faf2:$hawkstr1: HawkEye Keylogger 0x7dfd9:$hawkstr2: Dear HawkEye Customers! 0x7f60e:$hawkstr2: Dear HawkEye Customers! 0x7f765:$hawkstr2: Dear HawkEye Customers! 0x7f8cc:$hawkstr2: Dear HawkEye Customers! 0x7e0fa:$hawkstr3: HawkEye Logger Details:
26.2.RegAsm.exe.40afcc.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x73aba:$key: HawkEyeKeylogger 0x75cfe:$salt: 099u787978786 0x740fb:$string1: HawkEye_Keylogger 0x74f4e:$string1: HawkEye_Keylogger 0x75c5e:$string1: HawkEye_Keylogger 0x744e4:$string2: holdermail.txt 0x74504:$string2: holdermail.txt 0x74426:$string3: wallet.dat 0x7443e:$string3: wallet.dat 0x74454:$string3: wallet.dat 0x75822:$string4: Keylog Records 0x75b3a:$string4: Keylog Records 0x75d56:$string5: do not script --> 0x73aa2:$string6: \pidloc.txt 0x73b30:$string7: BSPLIT 0x73b40:$string7: BSPLIT
26.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
26.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
26.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
26.2.RegAsm.exe.40afcc.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.40afcc.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x74153:$hawkstr1: HawkEye Keylogger 0x74f94:$hawkstr1: HawkEye Keylogger 0x752c3:$hawkstr1: HawkEye Keylogger 0x7541e:$hawkstr1: HawkEye Keylogger 0x75581:$hawkstr1: HawkEye Keylogger 0x757fa:$hawkstr1: HawkEye Keylogger 0x73ce1:$hawkstr2: Dear HawkEye Customers! 0x75316:$hawkstr2: Dear HawkEye Customers! 0x7546d:$hawkstr2: Dear HawkEye Customers! 0x755d4:$hawkstr2: Dear HawkEye Customers! 0x73e02:$hawkstr3: HawkEye Logger Details:
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x890e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7cdb2:$key: HawkEyeKeylogger 0x7eff6:$salt: 099u787978786 0x7d3f3:$string1: HawkEye_Keylogger 0x7e246:$string1: HawkEye_Keylogger 0x7ef56:$string1: HawkEye_Keylogger 0x7d7dc:$string2: holdermail.txt 0x7d7fc:$string2: holdermail.txt 0x7d71e:$string3: wallet.dat 0x7d736:$string3: wallet.dat 0x7d74c:$string3: wallet.dat 0x7eb1a:$string4: Keylog Records 0x7ee32:$string4: Keylog Records 0x7f04e:$string5: do not script --> 0x7cd9a:$string6: \pidloc.txt 0x7ce28:$string7: BSPLIT 0x7ce38:$string7: BSPLIT
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7d44b:$hawkstr1: HawkEye Keylogger 0x7e28c:$hawkstr1: HawkEye Keylogger 0x7e5bb:$hawkstr1: HawkEye Keylogger 0x7e716:$hawkstr1: HawkEye Keylogger 0x7e879:$hawkstr1: HawkEye Keylogger 0x7eaf2:$hawkstr1: HawkEye Keylogger 0x7cfd9:$hawkstr2: Dear HawkEye Customers! 0x7e60e:$hawkstr2: Dear HawkEye Customers! 0x7e765:$hawkstr2: Dear HawkEye Customers! 0x7e8cc:$hawkstr2: Dear HawkEye Customers! 0x7d0fa:$hawkstr3: HawkEye Logger Details:
26.2.RegAsm.exe.4031bf.2.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
26.2.RegAsm.exe.4031bf.2.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x7c233:$string3: wallet.dat 0x7c24b:$string3: wallet.dat 0x7c261:$string3: wallet.dat 0x7d62f:$string4: Keylog Records 0x7d947:$string4: Keylog Records 0x7db63:$string5: do not script --> 0x7b8af:$string6: \pidloc.txt 0x7b93d:$string7: BSPLIT 0x7b94d:$string7: BSPLIT
26.2.RegAsm.exe.4031bf.2.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
27.2.hawkgoods.exe.31d8e20.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x20e97:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
27.2.hawkgoods.exe.31d8e20.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x5360:$key: HawkEyeKeylogger 0x5a50:$salt: 099u787978786 0x1a7ac:$string1: HawkEye_Keylogger 0x1fb80:$string1: HawkEye_Keylogger 0x1d434:$string2: holdermail.txt 0x1d464:$string2: holdermail.txt 0x1b38e:$string3: wallet.dat 0x1b3b6:$string3: wallet.dat 0x1b3dc:$string3: wallet.dat 0x1c6f0:$string4: Keylog Records 0x1ca26:$string4: Keylog Records 0xa0d4:$string5: do not script --> 0x5338:$string6: \pidloc.txt 0x5440:$string7: BSPLIT 0x5460:$string7: BSPLIT
27.2.hawkgoods.exe.31d8e20.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
27.2.hawkgoods.exe.31d8e20.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1a83c:$hawkstr1: HawkEye Keylogger 0x1b680:$hawkstr1: HawkEye Keylogger 0x1ba6c:$hawkstr1: HawkEye Keylogger 0x1c6c8:$hawkstr1: HawkEye Keylogger 0x1fbd8:$hawkstr1: HawkEye Keylogger 0x2d744:$hawkstr1: HawkEye Keylogger 0x1a2b4:$hawkstr2: Dear HawkEye Customers! 0x1b6e4:$hawkstr2: Dear HawkEye Customers! 0x1bad0:$hawkstr2: Dear HawkEye Customers! 0x2d7a4:$hawkstr2: Dear HawkEye Customers! 0x1a3e6:$hawkstr3: HawkEye Logger Details:
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x890e:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7cdb2:$key: HawkEyeKeylogger 0x7eff6:$salt: 099u787978786 0x7d3f3:$string1: HawkEye_Keylogger 0x7e246:$string1: HawkEye_Keylogger 0x7ef56:$string1: HawkEye_Keylogger 0x7d7dc:$string2: holdermail.txt 0x7d7fc:$string2: holdermail.txt 0x7d71e:$string3: wallet.dat 0x7d736:$string3: wallet.dat 0x7d74c:$string3: wallet.dat 0x7eb1a:$string4: Keylog Records 0x7ee32:$string4: Keylog Records 0x7f04e:$string5: do not script --> 0x7cd9a:$string6: \pidloc.txt 0x7ce28:$string7: BSPLIT 0x7ce38:$string7: BSPLIT
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7d44b:$hawkstr1: HawkEye Keylogger 0x7e28c:$hawkstr1: HawkEye Keylogger 0x7e5bb:$hawkstr1: HawkEye Keylogger 0x7e716:$hawkstr1: HawkEye Keylogger 0x7e879:$hawkstr1: HawkEye Keylogger 0x7eaf2:$hawkstr1: HawkEye Keylogger 0x7cfd9:$hawkstr2: Dear HawkEye Customers! 0x7e60e:$hawkstr2: Dear HawkEye Customers! 0x7e765:$hawkstr2: Dear HawkEye Customers! 0x7e8cc:$hawkstr2: Dear HawkEye Customers! 0x7d0fa:$hawkstr3: HawkEye Logger Details:
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x95e2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x16a612:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x2c9632:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7da86:$key: HawkEyeKeylogger 0x1deab6:$key: HawkEyeKeylogger 0x33dad6:$key: HawkEyeKeylogger 0x7fcca:$salt: 099u787978786 0x1e0cfa:$salt: 099u787978786 0x33fd1a:$salt: 099u787978786 0x7e0c7:$string1: HawkEye_Keylogger 0x7ef1a:$string1: HawkEye_Keylogger 0x7fc2a:$string1: HawkEye_Keylogger 0x1df0f7:$string1: HawkEye_Keylogger 0x1dff4a:$string1: HawkEye_Keylogger 0x1e0c5a:$string1: HawkEye_Keylogger 0x33e117:$string1: HawkEye_Keylogger 0x33ef6a:$string1: HawkEye_Keylogger 0x33fc7a:$string1: HawkEye_Keylogger 0x7e4b0:$string2: holdermail.txt 0x7e4d0:$string2: holdermail.txt 0x1df4e0:$string2: holdermail.txt 0x1df500:$string2: holdermail.txt 0x33e500:$string2: holdermail.txt 0x33e520:$string2: holdermail.txt
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e11f:$hawkstr1: HawkEye Keylogger 0x7ef60:$hawkstr1: HawkEye Keylogger 0x7f28f:$hawkstr1: HawkEye Keylogger 0x7f3ea:$hawkstr1: HawkEye Keylogger 0x7f54d:$hawkstr1: HawkEye Keylogger 0x7f7c6:$hawkstr1: HawkEye Keylogger 0x1df14f:$hawkstr1: HawkEye Keylogger 0x1dff90:$hawkstr1: HawkEye Keylogger 0x1e02bf:$hawkstr1: HawkEye Keylogger 0x1e041a:$hawkstr1: HawkEye Keylogger 0x1e057d:$hawkstr1: HawkEye Keylogger 0x1e07f6:$hawkstr1: HawkEye Keylogger 0x33e16f:$hawkstr1: HawkEye Keylogger 0x33efb0:$hawkstr1: HawkEye Keylogger 0x33f2df:$hawkstr1: HawkEye Keylogger 0x33f43a:$hawkstr1: HawkEye Keylogger 0x33f59d:$hawkstr1: HawkEye Keylogger 0x33f816:$hawkstr1: HawkEye Keylogger 0x7dcad:$hawkstr2: Dear HawkEye Customers! 0x7f2e2:$hawkstr2: Dear HawkEye Customers! 0x7f439:$hawkstr2: Dear HawkEye Customers!
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x168453:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x2c7473:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x1dc8f7:$key: HawkEyeKeylogger 0x33b917:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x1deb3b:$salt: 099u787978786 0x33db5b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x1dcf38:$string1: HawkEye_Keylogger 0x1ddd8b:$string1: HawkEye_Keylogger 0x1dea9b:$string1: HawkEye_Keylogger 0x33bf58:$string1: HawkEye_Keylogger 0x33cdab:$string1: HawkEye_Keylogger 0x33dabb:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x1dd321:$string2: holdermail.txt 0x1dd341:$string2: holdermail.txt 0x33c341:$string2: holdermail.txt 0x33c361:$string2: holdermail.txt
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x1dcf90:$hawkstr1: HawkEye Keylogger 0x1dddd1:$hawkstr1: HawkEye Keylogger 0x1de100:$hawkstr1: HawkEye Keylogger 0x1de25b:$hawkstr1: HawkEye Keylogger 0x1de3be:$hawkstr1: HawkEye Keylogger 0x1de637:$hawkstr1: HawkEye Keylogger 0x33bfb0:$hawkstr1: HawkEye Keylogger 0x33cdf1:$hawkstr1: HawkEye Keylogger 0x33d120:$hawkstr1: HawkEye Keylogger 0x33d27b:$hawkstr1: HawkEye Keylogger 0x33d3de:$hawkstr1: HawkEye Keylogger 0x33d657:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers!
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x7423:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x168453:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x2c7473:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x2f6e52:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x457e82:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x5b6ea2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x36b2f6:$key: HawkEyeKeylogger 0x4cc326:$key: HawkEyeKeylogger 0x62b346:$key: HawkEyeKeylogger 0x36d53a:$salt: 099u787978786 0x4ce56a:$salt: 099u787978786 0x62d58a:$salt: 099u787978786 0x36b937:$string1: HawkEye_Keylogger 0x36c78a:$string1: HawkEye_Keylogger 0x36d49a:$string1: HawkEye_Keylogger 0x4cc967:$string1: HawkEye_Keylogger 0x4cd7ba:$string1: HawkEye_Keylogger 0x4ce4ca:$string1: HawkEye_Keylogger 0x62b987:$string1: HawkEye_Keylogger 0x62c7da:$string1: HawkEye_Keylogger 0x62d4ea:$string1: HawkEye_Keylogger 0x36bd20:$string2: holdermail.txt 0x36bd40:$string2: holdermail.txt 0x4ccd50:$string2: holdermail.txt 0x4ccd70:$string2: holdermail.txt 0x62bd70:$string2: holdermail.txt 0x62bd90:$string2: holdermail.txt
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x36b98f:$hawkstr1: HawkEye Keylogger 0x36c7d0:$hawkstr1: HawkEye Keylogger 0x36caff:$hawkstr1: HawkEye Keylogger 0x36cc5a:$hawkstr1: HawkEye Keylogger 0x36cdbd:$hawkstr1: HawkEye Keylogger 0x36d036:$hawkstr1: HawkEye Keylogger 0x4cc9bf:$hawkstr1: HawkEye Keylogger 0x4cd800:$hawkstr1: HawkEye Keylogger 0x4cdb2f:$hawkstr1: HawkEye Keylogger 0x4cdc8a:$hawkstr1: HawkEye Keylogger 0x4cdded:$hawkstr1: HawkEye Keylogger 0x4ce066:$hawkstr1: HawkEye Keylogger 0x62b9df:$hawkstr1: HawkEye Keylogger 0x62c820:$hawkstr1: HawkEye Keylogger 0x62cb4f:$hawkstr1: HawkEye Keylogger 0x62ccaa:$hawkstr1: HawkEye Keylogger 0x62ce0d:$hawkstr1: HawkEye Keylogger 0x62d086:$hawkstr1: HawkEye Keylogger 0x36b51d:$hawkstr2: Dear HawkEye Customers! 0x36cb52:$hawkstr2: Dear HawkEye Customers! 0x36cca9:$hawkstr2: Dear HawkEye Customers!
26.2.RegAsm.exe.4031bf.2.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
26.2.RegAsm.exe.4031bf.2.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
26.2.RegAsm.exe.4031bf.2.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
26.2.RegAsm.exe.4031bf.2.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers! 0x7d3e1:$hawkstr2: Dear HawkEye Customers! 0x7bc0f:$hawkstr3: HawkEye Logger Details:
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7b8c7:$key: HawkEyeKeylogger 0x1dc8f7:$key: HawkEyeKeylogger 0x33b917:$key: HawkEyeKeylogger 0x7db0b:$salt: 099u787978786 0x1deb3b:$salt: 099u787978786 0x33db5b:$salt: 099u787978786 0x7bf08:$string1: HawkEye_Keylogger 0x7cd5b:$string1: HawkEye_Keylogger 0x7da6b:$string1: HawkEye_Keylogger 0x1dcf38:$string1: HawkEye_Keylogger 0x1ddd8b:$string1: HawkEye_Keylogger 0x1dea9b:$string1: HawkEye_Keylogger 0x33bf58:$string1: HawkEye_Keylogger 0x33cdab:$string1: HawkEye_Keylogger 0x33dabb:$string1: HawkEye_Keylogger 0x7c2f1:$string2: holdermail.txt 0x7c311:$string2: holdermail.txt 0x1dd321:$string2: holdermail.txt 0x1dd341:$string2: holdermail.txt 0x33c341:$string2: holdermail.txt 0x33c361:$string2: holdermail.txt
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7bf60:$hawkstr1: HawkEye Keylogger 0x7cda1:$hawkstr1: HawkEye Keylogger 0x7d0d0:$hawkstr1: HawkEye Keylogger 0x7d22b:$hawkstr1: HawkEye Keylogger 0x7d38e:$hawkstr1: HawkEye Keylogger 0x7d607:$hawkstr1: HawkEye Keylogger 0x1dcf90:$hawkstr1: HawkEye Keylogger 0x1dddd1:$hawkstr1: HawkEye Keylogger 0x1de100:$hawkstr1: HawkEye Keylogger 0x1de25b:$hawkstr1: HawkEye Keylogger 0x1de3be:$hawkstr1: HawkEye Keylogger 0x1de637:$hawkstr1: HawkEye Keylogger 0x33bfb0:$hawkstr1: HawkEye Keylogger 0x33cdf1:$hawkstr1: HawkEye Keylogger 0x33d120:$hawkstr1: HawkEye Keylogger 0x33d27b:$hawkstr1: HawkEye Keylogger 0x33d3de:$hawkstr1: HawkEye Keylogger 0x33d657:$hawkstr1: HawkEye Keylogger 0x7baee:$hawkstr2: Dear HawkEye Customers! 0x7d123:$hawkstr2: Dear HawkEye Customers! 0x7d27a:$hawkstr2: Dear HawkEye Customers!
6.2.hawkgoods.exe.2a48e20.4.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x101b:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x20bab:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
6.2.hawkgoods.exe.2a48e20.4.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x5178:$key: HawkEyeKeylogger 0x57c8:$salt: 099u787978786 0x1a2cc:$string1: HawkEye_Keylogger 0x1f894:$string1: HawkEye_Keylogger 0x1d1fc:$string2: holdermail.txt 0x1d22c:$string2: holdermail.txt 0x1b65a:$string3: wallet.dat 0x1b682:$string3: wallet.dat 0x1b6a8:$string3: wallet.dat 0x1c6f8:$string4: Keylog Records 0x1ca2e:$string4: Keylog Records 0x9e4c:$string5: do not script --> 0x5150:$string6: \pidloc.txt 0x5258:$string7: BSPLIT 0x5278:$string7: BSPLIT
6.2.hawkgoods.exe.2a48e20.4.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
6.2.hawkgoods.exe.2a48e20.4.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x1a35c:$hawkstr1: HawkEye Keylogger 0x1b918:$hawkstr1: HawkEye Keylogger 0x1bcb0:$hawkstr1: HawkEye Keylogger 0x1c6d0:$hawkstr1: HawkEye Keylogger 0x1f8ec:$hawkstr1: HawkEye Keylogger 0xbfe14:$hawkstr1: HawkEye Keylogger 0x19dd4:$hawkstr2: Dear HawkEye Customers! 0x1b97c:$hawkstr2: Dear HawkEye Customers! 0x1bd14:$hawkstr2: Dear HawkEye Customers! 0xbfe74:$hawkstr2: Dear HawkEye Customers! 0x19f06:$hawkstr3: HawkEye Logger Details:
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x2f6e52:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x457e82:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x5b6ea2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x36b2f6:$key: HawkEyeKeylogger 0x4cc326:$key: HawkEyeKeylogger 0x62b346:$key: HawkEyeKeylogger 0x36d53a:$salt: 099u787978786 0x4ce56a:$salt: 099u787978786 0x62d58a:$salt: 099u787978786 0x36b937:$string1: HawkEye_Keylogger 0x36c78a:$string1: HawkEye_Keylogger 0x36d49a:$string1: HawkEye_Keylogger 0x4cc967:$string1: HawkEye_Keylogger 0x4cd7ba:$string1: HawkEye_Keylogger 0x4ce4ca:$string1: HawkEye_Keylogger 0x62b987:$string1: HawkEye_Keylogger 0x62c7da:$string1: HawkEye_Keylogger 0x62d4ea:$string1: HawkEye_Keylogger 0x36bd20:$string2: holdermail.txt 0x36bd40:$string2: holdermail.txt 0x4ccd50:$string2: holdermail.txt 0x4ccd70:$string2: holdermail.txt 0x62bd70:$string2: holdermail.txt 0x62bd90:$string2: holdermail.txt
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x36b98f:$hawkstr1: HawkEye Keylogger 0x36c7d0:$hawkstr1: HawkEye Keylogger 0x36caff:$hawkstr1: HawkEye Keylogger 0x36cc5a:$hawkstr1: HawkEye Keylogger 0x36cdbd:$hawkstr1: HawkEye Keylogger 0x36d036:$hawkstr1: HawkEye Keylogger 0x4cc9bf:$hawkstr1: HawkEye Keylogger 0x4cd800:$hawkstr1: HawkEye Keylogger 0x4cdb2f:$hawkstr1: HawkEye Keylogger 0x4cdc8a:$hawkstr1: HawkEye Keylogger 0x4cdded:$hawkstr1: HawkEye Keylogger 0x4ce066:$hawkstr1: HawkEye Keylogger 0x62b9df:$hawkstr1: HawkEye Keylogger 0x62c820:$hawkstr1: HawkEye Keylogger 0x62cb4f:$hawkstr1: HawkEye Keylogger 0x62ccaa:$hawkstr1: HawkEye Keylogger 0x62ce0d:$hawkstr1: HawkEye Keylogger 0x62d086:$hawkstr1: HawkEye Keylogger 0x36b51d:$hawkstr2: Dear HawkEye Customers! 0x36cb52:$hawkstr2: Dear HawkEye Customers! 0x36cca9:$hawkstr2: Dear HawkEye Customers!
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	HKTL_NET_GUID_Stealer	Detects c# red/black-team tools via typelibguid	Arnim Rupp	0x95e2:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x16a612:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df 0x2c9632:$typelibguid0: 8fcd4931-91a2-4e18-849b-70de34ab75df
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	RAT_HawkEye	Detects HawkEye RAT	Kevin Breen <kevin@techanarchy.net>	0x7da86:$key: HawkEyeKeylogger 0x1deab6:$key: HawkEyeKeylogger 0x33dad6:$key: HawkEyeKeylogger 0x7fcca:$salt: 099u787978786 0x1e0cfa:$salt: 099u787978786 0x33fd1a:$salt: 099u787978786 0x7e0c7:$string1: HawkEye_Keylogger 0x7ef1a:$string1: HawkEye_Keylogger 0x7fc2a:$string1: HawkEye_Keylogger 0x1df0f7:$string1: HawkEye_Keylogger 0x1dff4a:$string1: HawkEye_Keylogger 0x1e0c5a:$string1: HawkEye_Keylogger 0x33e117:$string1: HawkEye_Keylogger 0x33ef6a:$string1: HawkEye_Keylogger 0x33fc7a:$string1: HawkEye_Keylogger 0x7e4b0:$string2: holdermail.txt 0x7e4d0:$string2: holdermail.txt 0x1df4e0:$string2: holdermail.txt 0x1df500:$string2: holdermail.txt 0x33e500:$string2: holdermail.txt 0x33e520:$string2: holdermail.txt
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	JoeSecurity_MailPassView	Yara detected MailPassView	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	JoeSecurity_HawkEye	Yara detected HawkEye Keylogger	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	JoeSecurity_WebBrowserPassView	Yara detected WebBrowserPassView password recovery tool	Joe Security
0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack	Hawkeye	detect HawkEye in memory	JPCERT/CC Incident Response Group	0x7e11f:$hawkstr1: HawkEye Keylogger 0x7ef60:$hawkstr1: HawkEye Keylogger 0x7f28f:$hawkstr1: HawkEye Keylogger 0x7f3ea:$hawkstr1: HawkEye Keylogger 0x7f54d:$hawkstr1: HawkEye Keylogger 0x7f7c6:$hawkstr1: HawkEye Keylogger 0x1df14f:$hawkstr1: HawkEye Keylogger 0x1dff90:$hawkstr1: HawkEye Keylogger 0x1e02bf:$hawkstr1: HawkEye Keylogger 0x1e041a:$hawkstr1: HawkEye Keylogger 0x1e057d:$hawkstr1: HawkEye Keylogger 0x1e07f6:$hawkstr1: HawkEye Keylogger 0x33e16f:$hawkstr1: HawkEye Keylogger 0x33efb0:$hawkstr1: HawkEye Keylogger 0x33f2df:$hawkstr1: HawkEye Keylogger 0x33f43a:$hawkstr1: HawkEye Keylogger 0x33f59d:$hawkstr1: HawkEye Keylogger 0x33f816:$hawkstr1: HawkEye Keylogger 0x7dcad:$hawkstr2: Dear HawkEye Customers! 0x7f2e2:$hawkstr2: Dear HawkEye Customers! 0x7f439:$hawkstr2: Dear HawkEye Customers!
Click to see the 271 entries

Sigma Overview

System Summary:

Sigma detected: Capture Wi-Fi password

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0, ParentImage: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe, ParentProcessId: 6264, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 1744

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Avira: detection malicious, Label: TR/Spy.Gen8
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Avira: detection malicious, Label: TR/AD.MExecute.lzrac
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Avira: detection malicious, Label: SPR/Tool.MailPassView.473
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Avira: detection malicious, Label: TR/Spy.Gen8
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Avira: detection malicious, Label: TR/Redcap.jajcu

Found malware configuration

Show sources

Source: RegAsm.exe.4888.5.memstr	Malware Configuration Extractor: HawkEye {"Modules": ["WebBrowserPassView", "mailpv", "Mail PassView"], "Version": ""}
Source: hawkgoods.exe.3724.6.memstr	Malware Configuration Extractor: Agenttesla {"Username: ": "", "URL: ": "", "To: ": "", "ByHost: ": "smtp.privateemail.com:587", "Password: ": "", "From: ": ""}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Metadefender: Detection: 43%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	ReversingLabs: Detection: 89%
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Metadefender: Detection: 40%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	ReversingLabs: Detection: 85%
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Metadefender: Detection: 37%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	ReversingLabs: Detection: 82%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	ReversingLabs: Detection: 19%

Multi AV Scanner detection for submitted file

Show sources

Source: PO_Invoices_pdf.exe

ReversingLabs: Detection: 17%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: PO_Invoices_pdf.exe

Joe Sandbox ML: detected

Source: 30.0.Matiexgoods.exe.bd0000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 8.2.Matiexgoods.exe.f70000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 27.2.hawkgoods.exe.a40000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 27.2.hawkgoods.exe.a40000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 6.0.hawkgoods.exe.2f0000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 6.0.hawkgoods.exe.2f0000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 30.2.Matiexgoods.exe.bd0000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 26.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 26.2.RegAsm.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 26.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 26.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 26.2.RegAsm.exe.4031bf.2.unpack	Avira: Label: TR/Inject.vcoldi
Source: 8.0.Matiexgoods.exe.f70000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 5.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 5.2.RegAsm.exe.400000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 5.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/Redcap.jajcu
Source: 5.2.RegAsm.exe.400000.0.unpack	Avira: Label: TR/Spy.Gen8
Source: 6.2.hawkgoods.exe.2f0000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 6.2.hawkgoods.exe.2f0000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	Avira: Label: TR/Inject.vcoldi
Source: 27.0.hawkgoods.exe.a40000.0.unpack	Avira: Label: TR/AD.MExecute.lzrac
Source: 27.0.hawkgoods.exe.a40000.0.unpack	Avira: Label: SPR/Tool.MailPassView.473
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	Avira: Label: TR/Inject.vcoldi
Source: 5.2.RegAsm.exe.4031bf.1.unpack	Avira: Label: TR/Inject.vcoldi
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	Avira: Label: TR/Inject.vcoldi
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	Avira: Label: TR/Inject.vcoldi

Compliance:

Uses 32bit PE files

Show sources

Source: PO_Invoices_pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Uses insecure TLS / SSL version for HTTPS connection

Show sources

Source: unknown	HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.7:49733 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.7:49785 version: TLS 1.0

Uses new MSVCR Dlls

Show sources

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Contains modern PE file flags such as dynamic base (ASLR) or NX

Show sources

Source: PO_Invoices_pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Binary contains paths to debug symbols

Show sources

Source:	Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbHs source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: mscorlib.pdbTD~1\AppData\Local\Temp\hawkgoods.exeAAGZ source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdbm source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: RunPE.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277173827.00000000030A1000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: indows\mscorlib.pdbpdblib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: C:\Windows\mscorlib.pdbl source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\dll\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: symbols\dll\mscorlib.pdb7w source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: oC:\Windows\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp
Source:	Binary string: mscorrc.pdb source: hawkgoods.exe, 00000006.00000002.391117104.0000000004E20000.00000002.00000001.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp

Spreading:

Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	Binary or memory string: autorun.inf
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	Binary or memory string: [autorun]
Source: hawkgoods.exe	Binary or memory string: autorun.inf
Source: hawkgoods.exe	Binary or memory string: [autorun]

Software Vulnerabilities:

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B398B1
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then call 04B31B20h	6_2_04B392A6
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B392A6
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B314C0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B35CCE
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then mov esp, ebp	6_2_04B34830
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B3A03E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B3603C
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then jmp 04B31A73h	6_2_04B319B0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then call 04B31B20h	6_2_04B391BC
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B391BC
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then jmp 04B31A73h	6_2_04B319A0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B3A79F
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B317F8
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B3A937
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B30728
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B36711
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B35B70
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B3956B
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	6_2_04B39F54

Networking:

May check the online IP address of the machine

Show sources

Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: whatismyipaddress.com
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: checkip.dyndns.org

Source: global traffic

TCP traffic: 192.168.2.7:49741 -> 199.193.7.228:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 131.186.113.70 131.186.113.70

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic

TCP traffic: 192.168.2.7:49741 -> 199.193.7.228:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown	HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.7:49733 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.7:49785 version: TLS 1.0

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Code function: 6_2_00C6A14A recv,

6_2_00C6A14A

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: whatismyipaddress.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.facebook.com (Facebook)
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	String found in binary or memory: @nss3.dllSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\seamonkey.exe%programfiles%\Sea MonkeySOFTWARE\Mozillamozilla%s\binPathToExe%programfiles%\Mozilla FirefoxSELECT id, hostname, httpRealm, formSubmitURL, usernameField, passwordField, encryptedUsername, encryptedPassword FROM moz_logins.---signons.txtsignons2.txtsignons3.txtsignons.sqlitenetmsg.dllUnknown Error\Error %d: %seditkernel32.dll... open %2.2X %s (%s)Microsoft_WinInetMicrosoft_WinInet_u7@dllhost.exetaskhost.exetaskhostex.exebhvContainersContainerIdNameHistoryContainer_%I64dAccessCountCreationTimeExpiryTimeAccessedTimeModifiedTimeUrlEntryIDvisited:Microsoft\Windows\WebCache\WebCacheV01.datMicrosoft\Windows\WebCache\WebCacheV24.dat0123456789ABCDEFURL index.datSoftware\Microsoft\Internet Explorer\IntelliForms\Storage2https://www.google.com/accounts/serviceloginhttp://www.facebook.com/https://login.yahoo.com/config/login equals www.yahoo.com (Yahoo)
Source: hawkgoods.exe	String found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: vbc.exe, 00000012.00000003.306146332.000000000238B000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601453683&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=2055&id=264960&checkda=1https://login.live.com/login.srfhttps://www.google.com/chrome/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=7162084889081;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=7162084889081;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=5657692158540;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=5657692158540;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fabout:blankhttps://www.bing.com/orgid/idtoken/nosigninhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=351a037b-0597-47d9-b2c1-bfb1c870bba0&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%223B109BCA2CB841A781265B1D219195C1%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=
Source: vbc.exe, 00000012.00000003.306146332.000000000238B000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1601453683&rver=6.0.5286.0&wp=MBI_SSL&wreply=https:%2F%2fwww.bing.com%2Fsecure%2FPassport.aspx%3Fpopup%3D1%26ssl%3D1&lc=2055&id=264960&checkda=1https://login.live.com/login.srfhttps://www.google.com/chrome/https://www.microsoft.com/en-us/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edge/https://www.microsoft.com/en-us/welcomeie11/https://www.microsoft.com/en-us/edge?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/en-us/edgehttps://www.microsoft.com/edge/?form=MA13DL&OCID=MA13DLhttps://www.microsoft.com/edge/https://go.microsoft.com/fwlink/?LinkId=838604https://go.microsoft.com/fwlink/https://go.microsoft.com/fwlink/p/?LinkId=255141https://go.microsoft.com/fwlink/p/https://go.microsoft.com/fwlink/?LinkId=517287https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=7162084889081;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=2542116;cat=chom0;ord=7162084889081;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttps://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=5657692158540;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=clien612;cat=chromx;ord=1;num=5657692158540;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fthank-you.html%3Fstatcb%3D0%26installdataindex%3Dempty%26defaultbrowser%3D0https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2F?https://2542116.fls.doubleclick.net/activityi;src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fabout:blankhttps://www.bing.com/orgid/idtoken/nosigninhttps://www.bing.com/search?q=chrome+download&src=IE-SearchBox&FORM=IESR4A&pc=EUPP_https://www.bing.com/searchhttps://adservice.google.co.uk/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=2wg9g1;~oref=https%3A%2F%2Fwww.google.com%2Fchrome%2Fhttp://www.msn.com/?ocid=iehphttp://www.msn.com/http://www.msn.com/de-ch/?ocid=iehphttp://www.msn.com/de-ch/https://login.microsoftonline.com/common/oauth2/authorize?client_id=9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7&response_type=id_token&nonce=351a037b-0597-47d9-b2c1-bfb1c870bba0&redirect_uri=https%3a%2f%2fwww.bing.com%2forgid%2fidtoken%2fnosignin&scope=openid&response_mode=form_post&msafed=0&prompt=none&state=%7b%22ig%22%3a%223B109BCA2CB841A781265B1D219195C1%22%7dhttps://login.microsoftonline.com/common/oauth2/authorizehttps://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=

Source: unknown

DNS traffic detected: queries for: 69.170.12.0.in-addr.arpa

Source: origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	String found in binary or memory: http://DynDns.comDynDNS
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/HBFl
Source: Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: powershell.exe, 00000003.00000002.378127949.000000000088E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCodeSigningCA2.crl0r
Source: powershell.exe, 00000003.00000002.377998642.00000000007E6000.00000004.00000020.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Matiexgoods.exe, 00000008.00000002.694705884.0000000001823000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	String found in binary or memory: http://csARxe.com
Source: PO_Invoices_pdf.exe, 00000000.00000003.247874552.000000000654D000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://fontfabrik.com
Source: PO_Invoices_pdf.exe, 00000000.00000003.247874552.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.com(
Source: Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	String found in binary or memory: http://ns.ado/1
Source: Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.c/g
Source: Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	String found in binary or memory: http://ns.adobe.cobj
Source: powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp, Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: Matiexgoods.exe, 00000008.00000002.694705884.0000000001823000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pngL
Source: powershell.exe, 00000003.00000002.381287871.0000000004841000.00000004.00000001.sdmp, Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: PO_Invoices_pdf.exe, PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, powershell.exe, 00000003.00000003.370812465.0000000008DB1000.00000004.00000001.sdmp	String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	String found in binary or memory: http://whatismyipaddress.com
Source: hawkgoods.exe	String found in binary or memory: http://whatismyipaddress.com/
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	String found in binary or memory: http://whatismyipaddress.com/-
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlL
Source: PO_Invoices_pdf.exe, 00000000.00000003.250459528.0000000006513000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.com
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.como.
Source: PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.carterandcone.como.R
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comY
Source: PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.coma3
Source: PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comceto
Source: PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comdV
Source: PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comdsed
Source: PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comm
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.fonts.com
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PO_Invoices_pdf.exe, 00000000.00000003.249338917.0000000006516000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnR
Source: PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cnT
Source: PO_Invoices_pdf.exe, 00000000.00000003.249338917.0000000006516000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cniac
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PO_Invoices_pdf.exe, 00000000.00000003.256526982.0000000006539000.00000004.00000001.sdmp, PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.kr9
Source: PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.goodfont.co.krF
Source: PO_Invoices_pdf.exe, 00000000.00000003.250877364.0000000006512000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: PO_Invoices_pdf.exe, 00000000.00000003.250877364.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/l
Source: hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	String found in binary or memory: http://www.nirsoft.net/
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PO_Invoices_pdf.exe, 00000000.00000003.251741662.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com-mq
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.sandoll.co.krn-u
Source: hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	String found in binary or memory: http://www.site.com/logs.php
Source: hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.tiro.com
Source: PO_Invoices_pdf.exe, 00000000.00000003.249778536.0000000006512000.00000004.00000001.sdmp	String found in binary or memory: http://www.tiro.com-cz
Source: PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.net
Source: PO_Invoices_pdf.exe, 00000000.00000003.247998925.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.net-d
Source: PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.net-siu
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.typography.netD
Source: PO_Invoices_pdf.exe, 00000000.00000003.248099180.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netn
Source: PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	String found in binary or memory: http://www.typography.netx
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnaN
Source: vbc.exe, 00000012.00000003.306146332.000000000238B000.00000004.00000001.sdmp	String found in binary or memory: https://adservice.google.com/ddm/fls/i/src=2542116;type=chrom322;cat=chrom01g;ord=5723238221569;gtm=
Source: origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	String found in binary or memory: https://api.ipify.org%GETMozilla/5.0
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu
Source: powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	String found in binary or memory: https://contoso.com/License
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/Pester/PesterL
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26
Source: hawkgoods.exe	String found in binary or memory: https://login.yahoo.com/config/login
Source: powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: Matiexgoods.exe, 00000008.00000002.694705884.0000000001823000.00000004.00000020.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: hawkgoods.exe	String found in binary or memory: https://www.google.com/accounts/servicelogin
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp, origigoods40.exe	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: dropped/hawkgoods.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED
Source: Yara match	File source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Contains functionality to log keystrokes (.Net Source)

Show sources

Source: hawkgoods.exe.5.dr, Form1.cs	.Net Code: HookKeyboard
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: HookKeyboard
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: HookKeyboard

Installs a global keyboard hook

Show sources

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Windows user hook set: 0 keyboard low level C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Windows user hook set: 0 keyboard low level C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe

Source: PO_Invoices_pdf.exe, 00000000.00000002.275896420.0000000001448000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window created: window name: CLIPBRDWNDCLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Window created: window name: CLIPBRDWNDCLASS

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: dropped/hawkgoods.exe, type: DROPPED	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: dropped/hawkgoods.exe, type: DROPPED	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects HawkEye RAT Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE	Matched rule: detect HawkEye in memory Author: JPCERT/CC Incident Response Group

.NET source code contains very large array initializations

Show sources

Source: origigoods40.exe.5.dr, u003cPrivateImplementationDetailsu003eu007b772D8D2Cu002d540Eu002d45C7u002dB77Bu002d87944040F8A1u007d/u0033BD2C1DBu002d851Du002d4774u002dA593u002d2F90268EC16C.cs	Large array initialization: .cctor: array initializer size 11965
Source: 7.0.origigoods40.exe.c30000.0.unpack, u003cPrivateImplementationDetailsu003eu007b772D8D2Cu002d540Eu002d45C7u002dB77Bu002d87944040F8A1u007d/u0033BD2C1DBu002d851Du002d4774u002dA593u002d2F90268EC16C.cs	Large array initialization: .cctor: array initializer size 11965
Source: 7.2.origigoods40.exe.c30000.0.unpack, u003cPrivateImplementationDetailsu003eu007b772D8D2Cu002d540Eu002d45C7u002dB77Bu002d87944040F8A1u007d/u0033BD2C1DBu002d851Du002d4774u002dA593u002d2F90268EC16C.cs	Large array initialization: .cctor: array initializer size 11965

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample	Static PE information: Filename: PO_Invoices_pdf.exe
Source: initial sample	Static PE information: Filename: PO_Invoices_pdf.exe

Powershell drops PE file

Show sources

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B658C6 NtUnmapViewOfSection,	6_2_04B658C6
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B6581E NtQuerySystemInformation,	6_2_04B6581E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B6596E NtWriteVirtualMemory,	6_2_04B6596E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B657DA NtQuerySystemInformation,	6_2_04B657DA
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B65941 NtWriteVirtualMemory,	6_2_04B65941

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Code function: 0_2_02F7CC7C	0_2_02F7CC7C
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Code function: 0_2_07B81928	0_2_07B81928
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Code function: 0_2_07B82950	0_2_07B82950
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Code function: 0_2_07C493D8	0_2_07C493D8
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Code function: 0_2_07C47F80	0_2_07C47F80
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_0095CF58	3_2_0095CF58
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Code function: 3_2_0095CF38	3_2_0095CF38
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_002FD426	6_2_002FD426
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_002FD523	6_2_002FD523
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0030D5AE	6_2_0030D5AE
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00307646	6_2_00307646
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_003329BE	6_2_003329BE
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00336AF4	6_2_00336AF4
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0035ABFC	6_2_0035ABFC
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00353C4D	6_2_00353C4D
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00353CBE	6_2_00353CBE
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00353D2F	6_2_00353D2F
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_002FED03	6_2_002FED03
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00353DC0	6_2_00353DC0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0030AFA6	6_2_0030AFA6
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_002FCF92	6_2_002FCF92
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B36048	6_2_04B36048
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B38710	6_2_04B38710
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B35758	6_2_04B35758
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B37098	6_2_04B37098
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B37088	6_2_04B37088
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B31D98	6_2_04B31D98
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0032C7BC	6_2_0032C7BC
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Code function: 7_2_00C35804	7_2_00C35804
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Code function: 7_2_00C32296	7_2_00C32296
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Code function: 7_2_015146A0	7_2_015146A0
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Code function: 7_2_015145B0	7_2_015145B0
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Code function: 7_2_0151D300	7_2_0151D300

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 25ADE9899C000A27570B527CFFC938EC9626978219EC8A086082B113CBE4F492
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\hawkgoods.exe B3D02FD5C69293DB419AC03CDF6396BD5E7765682FB3B2390454D9A52BA2CA88
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\origigoods20.exe 1C7757EE223F2480FBC478AE2ECAF82E1D3C17F2E4D47581D3972416166C54AB
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\origigoods40.exe CFAD1E486666FF3FB042BA0E9967634DE1065F1BBD505C61B3295E55705A2A50

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Code function: String function: 0033BA9D appears 35 times

Source: unknown

Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2164

Source: PO_Invoices_pdf.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: I$s#$lT3ssl.exe.3.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hawkgoods.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hawkgoods.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: hawkgoods.exe.5.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: PO_Invoices_pdf.exe	Binary or memory string: OriginalFilename vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277173827.00000000030A1000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameRunPE.dll" vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameLoginForm.dll6 vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameCMemoryExecute.dll@ vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameWebBrowserPassView.exeF vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamemailpv.exe< vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamePhulli.exe0 vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameyuhttCAxwLFZshSGnwmMrfvGZfDSzxEDrzwk.exe4 vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameVNXT.exe* vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameE.exe4 vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameczzfIDlMOIuCXDkvbHSanvcpuIRYWjNm.exe4 vs PO_Invoices_pdf.exe
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameViottoBinder_Stub.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPAD
Source: PO_Invoices_pdf.exe, 00000000.00000002.309980821.0000000009400000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameuser32j% vs PO_Invoices_pdf.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: security.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: security.dll
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: security.dll

Source: PO_Invoices_pdf.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0000001B.00000002.651684392.0000000007F40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000001B.00000002.651227274.0000000007C90000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000006.00000002.398436711.0000000007540000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000006.00000002.398332656.00000000073F0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: dropped/hawkgoods.exe, type: DROPPED	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: dropped/hawkgoods.exe, type: DROPPED	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: dropped/hawkgoods.exe, type: DROPPED	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.73f0000.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.7540000.11.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.7c90000.10.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.7f40000.11.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 27.2.hawkgoods.exe.31f8c9c.5.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.2a689b0.5.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE	Matched rule: HKTL_NET_GUID_Stealer date = 2020-12-29, author = Arnim Rupp, description = Detects c# red/black-team tools via typelibguid, reference = https://github.com/malwares/Stealer, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE	Matched rule: RAT_HawkEye date = 01.06.2015, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = KeyLogger, description = Detects HawkEye RAT, reference = http://malwareconfig.com/stats/HawkEye
Source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE	Matched rule: Hawkeye author = JPCERT/CC Incident Response Group, description = detect HawkEye in memory, rule_usage = memory scan, reference = internal research

Source: PO_Invoices_pdf.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: I$s#$lT3ssl.exe.3.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: hawkgoods.exe.5.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: hawkgoods.exe.5.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: hawkgoods.exe.5.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
Source: hawkgoods.exe.5.dr, Form1.cs	Cryptographic APIs: 'CreateDecryptor'
Source: origigoods40.exe.5.dr, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: origigoods40.exe.5.dr, A/b2.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: hawkgoods.exe.5.dr, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	Base64 encoded string: 'hxYuBRkiiqF2m5U/v+PiR2nswhUqG0SslS0sInRy44yND2XYDxDtrDNZ25ZQ5u6E', 'ybZRZ/CCW7udMx58FQTRrK9RIMwrfnmlR5Z83UvMyu30rrOEs1DzW7d2mK+Drn3u', 'PN4TW3peZ3UeXi7asDB56E4dMEf6JrdkxXNUlrUjLlWcjHK1wZ5CpLZZKB/ocuFWy9Kw0Q8tIc1Qv7OEgqzD+w=='

Source: PO_Invoices_pdf.exe, 00000000.00000003.251356418.000000000654B000.00000004.00000001.sdmp	Binary or memory string: Yu Type Library is a Trademark of JIYUKOBO Ltd. registered in Japan.slnt
Source: PO_Invoices_pdf.exe, 00000000.00000003.251513936.000000000654B000.00000004.00000001.sdmp	Binary or memory string: n Japan.slnt

Source: classification engine

Classification label: mal100.phis.troj.adwa.spyw.evad.winEXE@46/40@68/6

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B64E52 AdjustTokenPrivileges,		6_2_04B64E52
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B64E1B AdjustTokenPrivileges,		6_2_04B64E1B

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_Invoices_pdf.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1200:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8:120:WilError_01
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5440
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3724
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6980:120:WilError_01

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awkr53h0.pdr.ps1

Jump to behavior

Source: PO_Invoices_pdf.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WerFault.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

System information queried: HandleInformation

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: PO_Invoices_pdf.exe	Binary or memory string: INSERT INTO [dbo].[UsersTable] ([Id], [userName], [passWord], [locked]) VALUES (@Id, @userName, @passWord, @locked); SELECT Id, us
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, powershell.exe, 00000003.00000003.370812465.0000000008DB1000.00000004.00000001.sdmp	Binary or memory string: UPDATE [dbo].[UsersTable] SET [Id] = @Id, [userName] = @userName, [passWord] = @passWord, [locked] = @locked WHERE (([Id] = @Original_Id) AND ([userName] = @Original_userName) AND ([passWord] = @Original_passWord) AND ([locked] = @Original_locked));
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, hawkgoods.exe	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: PO_Invoices_pdf.exe

ReversingLabs: Detection: 17%

Source: unknown	Process created: C:\Users\user\Desktop\PO_Invoices_pdf.exe 'C:\Users\user\Desktop\PO_Invoices_pdf.exe'
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2164
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Source: unknown	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 1996
Source: unknown	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: unknown	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2092
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Source: unknown	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Source: unknown	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 940
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2164	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2092
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process created: unknown unknown

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: PO_Invoices_pdf.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PO_Invoices_pdf.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: PO_Invoices_pdf.exe

Static file information: File size 1655808 > 1048576

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: PO_Invoices_pdf.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x18fe00

Source: PO_Invoices_pdf.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbHs source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: mscorlib.pdbTD~1\AppData\Local\Temp\hawkgoods.exeAAGZ source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdb2.0.0.0__b77a5c561934e089\mscorlib.pdbm source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: RunPE.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277173827.00000000030A1000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Jovan\Documents\Visual Studio 2010\Projects\Stealer\CMemoryExecute\CMemoryExecute\obj\Release\CMemoryExecute.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: C:\Windows\assembly\GA.pdbmscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: indows\mscorlib.pdbpdblib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: f:\Projects\VS2005\mailpv\Release\mailpv.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: C:\Windows\mscorlib.pdbl source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\dll\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: f:\Projects\VS2005\WebBrowserPassView\Release\WebBrowserPassView.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe
Source:	Binary string: symbols\dll\mscorlib.pdb7w source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: oC:\Windows\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.398710420.000000000782A000.00000004.00000010.sdmp
Source:	Binary string: C:\Windows\symbols\dll\mscorlib.pdb source: hawkgoods.exe, 00000006.00000002.386288521.00000000026D7000.00000004.00000040.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp
Source:	Binary string: mscorrc.pdb source: hawkgoods.exe, 00000006.00000002.391117104.0000000004E20000.00000002.00000001.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: hawkgoods.exe.5.dr, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: hawkgoods.exe.5.dr, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: hawkgoods.exe.5.dr, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: hawkgoods.exe.5.dr, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: IsDotNet System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: run System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: stealMail System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	.Net Code: stealWebroswers System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00360712 push eax; ret	6_2_00360726
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00360712 push eax; ret	6_2_0036074E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0033BA9D push eax; ret	6_2_0033BAB1
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_0033BA9D push eax; ret	6_2_0033BAD9
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00C77EF4 push eax; ret	6_2_00C77EF5
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00C77B84 push ebx; retf	6_2_00C77B86
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_00C77B81 push ebx; retf	6_2_00C77B82

Source: initial sample	Static PE information: section name: .text entropy: 7.94835272626
Source: initial sample	Static PE information: section name: .text entropy: 7.94835272626

Persistence and Installation Behavior:

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Jump to dropped file

Boot Survival:

Drops PE files to the startup folder

Show sources

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe

Jump to dropped file

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe\:Zone.Identifier:$DATA			Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Changes the view of files in windows explorer (hidden files and folders)

Show sources

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Key value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Hidden

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM_3

Show sources

Source: Yara match

File source: Process Memory Space: powershell.exe PID: 5904, type: MEMORY

Found evasive API chain (trying to detect sleep duration tampering with parallel thread)

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Function Chain: threadResumed,threadDelayed,systemQueried,memAlloc,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,systemQueried,processQueried,processQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Function Chain: threadDelayed,threadCreated,threadResumed,threadDelayed,threadDelayed,deviceIO,threadDelayed,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,processSet,processSet,memAlloc,threadInformationSet,threadInformationSet,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,memAlloc,processSet
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Function Chain: memAlloc,systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,threadDelayed,threadAPCQueued,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,memAlloc,threadDelayed,memAlloc,memAlloc,memAlloc,memAlloc

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 300000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 300000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1357	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1251	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window / User API: threadDelayed 1099	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window / User API: threadDelayed 8718	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window / User API: threadDelayed 1499
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window / User API: threadDelayed 8293
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4134
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2549
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window / User API: threadDelayed 798
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Window / User API: threadDelayed 9012
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window / User API: threadDelayed 2778
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Window / User API: threadDelayed 6864

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe TID: 5908	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5836	Thread sleep count: 1357 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5888	Thread sleep count: 1251 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6284	Thread sleep time: -11990383647911201s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6216	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1516	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6192	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6644	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6648	Thread sleep time: -140000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6668	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 7036	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 2148	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 2148	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 2148	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 7108	Thread sleep time: -23058430092136925s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 7112	Thread sleep count: 1099 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 7112	Thread sleep count: 8718 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -24903104499507879s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -199750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99766s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99656s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99156s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98828s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98719s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98610s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -196906s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98234s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -196250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98016s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -195812s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97688s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97563s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97453s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97203s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99765s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99546s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99437s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99328s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99218s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99109s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -99000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98890s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98781s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98671s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98562s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98343s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -98015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97796s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97687s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97578s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97468s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97359s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 2804	Thread sleep time: -97250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 6976	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 6976	Thread sleep count: 109 > 30
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 6976	Thread sleep time: -3270000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 6976	Thread sleep time: -90000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 6232	Thread sleep count: 224 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe TID: 6644	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5884	Thread sleep count: 4134 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5884	Thread sleep count: 2549 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6664	Thread sleep count: 43 > 30
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6368	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6084	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 576	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 5168	Thread sleep time: -120000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 5228	Thread sleep time: -140000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 5268	Thread sleep count: 60 > 30
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 5244	Thread sleep time: -300000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 712	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6812	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6812	Thread sleep time: -500000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe TID: 6812	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 4760	Thread sleep time: -20291418481080494s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 4756	Thread sleep count: 798 > 30
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe TID: 4756	Thread sleep count: 9012 > 30
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -23980767295822402s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5248	Thread sleep count: 2778 > 30
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99703s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -199188s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99453s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5248	Thread sleep count: 6864 > 30
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99203s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99047s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98938s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98797s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98641s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98406s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98297s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -196282s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -196000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -195782s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -195282s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97500s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97391s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97281s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97172s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97063s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -96953s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -96844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -96735s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -96594s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99844s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99735s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99344s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99188s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99078s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98969s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98860s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98735s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98547s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98391s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -98250s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97531s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97422s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97313s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97203s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -97094s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -96985s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99875s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99750s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe TID: 5280	Thread sleep time: -99625s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 5960	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 5960	Thread sleep count: 112 > 30
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 5960	Thread sleep time: -3360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 5960	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe TID: 1352	Thread sleep count: 340 > 30

Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File Volume queried: C:\ FullSizeInformation

Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	Binary or memory string: Hyper-V
Source: powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	Binary or memory string: Al:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: Matiexgoods.exe, 00000008.00000002.705756685.00000000044E1000.00000004.00000001.sdmp	Binary or memory string: 1keA/sO5FDZFCBsE6iqEMuCQifoK6oH1s/UW1veY/gDcXrGORBZz4Z+noIDCwQ57PciD
Source: hawkgoods.exe, 00000006.00000002.397387574.00000000068E0000.00000002.00000001.sdmp, origigoods40.exe, 00000007.00000002.479272063.00000000060C0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: hawkgoods.exe, 00000006.00000002.397387574.00000000068E0000.00000002.00000001.sdmp, origigoods40.exe, 00000007.00000002.479272063.00000000060C0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: hawkgoods.exe, 00000006.00000002.397387574.00000000068E0000.00000002.00000001.sdmp, origigoods40.exe, 00000007.00000002.479272063.00000000060C0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: Matiexgoods.exe, 00000008.00000002.694705884.0000000001823000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: hawkgoods.exe, 00000006.00000002.397387574.00000000068E0000.00000002.00000001.sdmp, origigoods40.exe, 00000007.00000002.479272063.00000000060C0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Code function: 6_2_04B377F0 LdrInitializeThunk,

6_2_04B377F0

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

.NET source code references suspicious native API functions

Show sources

Source: hawkgoods.exe.5.dr, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: hawkgoods.exe.5.dr, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: origigoods40.exe.5.dr, A/b2.cs	Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll')
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 6.0.hawkgoods.exe.2f0000.0.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, Form1.cs	Reference to suspicious API methods: ('GetAsyncKeyState', 'GetAsyncKeyState@user32')
Source: 6.2.hawkgoods.exe.2f0000.0.unpack, RunPE.cs	Reference to suspicious API methods: ('ReadProcessMemory', 'ReadProcessMemory@kernel32'), ('WriteProcessMemory', 'WriteProcessMemory@kernel32'), ('VirtualProtectEx', 'VirtualProtectEx@kernel32'), ('VirtualAllocEx', 'VirtualAllocEx@kernel32')
Source: 7.0.origigoods40.exe.c30000.0.unpack, A/b2.cs	Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll')
Source: 7.2.origigoods40.exe.c30000.0.unpack, A/b2.cs	Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll')

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 protect: page execute and read and write

Bypasses PowerShell execution policy

Show sources

Source: unknown

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000 value starts with: 4D5A

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base address: 400000

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 403000	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: D12008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 412000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 416000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 418000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 443000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 44F000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 452000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 403000
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 88D008
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 412000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 416000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 418000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 443000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 44F000
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe base: 452000

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2164	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\hawkgoods.exe 'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods40.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe 'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\origigoods20.exe 'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 2092
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process created: unknown unknown

Source: unknown	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'

Language, Device and Operating System Detection:

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Users\user\Desktop\PO_Invoices_pdf.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\origigoods40.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\origigoods40.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Queries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation

Source: C:\Users\user\Desktop\PO_Invoices_pdf.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings:

Uses netsh to modify the Windows network and firewall settings

Show sources

Source: unknown

Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.285132773.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.423374232.0000000000722000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.425880345.0000000003A2D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.445463818.0000000000C32000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.430720019.00000000000E2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.269169616.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000000.419299258.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.272090410.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.414221299.00000000036C1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.276618597.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.286093751.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.418225668.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.418385560.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.427152213.00000000039C1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.273140883.0000000000C32000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.281843308.00000000000E2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.428390015.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.681903640.0000000000722000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.284634932.0000000003E4D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.419784850.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.413803172.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.424187770.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.271788096.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.283633869.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: origigoods40.exe PID: 6172, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\origigoods20.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\origigoods40.exe, type: DROPPED
Source: Yara match	File source: 7.0.origigoods40.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.origigoods40.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.origigoods20.exe.720000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.origigoods20.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.origigoods20.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.origigoods40.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.origigoods40.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.origigoods20.exe.720000.0.unpack, type: UNPACKEDPE

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: dropped/hawkgoods.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED
Source: Yara match	File source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Yara detected MailPassView

Show sources

Source: Yara match	File source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.446713470.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.296594780.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: dropped/hawkgoods.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED
Source: Yara match	File source: 17.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.34fa72.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.3a27e00.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a9fa72.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.34fa72.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.41b7e00.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a9fa72.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.41b7e00.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.3a27e00.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000008.00000002.681623451.0000000000F72000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.681849072.0000000000BD2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe, type: DROPPED
Source: Yara match	File source: 8.2.Matiexgoods.exe.f70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.Matiexgoods.exe.bd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.Matiexgoods.exe.f9277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.Matiexgoods.exe.bd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.Matiexgoods.exe.f9277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.Matiexgoods.exe.f70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.Matiexgoods.exe.bf277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.Matiexgoods.exe.bf277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal WLAN passwords

Show sources

Source: unknown	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Process created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Instant Messenger accounts or passwords

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Dynamic Salt

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail
Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail

Yara detected WebBrowserPassView password recovery tool

Show sources

Source: Yara match	File source: 00000023.00000002.465758929.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.308131659.0000000000400000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: dropped/hawkgoods.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED
Source: Yara match	File source: 35.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.3a27e00.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.3a40240.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.41d0240.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.41b7e00.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.41d0240.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.3a40240.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.vbc.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Source: Yara match	File source: 0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: origigoods40.exe PID: 6172, type: MEMORY

Remote Access Functionality:

Detected HawkEye Rat

Show sources

Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: hawkgoods.exe	String found in binary or memory: HawkEye_Keylogger_Stealer_Records_
Source: hawkgoods.exe	String found in binary or memory: HawkEyeKeylogger
Source: hawkgoods.exe	String found in binary or memory: HawkEye_Keylogger_Keylog_Records_
Source: hawkgoods.exe	String found in binary or memory: HawkEye_Keylogger_Execution_Confirmed_
Source: hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	String found in binary or memory: \pidloc.txt!HawkEyeKeylogger
Source: hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	String found in binary or memory: Installed Firewall: MHawkEye_Keylogger_Execution_Confirmed_.txtUHawkEye Keylogger \| Execution Confirmed \|
Source: hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	String found in binary or memory: ==============================================EHawkEye_Keylogger_Stealer_Records_MHawkEye Keylogger \| Stealer Records \|
Source: hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	String found in binary or memory: .jpegCHawkEye_Keylogger_Keylog_Records_
Source: hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	String found in binary or memory: q'&HawkEye_Keylogger_Execution_Confirmed_
Source: hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	String found in binary or memory: q#"HawkEye_Keylogger_Stealer_Records_

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.285132773.0000000003DE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000000.423374232.0000000000722000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.425880345.0000000003A2D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.445463818.0000000000C32000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.430720019.00000000000E2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.269169616.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000000.419299258.0000000000E22000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.272090410.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.414221299.00000000036C1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.276618597.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.286093751.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.418225668.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.418385560.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.427152213.00000000039C1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000000.273140883.0000000000C32000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000000.281843308.00000000000E2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.428390015.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.681903640.0000000000722000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.284634932.0000000003E4D000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.419784850.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.413803172.0000000000E23000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.424187770.000000000372B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.271788096.00000000010E3000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.283633869.0000000003B4B000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: origigoods40.exe PID: 6172, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\origigoods20.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\origigoods40.exe, type: DROPPED
Source: Yara match	File source: 7.0.origigoods40.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.origigoods40.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.origigoods20.exe.720000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.0.origigoods20.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.origigoods20.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.0.origigoods40.exe.e20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.2.origigoods40.exe.c30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.0.origigoods20.exe.720000.0.unpack, type: UNPACKEDPE

Yara detected HawkEye Keylogger

Show sources

Source: Yara match	File source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: dropped/hawkgoods.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, type: DROPPED
Source: Yara match	File source: 27.2.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a48208.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a9fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a49c0d.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a9fa72.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f8208.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.0.hawkgoods.exe.a40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.a48208.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.0.hawkgoods.exe.2f9c0d.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.34fa72.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.hawkgoods.exe.31d8e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.hawkgoods.exe.2a48e20.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000008.00000002.681623451.0000000000F72000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.681849072.0000000000BD2000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 4888, type: MEMORY
Source: Yara match	File source: Process Memory Space: PO_Invoices_pdf.exe PID: 5372, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe, type: DROPPED
Source: Yara match	File source: 8.2.Matiexgoods.exe.f70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.Matiexgoods.exe.bd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.Matiexgoods.exe.f9277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.Matiexgoods.exe.bd0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.Matiexgoods.exe.f9277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4031bf.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.0.Matiexgoods.exe.f70000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.Matiexgoods.exe.bf277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.0.Matiexgoods.exe.bf277c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4095c7.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.4095c7.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.40afcc.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.RegAsm.exe.4031bf.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4156d80.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4398f3f.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.40a9510.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.4158f3f.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.I$s#$lT3ssl.exe.3e69510.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO_Invoices_pdf.exe.4396d80.5.raw.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B60E9E bind,	6_2_04B60E9E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B60A8E listen,	6_2_04B60A8E
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B60E6B bind,	6_2_04B60E6B
Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Code function: 6_2_04B60A50 listen,	6_2_04B60A50

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Replication Through Removable Media1	Windows Management Instrumentation231	Startup Items1	Startup Items1	Disable or Modify Tools211	OS Credential Dumping2	Peripheral Device Discovery1	Replication Through Removable Media1	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API2	DLL Side-Loading1	DLL Side-Loading1	Deobfuscate/Decode Files or Information11	Input Capture211	File and Directory Discovery1	Remote Desktop Protocol	Data from Local System2	Exfiltration Over Bluetooth	Encrypted Channel12	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Shared Modules1	Registry Run Keys / Startup Folder12	Access Token Manipulation1	Obfuscated Files or Information41	Credentials in Registry2	System Information Discovery126	SMB/Windows Admin Shares	Email Collection1	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Command and Scripting Interpreter1	Logon Script (Mac)	Process Injection411	Software Packing13	Credentials In Files1	Query Registry1	Distributed Component Object Model	Input Capture211	Scheduled Transfer	Remote Access Software1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	PowerShell2	Network Logon Script	Registry Run Keys / Startup Folder12	DLL Side-Loading1	LSA Secrets	Security Software Discovery251	SSH	Clipboard Data1	Data Transfer Size Limits	Non-Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion16	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol23	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion16	DCSync	Process Discovery2	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Access Token Manipulation1	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Process Injection411	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Hidden Files and Directories1	Network Sniffing	System Network Configuration Discovery1	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
PO_Invoices_pdf.exe	18%	ReversingLabs	ByteCode-MSIL.Trojan.Pwsx
PO_Invoices_pdf.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\origigoods40.exe	100%	Avira	TR/Spy.Gen8
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	100%	Avira	TR/AD.MExecute.lzrac
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	100%	Avira	SPR/Tool.MailPassView.473
C:\Users\user\AppData\Local\Temp\origigoods20.exe	100%	Avira	TR/Spy.Gen8
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	100%	Avira	TR/Redcap.jajcu
C:\Users\user\AppData\Local\Temp\origigoods40.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\origigoods20.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	46%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	89%	ReversingLabs	ByteCode-MSIL.Trojan.MatiexKeylogger
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	96%	ReversingLabs	ByteCode-MSIL.Trojan.Golroted
C:\Users\user\AppData\Local\Temp\origigoods20.exe	43%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\origigoods20.exe	86%	ReversingLabs	ByteCode-MSIL.Infostealer.DarkStealer
C:\Users\user\AppData\Local\Temp\origigoods40.exe	43%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\origigoods40.exe	82%	ReversingLabs	ByteCode-MSIL.Infostealer.DarkStealer
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe	20%	ReversingLabs	ByteCode-MSIL.Trojan.Pwsx

Unpacked PE Files

Source	Detection	Scanner	Label	Download
7.0.origigoods40.exe.c30000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
30.0.Matiexgoods.exe.bd0000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
8.2.Matiexgoods.exe.f70000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
28.2.origigoods40.exe.e20000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
31.2.origigoods20.exe.720000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
10.0.origigoods20.exe.e0000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
10.2.origigoods20.exe.e0000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
27.2.hawkgoods.exe.a40000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
27.2.hawkgoods.exe.a40000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
6.0.hawkgoods.exe.2f0000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
6.0.hawkgoods.exe.2f0000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
30.2.Matiexgoods.exe.bd0000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
26.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
26.2.RegAsm.exe.400000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
26.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
26.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
26.2.RegAsm.exe.4031bf.2.unpack	100%	Avira	TR/Inject.vcoldi	Download File
8.0.Matiexgoods.exe.f70000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
5.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
5.2.RegAsm.exe.400000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
5.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/Redcap.jajcu	Download File
5.2.RegAsm.exe.400000.0.unpack	100%	Avira	TR/Spy.Gen8	Download File
6.2.hawkgoods.exe.2f0000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
6.2.hawkgoods.exe.2f0000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
28.0.origigoods40.exe.e20000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
23.2.I$s#$lT3ssl.exe.4158f3f.3.unpack	100%	Avira	TR/Inject.vcoldi	Download File
7.2.origigoods40.exe.c30000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
31.0.origigoods20.exe.720000.0.unpack	100%	Avira	HEUR/AGEN.1138205	Download File
27.0.hawkgoods.exe.a40000.0.unpack	100%	Avira	TR/AD.MExecute.lzrac	Download File
27.0.hawkgoods.exe.a40000.0.unpack	100%	Avira	SPR/Tool.MailPassView.473	Download File
0.2.PO_Invoices_pdf.exe.4396d80.5.unpack	100%	Avira	TR/Inject.vcoldi	Download File
5.2.RegAsm.exe.4031bf.1.unpack	100%	Avira	TR/Inject.vcoldi	Download File
35.2.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
18.2.vbc.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1125438	Download File
0.2.PO_Invoices_pdf.exe.4398f3f.4.unpack	100%	Avira	TR/Inject.vcoldi	Download File
23.2.I$s#$lT3ssl.exe.4156d80.4.unpack	100%	Avira	TR/Inject.vcoldi	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://127.0.0.1:HTTP/1.1	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.zhongyicts.com.cnaN	0%	Avira URL Cloud	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
http://tempuri.org/DataSet1.xsd	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cnR	0%	Avira URL Cloud	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
https://contoso.com/License	0%	URL Reputation	safe
http://www.founder.com.cn/cnT	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://ns.adobe.c/g	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.carterandcone.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://csARxe.com	0%	Avira URL Cloud	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://fontfabrik.com	0%	URL Reputation	safe
http://www.typography.net-siu	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/	0%	Avira URL Cloud	safe
http://www.typography.net	0%	URL Reputation	safe
http://www.typography.net	0%	URL Reputation	safe
http://www.typography.net	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://contoso.com/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
https://api.ipify.org%GETMozilla/5.0	0%	URL Reputation	safe
https://api.ipify.org%GETMozilla/5.0	0%	URL Reputation	safe
https://api.ipify.org%GETMozilla/5.0	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.carterandcone.como.	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	0%	URL Reputation	safe
http://www.founder.com.cn/cniac	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://DynDns.comDynDNS	0%	URL Reputation	safe
http://www.goodfont.co.kr9	0%	Avira URL Cloud	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://pesterbdd.com/images/Pester.png	0%	URL Reputation	safe
http://www.carterandcone.como.R	0%	Avira URL Cloud	safe
http://ns.adobe.cobj	0%	URL Reputation	safe
http://ns.adobe.cobj	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
whatismyipaddress.com	104.16.155.36	true	false	high
freegeoip.app	104.21.19.200	true	false	unknown
smtp.privateemail.com	199.193.7.228	true	false	high
checkip.dyndns.com	131.186.113.70	true	false	unknown
69.170.12.0.in-addr.arpa	unknown	unknown	true	unknown
checkip.dyndns.org	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	Avira URL Cloud: safe	unknown
http://whatismyipaddress.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://127.0.0.1:HTTP/1.1	origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fontbureau.com/designersG	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com/designers/?	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.founder.com.cn/cn/bThe	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.zhongyicts.com.cnaN	PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://github.com/Pester/PesterL	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false		high
http://www.fontbureau.com/designers?	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://tempuri.org/DataSet1.xsd	PO_Invoices_pdf.exe, PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, powershell.exe, 00000003.00000003.370812465.0000000008DB1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cnR	PO_Invoices_pdf.exe, 00000000.00000003.249338917.0000000006516000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cnT	PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers	hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://ns.adobe.c/g	Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.goodfont.co.kr	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.carterandcone.com	PO_Invoices_pdf.exe, 00000000.00000003.250459528.0000000006513000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sajatypeworks.com	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://csARxe.com	origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netD	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	PO_Invoices_pdf.exe, 00000000.00000003.256526982.0000000006539000.00000004.00000001.sdmp, PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://fontfabrik.com	PO_Invoices_pdf.exe, 00000000.00000003.247874552.000000000654D000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.net-siu	PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.net	PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://contoso.com/	powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	false		high
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://whatismyipaddress.com/-	PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu	Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false		high
https://api.ipify.org%GETMozilla/5.0	origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
https://login.yahoo.com/config/login	hawkgoods.exe	false		high
http://www.fonts.com	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.sandoll.co.kr	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.site.com/logs.php	hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	false		high
http://www.urwpp.deDPlease	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.nirsoft.net/	hawkgoods.exe, 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp	false		high
http://www.zhongyicts.com.cn	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000003.00000002.381287871.0000000004841000.00000004.00000001.sdmp, Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false		high
http://www.carterandcone.como.	PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.sakkal.com	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip	PO_Invoices_pdf.exe, 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, RegAsm.exe, 00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp, origigoods40.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.founder.com.cn/cniac	PO_Invoices_pdf.exe, 00000000.00000003.249338917.0000000006516000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/	Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://nuget.org/NuGet.exe	powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.com	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://DynDns.comDynDNS	origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.goodfont.co.kr9	PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comF	PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://sectigo.com/CPS0	Matiexgoods.exe, 00000008.00000003.461245193.00000000068F6000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.carterandcone.como.R	PO_Invoices_pdf.exe, 00000000.00000003.250141662.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.adobe.cobj	Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha	origigoods40.exe, 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false		high
http://www.sakkal.com-mq	PO_Invoices_pdf.exe, 00000000.00000003.251741662.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/Icon	powershell.exe, 00000003.00000002.386788256.00000000058A3000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.comY	PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://whatismyipaddress.com	hawkgoods.exe, 00000006.00000002.387343775.0000000002A21000.00000004.00000001.sdmp	false		high
http://www.fontbureau.comd	PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false		high
http://www.goodfont.co.krF	PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.typography.net-d	PO_Invoices_pdf.exe, 00000000.00000003.247998925.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.fontbureau.coma3	PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comdV	PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comceto	PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.founder.com.cn/cn	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-jones.html	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://checkip.dyndns.org/HBFl	Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.pngL	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netx	PO_Invoices_pdf.exe, 00000000.00000003.248176476.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comm	PO_Invoices_pdf.exe, 00000000.00000003.272424177.0000000006510000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/	PO_Invoices_pdf.exe, 00000000.00000003.250877364.0000000006512000.00000004.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/l	PO_Invoices_pdf.exe, 00000000.00000003.250877364.0000000006512000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	PO_Invoices_pdf.exe, 00000000.00000002.300417704.0000000006600000.00000002.00000001.sdmp, hawkgoods.exe, 00000006.00000002.391685560.00000000051E0000.00000002.00000001.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.htmlL	powershell.exe, 00000003.00000002.382114009.0000000004983000.00000004.00000001.sdmp	false		high
http://www.fontbureau.comdsed	PO_Invoices_pdf.exe, 00000000.00000003.254406255.0000000006512000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sandoll.co.krn-u	PO_Invoices_pdf.exe, 00000000.00000003.249068129.0000000006515000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://fontfabrik.com(	PO_Invoices_pdf.exe, 00000000.00000003.247874552.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.typography.netn	PO_Invoices_pdf.exe, 00000000.00000003.248099180.000000000654D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26	Matiexgoods.exe, 00000008.00000002.699162061.00000000034E1000.00000004.00000001.sdmp	false		high
http://www.tiro.com-cz	PO_Invoices_pdf.exe, 00000000.00000003.249778536.0000000006512000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://ns.ado/1	Matiexgoods.exe, 00000008.00000003.443342117.0000000009311000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
131.186.113.70	unknown	United States	33517	DYNDNSUS	false
104.16.155.36	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.19.200	unknown	United States	13335	CLOUDFLARENETUS	false
199.193.7.228	unknown	United States	22612	NAMECHEAP-NETUS	false
216.146.43.70	unknown	United States	33517	DYNDNSUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	347154
Start date:	02.02.2021
Start time:	08:50:38
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 18m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	PO_Invoices_pdf.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.troj.adwa.spyw.evad.winEXE@46/40@68/6
EGA Information:	Failed
HDC Information:	Successful, ratio: 0.2% (good quality ratio 0.1%) Quality average: 33.8% Quality standard deviation: 33.4%
HCA Information:	Successful, ratio: 97% Number of executed functions: 206 Number of non-executed functions: 21
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 13.64.90.137, 40.88.32.150, 168.61.161.212, 92.122.144.200, 2.20.142.210, 2.20.142.209, 51.103.5.186, 104.42.151.234 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wns.notify.windows.com.akadns.net, skypedataprdcoleus15.cloudapp.net, emea1.wns.notify.trafficmanager.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, vip2-par02p.wns.notify.trafficmanager.net Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtSetInformationFile calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/347154/sample/PO_Invoices_pdf.exe

Simulations

Behavior and APIs

Time	Type	Description
08:51:54	API Interceptor	48x Sleep call for process: hawkgoods.exe modified
08:52:00	API Interceptor	2x Sleep call for process: dw20.exe modified
08:52:01	API Interceptor	623x Sleep call for process: origigoods20.exe modified
08:52:05	API Interceptor	940x Sleep call for process: origigoods40.exe modified
08:52:20	API Interceptor	1074x Sleep call for process: Matiexgoods.exe modified
08:52:23	API Interceptor	55x Sleep call for process: powershell.exe modified
08:52:33	API Interceptor	2x Sleep call for process: WerFault.exe modified
08:52:34	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
131.186.113.70	SALES.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Statement.pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Purchase Order.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	orden010221.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_1660392.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	my new file ify (1).exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_166390pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG-6661.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_761213.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	Sale_Contract.com.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_04017.pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	INV_098789.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	2021 NEW LIST.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	CHIKWA.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	weg6tX6TTk78XZ5.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_0661.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	INV0009876.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	000000000009000000.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	IMG_53091.pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Copy_Payment.exe	Get hash	malicious	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
freegeoip.app	SALES.exe	Get hash	malicious	Browse	104.21.19.200
	Revised Invoice.exe	Get hash	malicious	Browse	172.67.188.154
	RFQ - 0201201.exe	Get hash	malicious	Browse	104.21.19.200
	Statement.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	Purchase Order.exe	Get hash	malicious	Browse	172.67.188.154
	New Order.exe	Get hash	malicious	Browse	172.67.188.154
	CMR2OEYL.exe	Get hash	malicious	Browse	104.21.19.200
	full set of ball valve components ready for assembly. Assembly weldingtestingpainting.exe	Get hash	malicious	Browse	172.67.188.154
	NEW ORDER.exe	Get hash	malicious	Browse	172.67.188.154
	ProcessingIConnect.Common..TermsConditions.z.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	PO 642021.exe	Get hash	malicious	Browse	104.21.19.200
	00000000000000000090.exe	Get hash	malicious	Browse	172.67.188.154
	New Order.exe	Get hash	malicious	Browse	172.67.188.154
	IMG_1660392.exe	Get hash	malicious	Browse	172.67.188.154
	IMG_1660392.doc	Get hash	malicious	Browse	172.67.188.154
	NS_PO_86655443.exe	Get hash	malicious	Browse	172.67.188.154
	INV#1191189.exe	Get hash	malicious	Browse	172.67.188.154
	NEW PURCHASE#U00c3#U00bf #U00c3#U00bfORDER.exe	Get hash	malicious	Browse	104.21.19.200
	0009752202_OUTSTANDING_20210129,PDF.exe	Get hash	malicious	Browse	172.67.188.154
	CITI SOLUTION COMPANY PROFILE.exe	Get hash	malicious	Browse	172.67.188.154
whatismyipaddress.com	Orders.exe	Get hash	malicious	Browse	104.16.155.36
	nzGUqSK11D.exe	Get hash	malicious	Browse	104.16.154.36
	PO 2010029_pdf Quotation from Alibaba Ale.exe	Get hash	malicious	Browse	104.16.155.36
	PO 2010029_pdf Quotation from Alibaba Ale.exe	Get hash	malicious	Browse	104.16.155.36
	hkaP5RPCGNDVq3Z.exe	Get hash	malicious	Browse	104.16.155.36
	B6LNCKjOGt5EmFQ.exe	Get hash	malicious	Browse	104.16.154.36
	NDt93WWQwd089H7.exe	Get hash	malicious	Browse	104.16.155.36
	JkhR5oeRHA.exe	Get hash	malicious	Browse	66.171.248.178
	PURCHASE ORDER.exe	Get hash	malicious	Browse	104.16.155.36
	BANK-STATMENT _xlsx.exe	Get hash	malicious	Browse	104.16.154.36
	INQUIRY.exe	Get hash	malicious	Browse	104.16.154.36
	Prueba de pago.exe	Get hash	malicious	Browse	104.16.155.36
	879mgDuqEE.jar	Get hash	malicious	Browse	66.171.248.178
	remittance1111.jar	Get hash	malicious	Browse	66.171.248.178
	879mgDuqEE.jar	Get hash	malicious	Browse	66.171.248.178
	remittance1111.jar	Get hash	malicious	Browse	66.171.248.178
	https://my-alliances.co.uk/	Get hash	malicious	Browse	66.171.248.178
	c9o0CtTIYT.exe	Get hash	malicious	Browse	104.16.154.36
	mR3CdUkyLL.exe	Get hash	malicious	Browse	104.16.155.36
	6JLHKYvboo.exe	Get hash	malicious	Browse	104.16.155.36

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DYNDNSUS	Payment Advice.exe	Get hash	malicious	Browse	131.186.113.70
	SALES.exe	Get hash	malicious	Browse	131.186.113.70
	Revised Invoice.exe	Get hash	malicious	Browse	216.146.43.70
	RFQ - 0201201.exe	Get hash	malicious	Browse	162.88.193.70
	Statement.pdf.exe	Get hash	malicious	Browse	131.186.113.70
	Purchase Order.exe	Get hash	malicious	Browse	131.186.113.70
	New Order.exe	Get hash	malicious	Browse	162.88.193.70
	orden010221.exe	Get hash	malicious	Browse	131.186.113.70
	CMR2OEYL.exe	Get hash	malicious	Browse	216.146.43.71
	full set of ball valve components ready for assembly. Assembly weldingtestingpainting.exe	Get hash	malicious	Browse	131.186.161.70
	NEW ORDER.exe	Get hash	malicious	Browse	216.146.43.70
	ProcessingIConnect.Common..TermsConditions.z.pdf.exe	Get hash	malicious	Browse	216.146.43.71
	PO 642021.exe	Get hash	malicious	Browse	162.88.193.70
	00000000000000000090.exe	Get hash	malicious	Browse	216.146.43.71
	New Order.exe	Get hash	malicious	Browse	216.146.43.71
	IMG_1660392.exe	Get hash	malicious	Browse	216.146.43.70
	IMG_1660392.doc	Get hash	malicious	Browse	216.146.43.70
	NS_PO_86655443.exe	Get hash	malicious	Browse	131.186.161.70
	INV#1191189.exe	Get hash	malicious	Browse	216.146.43.71
	NEW PURCHASE#U00c3#U00bf #U00c3#U00bfORDER.exe	Get hash	malicious	Browse	162.88.193.70
CLOUDFLARENETUS	Payment Advice.exe	Get hash	malicious	Browse	172.67.188.154
	SALES.exe	Get hash	malicious	Browse	104.21.19.200
	Revised Invoice.exe	Get hash	malicious	Browse	172.67.188.154
	RFQ - 0201201.exe	Get hash	malicious	Browse	104.21.19.200
	Statement.pdf.exe	Get hash	malicious	Browse	172.67.188.154
	Purchase Order.exe	Get hash	malicious	Browse	172.67.188.154
	New Order.exe	Get hash	malicious	Browse	172.67.188.154
	NEW ENQUIRY.xlsx	Get hash	malicious	Browse	104.22.0.232
	SOA - NCL INTER LOGISTICS.xlsx	Get hash	malicious	Browse	104.22.1.232
	CSWWOe1Gnx.html	Get hash	malicious	Browse	104.16.19.94
	PO_210202.exe	Get hash	malicious	Browse	23.227.38.32
	Invoice764895.xls	Get hash	malicious	Browse	172.67.193.211
	Invoice764895.xls	Get hash	malicious	Browse	104.21.76.113
	po.exe.exe	Get hash	malicious	Browse	23.227.38.74
	CMR2OEYL.exe	Get hash	malicious	Browse	104.21.19.200
	129ZD381.xls	Get hash	malicious	Browse	172.67.204.162
	129ZD381.xls	Get hash	malicious	Browse	172.67.204.162
	q2EKWldniJ.exe	Get hash	malicious	Browse	104.16.16.194
	evil.doc	Get hash	malicious	Browse	104.16.126.175
	full set of ball valve components ready for assembly. Assembly weldingtestingpainting.exe	Get hash	malicious	Browse	172.67.188.154

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Payment Advice.exe	Get hash	malicious	Browse	104.21.19.200
	SALES.exe	Get hash	malicious	Browse	104.21.19.200
	Revised Invoice.exe	Get hash	malicious	Browse	104.21.19.200
	RFQ - 0201201.exe	Get hash	malicious	Browse	104.21.19.200
	Statement.pdf.exe	Get hash	malicious	Browse	104.21.19.200
	Purchase Order.exe	Get hash	malicious	Browse	104.21.19.200
	New Order.exe	Get hash	malicious	Browse	104.21.19.200
	CMR2OEYL.exe	Get hash	malicious	Browse	104.21.19.200
	full set of ball valve components ready for assembly. Assembly weldingtestingpainting.exe	Get hash	malicious	Browse	104.21.19.200
	NEW ORDER.exe	Get hash	malicious	Browse	104.21.19.200
	OOLU2115327710.xls.exe	Get hash	malicious	Browse	104.21.19.200
	ProcessingIConnect.Common..TermsConditions.z.pdf.exe	Get hash	malicious	Browse	104.21.19.200
	SOPORTEDE.exe	Get hash	malicious	Browse	104.21.19.200
	POinv00393.exe	Get hash	malicious	Browse	104.21.19.200
	PO 642021.exe	Get hash	malicious	Browse	104.21.19.200
	00000000000000000090.exe	Get hash	malicious	Browse	104.21.19.200
	New Order.exe	Get hash	malicious	Browse	104.21.19.200
	IMG_1660392.exe	Get hash	malicious	Browse	104.21.19.200
	mEPx5H8svq.exe	Get hash	malicious	Browse	104.21.19.200
	NS_PO_86655443.exe	Get hash	malicious	Browse	104.21.19.200

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Users\user\AppData\Local\Temp\hawkgoods.exe	Orders.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\origigoods20.exe	Orders.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\Matiexgoods.exe	Orders.exe	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Temp\origigoods40.exe	Orders.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_697020edb13ed8bc761f5d6b0de413dddfcbfb_b4666e22_12f099c3\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	17818
Entropy (8bit):	3.766553825659537
Encrypted:	false
SSDEEP:	192:UwHLs3pHBUZMXJyBaPLk9Mg5N3gFm1pzvnuk1+K1QtKVzss/u7sVS274Itmxeon:rLs3ZBUZMXiayRv1jz3/u7sVX4ItOd
MD5:	1B14E26F15C08169BD1E448474C1F7AB
SHA1:	3FF1E3F413BDD11D5784E94EFCDFE0609CD50B1A
SHA-256:	B680E94518074E808301D5E76EA73ACACCFF2FEC67401CCD13B2C039780F6F65
SHA-512:	682801D9682FDF42DBB98535EAA07596432BCDA55855477CFD0D2FA04C0FAB2A1F4B5E4E208CB87EB417772EF0848BDEE0ECEC71FA1281CE3737419AFB9A4C23
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.6.7.5.8.4.0.9.0.7.4.3.2.0.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.6.7.5.8.4.5.3.1.2.9.5.8.2.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.a.5.b.c.c.8.c.-.2.5.b.4.-.4.a.6.4.-.9.5.6.8.-.8.c.8.e.1.2.a.2.0.a.b.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.c.e.5.f.a.8.c.-.a.a.3.8.-.4.7.5.6.-.9.b.3.b.-.5.d.5.d.6.a.8.3.8.0.6.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.h.a.w.k.g.o.o.d.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.h.u.l.l.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.4.0.-.0.0.0.1.-.0.0.1.7.-.3.7.9.8.-.7.7.d.a.8.3.f.9.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.c.c.9.4.0.d.7.a.0.d.3.0.a.e.2.8.3.f.a.7.7.b.e.8.f.e.6.4.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.d.6.e.4.a.3.c.a.2.5.3.b.f.c.3.7.2.a.9.a.3.1.8.0.b.5.8.8.7.c.7.1.6.e.d.

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_697020edb13ed8bc761f5d6b0de413dddfcbfb_b4666e22_1b230661\Report.wer Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	17916
Entropy (8bit):	3.7657882578191666
Encrypted:	false
SSDEEP:	192:xt91Q3pHBUZMXJyBaKsn9fbeN9M2v1zzvSXk0ZKjBIcQr+s/u7s4S274ItmxeY:h1Q3ZBUZMXiaEdvh/sl/u7s4X4ItOF
MD5:	6FE02F566E5BC86C856A4746E5B1B37E
SHA1:	45764D32FED814C6E0E4D3D7A498DC74ECCD2EE3
SHA-256:	3317003BFF2506D41F1DCCB35B30D0C8D94F389E40D7A77242DA1C7456C05268
SHA-512:	DF8BC7E1E759B493C00C697ACBBDA26C88B7FEC6152F627311697B17E65500C25B245907989AC275985296CFCF11EBDD13760D724AC527A4A24915C314CFF029
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.6.7.5.8.3.3.1.6.5.2.6.3.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.6.7.5.8.3.5.2.1.5.2.5.9.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.8.1.e.4.f.3.3.-.4.c.0.f.-.4.f.1.b.-.9.c.3.2.-.5.c.3.e.a.3.d.7.e.8.d.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.3.f.9.2.a.c.e.-.4.5.3.0.-.4.8.4.d.-.8.2.8.a.-.f.2.5.7.1.3.c.5.6.8.8.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.h.a.w.k.g.o.o.d.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.h.u.l.l.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.8.c.-.0.0.0.1.-.0.0.1.7.-.6.9.7.2.-.c.b.b.1.8.3.f.9.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.c.c.9.4.0.d.7.a.0.d.3.0.a.e.2.8.3.f.a.7.7.b.e.8.f.e.6.4.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.d.6.e.4.a.3.c.a.2.5.3.b.f.c.3.7.2.a.9.a.3.1.8.0.b.5.8.8.7.c.7.1.6.e.d.

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_93f07d9c4f92cda17563b29cabdf995c588ef9_00000000_14dc0d13\Report.wer Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	16862
Entropy (8bit):	3.758463269003457
Encrypted:	false
SSDEEP:	192:PmLhQmV4yBaPLk9Mg5N3gFm1pzvnuk1+K1QtKVzz/u7sVS274ItiLn:eLhQSayRv1jzz/u7sVX4Iten
MD5:	5B656D3CB77E098CA4DF1D1C0CE0E328
SHA1:	ABA48932FBF3EC81ADA9341DE6B97AC4668AD94C
SHA-256:	85D229EC5FFF7DBF8DDC2CEFA7281BD453B84E1D3F70204FE83A582F0246D164
SHA-512:	928397B3DD92C244E5916D7FD3B61EB2B9E0B3794D6CB477BDADB6CBD75090FCA850DDC950DA714E89484EFF60684E6AE742C73930D6F83BAE3AE2FA665B9962
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.6.7.5.8.3.8.5.1.0.5.6.3.0.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.6.7.5.8.3.8.9.5.1.1.8.4.8.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.0.4.6.f.6.c.2.-.1.4.1.c.-.4.8.8.c.-.9.4.4.0.-.e.a.0.f.5.9.8.2.7.2.3.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.h.u.l.l.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.4.0.-.0.0.0.1.-.0.0.1.7.-.3.7.9.8.-.7.7.d.a.8.3.f.9.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.c.c.9.4.0.d.7.a.0.d.3.0.a.e.2.8.3.f.a.7.7.b.e.8.f.e.6.4.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.d.6.e.4.a.3.c.a.2.5.3.b.f.c.3.7.2.a.9.a.3.1.8.0.b.5.8.8.7.c.7.1.6.e.d.2.8.5.c.6.!.h.a.w.k.g.o.o.d.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.1././.1.9.:.1.0.:.0.8.:.3.8.!.0.!.h.a.w.k.g.o.o.d.s...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5...

C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_hawkgoods.exe_93f07d9c4f92cda17563b29cabdf995c588ef9_00000000_1a4a83a4\Report.wer Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	16958
Entropy (8bit):	3.758176808526625
Encrypted:	false
SSDEEP:	192:sK11QmV4yBaKsn9fbeN9M2v1zzvSXk0ZKjBIcQry/u7sTS274Itip:111QSaEdvh/sy/u7sTX4Itg
MD5:	E69F7F2D40A3282E3A5C4D25F316EEFD
SHA1:	FF12BFC6A914E52FD5A233C18C99BF7E128DFC10
SHA-256:	2D0F631D768C4D0B5FA1211D11CAE7F657DB56553606E18FCF4E5CE04878607A
SHA-512:	1C0F891A498A9D74A59A09285423C3173248E2A715F6C43D8499EA9EEA1556CB536A9D8118E81AEECA94936C0AC78F29B6422ADF28D008C80085299D299EFBA0
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.6.7.5.8.3.1.6.0.9.0.1.7.9.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.6.7.5.8.3.1.8.7.3.0.7.9.8.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.4.9.1.a.8.b.5.-.7.b.7.d.-.4.6.4.e.-.8.7.5.0.-.7.c.9.c.1.4.1.a.8.6.c.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.h.u.l.l.i...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.8.c.-.0.0.0.1.-.0.0.1.7.-.6.9.7.2.-.c.b.b.1.8.3.f.9.d.6.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.6.c.c.9.4.0.d.7.a.0.d.3.0.a.e.2.8.3.f.a.7.7.b.e.8.f.e.6.4.d.3.0.0.0.0.0.0.0.0.!.0.0.0.0.d.6.e.4.a.3.c.a.2.5.3.b.f.c.3.7.2.a.9.a.3.1.8.0.b.5.8.8.7.c.7.1.6.e.d.2.8.5.c.6.!.h.a.w.k.g.o.o.d.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.1././.1.9.:.1.0.:.0.8.:.3.8.!.0.!.h.a.w.k.g.o.o.d.s...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5...

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2F33.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	6346
Entropy (8bit):	3.727723917153232
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiJn66RY0SwZCpra89bvcsfRlm:RrlsNiJ6EY0SwCvvfK
MD5:	D9A75C2F37E77481D156E098A916F868
SHA1:	586C14F42B7EFA8A883FAA53B416F0C491B218B7
SHA-256:	AAA58719C37F44B8FD215C19F46455439079D3B8AFB77BCD1212947B45474CC6
SHA-512:	F4E44BB08682D51682622FD695C6F2DBBA11DFCE95702B5857F46BDE655B9F5C5FBD88148602A7167B334CA8E10917671F530FF9BC6123EEB3EBBC40E6BB0414
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.4.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER3BB7.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4658
Entropy (8bit):	4.484087176387836
Encrypted:	false
SSDEEP:	48:cvIwSD8zscJgtWI9HnWSC8BAb8fm8M4JUkZFI+q84UZ/URyHwd:uITfaoWSNBJJUoZcRyHwd
MD5:	745EBD9EB867F5C20629FE5A76B20E2E
SHA1:	01E88CAA25F3BBF0E69ECBE25A51CC8ED1975EA3
SHA-256:	8983A0C40000ABE4FB9D2FAD11770B2177CF7960842134582B219551BF357DC6
SHA-512:	D65656378EB01D6F1F094C27EB95DE2F10774F68BC4AE266C40EA16975DF60212515A5CC7FE23039FEE53B1871338F4DBD78C24D70AE3F5F9CF1054D12924FCF
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="843964" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER72DC.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	7646
Entropy (8bit):	3.6935655205790683
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNie3696YaD36XLgmfZSnS/ZCp17nX1ffJm:RrlsNi+696Yc36XLgmfInS/A7nlfs
MD5:	B831102B11FA3395D755D1BB81097289
SHA1:	11843E55B390CE8A5FAD48F342F244C938FF4B1A
SHA-256:	C765D0D67F63F562E8E3817D0513C0FA99456485788DCA02DC80E33D4538747D
SHA-512:	18ECA65B3A6C624CC9A23C9CF96550CFBBD5D08784D973E342D7DD0D244B640E4A36A0D86B22896D8747C168AE0286084AC23840FE44F89C35A67F2D333ABAD5
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.7.2.4.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER7473.tmp.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4678
Entropy (8bit):	4.444767498901979
Encrypted:	false
SSDEEP:	48:cvIwSD8zsCJgtWI9HnWSC8Bxk8fm8M4JFKqJFx+q8vv9/URyHzd:uITfQoWSNTJJFKsKlcRyHzd
MD5:	5CF35384506171C76D238D23345102E5
SHA1:	2AD1BF4FCD9C1D89B39F4F1FF1D5EA58FDBF6B1A
SHA-256:	A5F959079EDED28B1CFBBAF95E51A355666A142A81565719D9BF2F2F7662BEDD
SHA-512:	D690E05F2D00A5FDF49829F1DC1C43552A91D3A40DA8109B53302058211CB5A3FD1EA4C4D59C1397FD74833972ED29AC99E716E969682AD2E4FE92BE816EF56E
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="843962" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WER81AC.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	7646
Entropy (8bit):	3.693579069726026
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiJ5z6ZcJ6YQK6AgmfZSnS/ZCp1sc1fbkm:RrlsNiHz6M6YV6AgmfInS/Asmfd
MD5:	3A508C183E8DBAAD5D3D8713B56F9361
SHA1:	EDFA7FE427707929A6A6DDD1EB0F3DDF3BEF18F7
SHA-256:	23CA4EDA7A443492D22C975864EBFB9D0465DBAD4417390EF4F7FA36B5ECF537
SHA-512:	5CE0BDCDA608DBD7757226268407E053148AE9B88329656B566BEBC651158048859EBF03A48B1DAC9BE380F53A32BAC3A1812753ED269A80491FFF274BB80107
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.4.4.0.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8566.tmp.xml Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4678
Entropy (8bit):	4.444768514534563
Encrypted:	false
SSDEEP:	48:cvIwSD8zsJJgtWI9HnWSC8Bcs8fm8M4JFKqJFY2+q8vvp/URyHDd:uITfboWSNqRJFKIKxcRyHDd
MD5:	5A22E2B7CEDA2DCE82BD29C8364400C6
SHA1:	517E131B4D1A984B5D79E041EE6E823CB85B771C
SHA-256:	FBBC0C2B8668F47624704691F6B1D3637C4FEB80B191B86781C760557D98B973
SHA-512:	2CEEBEA847BAB89C2F152F6A0A007E2793656F68E736A03D28386F374B621B2EDF4A10680194E1F3D5A4031B6DD96CFA5D02D8A330383A9BD6B3CEFB40B063AA
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="843963" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF48.tmp.mdmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Feb 2 16:52:18 2021, 0x60521 type
Category:	dropped
Size (bytes):	6824818
Entropy (8bit):	4.735635134294259
Encrypted:	false
SSDEEP:	98304:EaauHsiIP9H6hIb1Xa73vlirFYuerqFpCqkJpljZcsZccO:LxHsiIP9H469BXYfZc1
MD5:	CC42182766C160A4269CBC0CB6DD537A
SHA1:	2123EFAF6B085E889046DB5EFAA87A1A3BE29652
SHA-256:	AAC3FBCFE568BD68FC4B213308FF5C593EE3AAB47FC2C9447754239579E838B5
SHA-512:	7561C17ECED613BCF3D4026BBB25000CBC440F46EF912EB8AE6934EDED5793B0564C17EC254AE89D7B04CF7D347DCEA782354648D235A90ED3068F3FDCBD7471
Malicious:	false
Preview:	MDMP....... .......B..`!..................U...........B.......3......GenuineIntelW...........T...........#..`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD020.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	6346
Entropy (8bit):	3.726879109228151
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNier6hY0SwZCpr+89bJnvsfNjm:RrlsNiq6hY0SwWJnUf0
MD5:	859C2D09E985859C05BA524E847AE1F7
SHA1:	D77BC6804E32D6EA7001D46678CCA826F5E68F68
SHA-256:	6DB7AAEE60D7D508523C3BA1B51655E0707872B4BE51B8CFBC88A401CF1DA410
SHA-512:	9C1439031B122D8ED9361117E3B095D7E1335C0038463AF84886873B8B543D36081056ADA864C8C42A165B851F590D079473962B5C3B92D05BC0D9C207E8F1D6
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.7.2.4.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD84E.tmp.xml Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4658
Entropy (8bit):	4.484771487000801
Encrypted:	false
SSDEEP:	48:cvIwSD8zsCJgtWI9HnWSC8BN8fm8M4JUkZFK+q84UN/URyHAd:uITfQoWSNAJJOoNcRyHAd
MD5:	9363D872E68ACC797390D6712DA8521C
SHA1:	A04E6EAEC66ECA386CBE020130B59BD71172009F
SHA-256:	73F1FD36F750B4FD1E3B300530421BC897887B4B3D3BFE85C6893B3C0341F4C4
SHA-512:	43CFE15E426B91B113B4E3B109BA0C4030F623CF356D7D4D66DB849A989390EBFFD9C770824B21BB42D0DC0BE54251039A2678920F8851631652EE0AFF7878E8
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="843962" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDB6.tmp.mdmp Download File
Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Tue Feb 2 16:53:45 2021, 0x60521 type
Category:	dropped
Size (bytes):	6791614
Entropy (8bit):	4.742421345206189
Encrypted:	false
SSDEEP:	98304:xAMauM2xID9H+h1b1XaoDvliXnlYuernx5AqJplvzcnsccD:xdxM2xID9HUMndYpDzcS
MD5:	722E8E235CF8F1D7BFAE5DC73782C39E
SHA1:	8E0E4C0332FE09017117C69966D39BFF3D93BE0F
SHA-256:	87CCC6BF059F6DF8C5EE9B7872438410BB30C6D104B2E7BF5B9230BCE8850A9B
SHA-512:	E14A7BE8D7C59D1833DE5C15B69CDAF76586A2DF0CBC2B930702B7D4B34B8C8DAB1E408BEB07117B2E1BE777FBA5E69A696E42BA42FA18767A890A16FA7EBC04
Malicious:	false
Preview:	MDMP....... ..........`!..................U...........B......H3......GenuineIntelW...........T.......@...g..`.............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\I$s#$lT3ssl.exe.log Download File
Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	5.34928936000881
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4bE4K5AE4Kzr74E4KnKDE4KhK3VZ9pKhPKIE4oKFKHKorE4J:MIHK5HKXE1qHbHK5AHKzv4HKnYHKhQnp
MD5:	E26C2069017DA08B1891F176C3FCBB5B
SHA1:	372337FEB1999D2CF9E2CDF4AF964905B6EE025A
SHA-256:	A00F43B55E3A712364B3F1F3A8C0DE7B291111960CAC301A34544666E812E5F9
SHA-512:	F13A01B88578FC81453B4C8389C91237414CF2D95CCFD76FE2291E973C86EFA23192C916FD832802054BFC0B2EE72F6ABD7B057BADF98750C381F32115259F9C
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"Sy

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO_Invoices_pdf.exe.log Download File
Process:	C:\Users\user\Desktop\PO_Invoices_pdf.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	5.34928936000881
Encrypted:	false
SSDEEP:	24:MLUE4K5E4Ks2E1qE4bE4K5AE4Kzr74E4KnKDE4KhK3VZ9pKhPKIE4oKFKHKorE4J:MIHK5HKXE1qHbHK5AHKzv4HKnYHKhQnp
MD5:	E26C2069017DA08B1891F176C3FCBB5B
SHA1:	372337FEB1999D2CF9E2CDF4AF964905B6EE025A
SHA-256:	A00F43B55E3A712364B3F1F3A8C0DE7B291111960CAC301A34544666E812E5F9
SHA-512:	F13A01B88578FC81453B4C8389C91237414CF2D95CCFD76FE2291E973C86EFA23192C916FD832802054BFC0B2EE72F6ABD7B057BADF98750C381F32115259F9C
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"System.Data.DataSetExtensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"Sy

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	8701
Entropy (8bit):	4.879861859938857
Encrypted:	false
SSDEEP:	192:cdcU6Clib4oxoe5oVsm5emdVVFn3eGOVpN6K3bkkjo59gkjDt4iWN3yBGHh9smii:cib4NBVoGIpN6KQkj2Wkjh4iUx0mib4J
MD5:	E16560503ABB03E8D3A60D67C80E53CB
SHA1:	228496AC44B81BD035E5DAFA6C7298EAC436DBED
SHA-256:	B025E6D38777D7FFC9483E7EFBA2D0DA9766C99113E3441FE56D40A10B85D9D3
SHA-512:	7C0B791A504C1B666C9350A018A2E59C950CABE10832EEEBF88C47784908E8DBE09490E5F9D0A11A05E1200515BB8321E5730E3710EB79633661ED2006F57835
Malicious:	false
Preview:	PSMODULECACHE......w.e...a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Set-PackageSource........Unregister-PackageSource........Get-PackageSource........Install-Package........Save-Package........Get-Package........Find-Package........Install-PackageProvider........Import-PackageProvider........Get-PackageProvider........Register-PackageSource........Uninstall-Package........Find-PackageProvider........D..8.......C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Microsoft.PowerShell.Operation.Validation.psd1........Get-OperationValidation........Invoke-OperationValidation........PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	19636
Entropy (8bit):	5.5609303136217765
Encrypted:	false
SSDEEP:	384:Et9+XHq0/usaSD01KRYSBKnTYw5Q9QRbp6cQcpPTDEiqWJI5jw:dBaSDS4KTYwO9q8Rs4zWJl
MD5:	E1EFC42BE4A9B9F0A579636314EE85AD
SHA1:	4AE90D27313085028D6E5643B45AC2D15F2E1882
SHA-256:	ABD22A8C7A2F2330B6A3FDD328D07097B1B4494E60C41D9150FF105F93B1D3B7
SHA-512:	F524E684CF1C7A51441A9873A0FFB35C3C205C5159A5C9989EEE36A63C25E0ABB849E667E5D54072986CFF428766B3AD45F8697CC6805DFC39A11101C6FB6943
Malicious:	false
Preview:	@...e.......................].N.N....................@..........H...............<@.^.L."My...::..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)Z.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,......(.Microsoft.PowerShell.Commands.ManagementD..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\Matiexgoods.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	455680
Entropy (8bit):	5.4156534240521
Encrypted:	false
SSDEEP:	6144:L09yLLuWoujzz/DCBGNv5lToO7OsWXiOV:L09yLyWoujHDX5QO7OvXik
MD5:	80C61B903400B534858D047DD0919F0E
SHA1:	D0AB5400B74392308140642C75F0897E16A88D60
SHA-256:	25ADE9899C000A27570B527CFFC938EC9626978219EC8A086082B113CBE4F492
SHA-512:	B3216F0E4E95C7F50BCCBA5FDCCA2AD622A42379383BE855546FA1E0BAC41A6BEEA8226F8634AD5E0D8596169E0443494018BBE70B7052F094402AECAA038BCE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 46%, Browse Antivirus: ReversingLabs, Detection: 89%
Joe Sandbox View:	Filename: Orders.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`............................~.... ... ....@.. .......................`............@.................................$...W.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H............x..........x'...h.....................................................................................................................................................................RNK\ZJO@F.EYC.G.IOYKJ._R_CEESEPPlj}ez\|"hzfSn`ssdh~DNwq//M\`tdv`\|..;.....4......Ewqus._/.....V>..%9%(:&##b?`LLJN.56(,*:.}.2=4lwY_.............................................................................................................A.{YOLI..qAL.tTDY^..v^NY

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4e14qwxc.os0.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_awkr53h0.pdr.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fla1cgxx.qbm.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zllqa32j.uf3.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\hawkgoods.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	532992
Entropy (8bit):	6.507156751280516
Encrypted:	false
SSDEEP:	6144:DufqM5JXbS/QTjhUqBfxrwEnuNcSsm7IoYGW0VvBXCAt6kihwE+VDpJYWmlwnx9E:uJXQtqB5urTIoYWBQk1E+VF9mOx9Ei
MD5:	FFDB58533D5D1362E896E96FB6F02A95
SHA1:	D6E4A3CA253BFC372A9A3180B5887C716ED285C6
SHA-256:	B3D02FD5C69293DB419AC03CDF6396BD5E7765682FB3B2390454D9A52BA2CA88
SHA-512:	3AE6E49D3D728531201453A0BC27436B1A4305C8EF938B2CBB5E34EE45BB9A9A88CF2A41B08E4914FDA9A96BBAA48BD999A2D2F1DFFCD39761BB1F3620CA725F
Malicious:	true
Yara Hits:	Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: JPCERT/CC Incident Response Group
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Joe Sandbox View:	Filename: Orders.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.....................4........... ........@.. ....................................@.....................................O.... ...2...................`....................................................... ............... ..H............text........ ...................... ..`.rsrc....2... ...2..................@..@.reloc.......`....... ..............@..B........................H.......0}..\..............X...........................................2s..............0...........~......(......~....o....~....o..........9.......~....o.........+G~.....o......o........,)...........,.~.....~.....o....o.......................1.~.....~....o......o.....~....~....o....o......~.....(....s....o..........(............................0.. .........(....(..........(.....o..........................(......(.......o.......o.......o.......o.......R..(....o....o......

C:\Users\user\AppData\Local\Temp\holderwb.txt Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
File Type:	Little-endian UTF-16 Unicode text, with no line terminators
Category:	dropped
Size (bytes):	2
Entropy (8bit):	1.0
Encrypted:	false
SSDEEP:	3:Qn:Qn
MD5:	F3B25701FE362EC84616A93A45CE9998
SHA1:	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
SHA-256:	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
SHA-512:	98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
Malicious:	false
Preview:	..

C:\Users\user\AppData\Local\Temp\origigoods20.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	220672
Entropy (8bit):	6.057903449485828
Encrypted:	false
SSDEEP:	3072:SVQEat7UY8MnZGcqB5AyruUJ7XAzsNvEaEifv6yr9zRsc0qC4B0BUAE3vVAVvoUB:SytJqCUyQNX36yQqbB063cAUAW
MD5:	61DC57C6575E1F3F2AE14C1B332AD2FB
SHA1:	F52F34623048E5FD720E97A72EEDFD32358CD3A9
SHA-256:	1C7757EE223F2480FBC478AE2ECAF82E1D3C17F2E4D47581D3972416166C54AB
SHA-512:	81A7DB927F53660D3A04A161D5C18AAB17D676BCC7AE0738AB786D9BEE82B91016E54E6F70428AEC4087961744BE89B1511F9E07D8DABBE5C2A9D836722395A1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 43%, Browse Antivirus: ReversingLabs, Detection: 86%
Joe Sandbox View:	Filename: Orders.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.................V...........t... ........@.. ....................................@..................................t..O.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............\..............@..B.................t......H.........................................................................(......(.....s.........s.........s.........s............0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0............+......,........,........,.+.+...(....(.......0..(.........+......,........,........,.+.+..(....*.0..,.......

C:\Users\user\AppData\Local\Temp\origigoods40.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	221696
Entropy (8bit):	6.060343577776758
Encrypted:	false
SSDEEP:	3072:K9Wf3ouEAkhUxOCt+qqr3drw0tR5dUimnoSA7Mw4lY2hWYQQgGJrozRscS4+SOw6:KhuI3dlxUOt7IdWLOjCDUjU
MD5:	AE36F0D16230B9F41FFECBD3C5B1D660
SHA1:	88AFC2923D1EEFB70BAD3C0CD9304949954377EF
SHA-256:	CFAD1E486666FF3FB042BA0E9967634DE1065F1BBD505C61B3295E55705A2A50
SHA-512:	1E98AEE7DC693822113DCDE1446A5BED1C564B76EEF39F39F3A5D98D7D2099CF69AC92717A3297AFC7082203929F1E9437F21CB6BC690974A0EF6D6CF6E4393C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Metadefender, Detection: 43%, Browse Antivirus: ReversingLabs, Detection: 82%
Joe Sandbox View:	Filename: Orders.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`.................X..........>v... ........@.. ....................................@..................................u..S.......P............................................................................ ............... ..H............text...DV... ...X.................. ..`.rsrc...P............Z..............@..@.reloc...............`..............@..B................ v......H...........H.............................................................(......(.....s.........s.........s.........s............0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0..,.........+......,........,........,.+.+.~....o.....0............+......,........,........,.+.+...(....(.......0..(.........+......,........,........,.+.+..(....*.0..,.......

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1655808
Entropy (8bit):	7.9413063895946845
Encrypted:	false
SSDEEP:	49152:MWHaK9/4HLz1lxNIFSCLulcJVzF+gr6b0XVULw:v6KirHxNPUVO0FULw
MD5:	59D7D8D5DD3E0055E7C0DCC75897F569
SHA1:	B249B28D088D54E971E2D9D8B2688440F8E6D513
SHA-256:	EF715CD322F0A805A68840B215C062F2E254977170A11C6800D836EAC781FABB
SHA-512:	79EBC2A128D018EB7E71B254FDD2FA72DEAE18081F1732619046E1DB9D1AEE92F7529521C005A5F861275AFCBDA3A39FD304CD5E1A49DF848675460C5CF8F30D
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 20%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`..............0......D......N.... ... ....@.. ....................................@.....................................W.... ...A........................................................................... ............... ..H............text...T.... ...................... ..`.rsrc....A... ...B..................@..@.reloc...............B..............@..B................0.......H.......................9..............................................&...}....&...}....&...}.......#........}.....#........}......}......s....z..#........}.....#........}......}.....(......(/........~....~....o....o.............s....}......}.....(.......((....6.~....(....&&...}....:..r...p(.....:..r...p(.....:..r...p(.....:..r...p(.....:..r...p(.....:..r...p(.....:..r...p(.....:..r!..p(.....:..r%..p(.....:..r...p(.....:..r)..p(........(........(.....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe:Zone.Identifier Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\pid.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\hawkgoods.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	1.5
Encrypted:	false
SSDEEP:	3:Ezn:Ezn
MD5:	7A2347D96752880E3D58D72E9813CC14
SHA1:	1D3027412B106008F1A8094D747616D37F4AE1BB
SHA-256:	90F285F8FB15C8BC72A43D25CEA803491CC0FD0E97567CFF577A2CFA56CDE6F8
SHA-512:	96A7B7BE0B89097FC65BB75DD9B8B0DEB5063ED6990E27151A0A7E54C899AE69377E57ECB5728DFFAB657EE444244F833236F80EC6A98E449902DF9075C74ECE
Malicious:	false
Preview:	5440

C:\Users\user\AppData\Roaming\pidloc.txt Download File
Process:	C:\Users\user\AppData\Local\Temp\hawkgoods.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.6483674395583785
Encrypted:	false
SSDEEP:	3:oNerbJSRE2J5xAI4F:oNe0i23f8
MD5:	0CE4A330E42C174E8E8CF4D81C6F46A6
SHA1:	D9CA3AD5CD90643DF99808D5FF0EC0E89E891FE0
SHA-256:	94ABDE13F36EBE4B4AC81A712597439918788FD90339594FA1DDD679E7DAD70A
SHA-512:	CE3453726B73A7423C69D94E4784966A6AA08381ABE9585AA323D0D80FAF63B3A31508B7083C3FEC6AB2727112573733D498F4F78389D75F64DDF6BABE581943
Malicious:	false
Preview:	C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe

C:\Users\user\Documents\20210202\PowerShell_transcript.830021.dnDUrXav.20210202085254.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	4005
Entropy (8bit):	5.389111464999469
Encrypted:	false
SSDEEP:	96:BZ0x6KNWwkqDo1ZSzwMZ06KNWwkqDo1ZCSdC3UC3UW3gZ8:wXO
MD5:	38990FC46C9A4B38D38D5B6B446DA280
SHA1:	6BAB83EC68E0E3232CCB544F489D69026F3FAB9C
SHA-256:	5CF4E546B058149AC9BBAA1B3B2CB29FFDC75EA82CFF37F287D818A567B0476B
SHA-512:	821C9C1FE957904DCCB563AB386978D98D5DF5A6DBF5EF196B3C2DB2DA74BF0D4784195B36CFA8C8A3AF4748FFEDFA5B3EA8359E322BDFE39477EDDCA372B8B4
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210202085355..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 830021 (Microsoft Windows NT 10.0.17134.0)..Host Application: Powershell.exe -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'..Process ID: 6908..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210202085355..********************..PS>Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.e

C:\Users\user\Documents\20210202\PowerShell_transcript.830021.vpu_jBUU.20210202085147.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1217
Entropy (8bit):	5.237238445417744
Encrypted:	false
SSDEEP:	24:BxSAIdZOvBdaD+x2DOXCgxluVM5wWOHjeTKKjX4CIym1ZJX+luVM5lnxSAZa:BZHv6KoO/uojOqDYB1Zouo5ZZa
MD5:	D400773C1D3FF7015F2BCC822734162A
SHA1:	299A9A913AEFDF415CB5515F9A09B05161264DEF
SHA-256:	37EBF08DC01B50660C9218D9FB98992D216DE77186933DC3E016B003328F07DF
SHA-512:	B221B385406A51229AF6D022D209DDFE86BEA4DFF6E183B790307C18CDBE4C71633FD794C8AF13BBF825416732F6B38BBEE356F43D3D9C8DC384780BD5F5492F
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210202085211..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 830021 (Microsoft Windows NT 10.0.17134.0)..Host Application: Powershell.exe -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'..Process ID: 5904..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210202085211..********************..PS>Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.ex

C:\Users\user\Documents\Matiex Keylogger\Screenshot.png Download File
Process:	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe
File Type:	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	4898647
Entropy (8bit):	7.944487996146186
Encrypted:	false
SSDEEP:	98304:6HSa5z1aE+hDBoHSa5z1aE+hD2eHSa5z1aE+hD2eHSa5z1aE+hD2eHSa5z1aE+h/:nkz3Ckz3dkz3dkz3dkz3akz3W
MD5:	8C4D34A23BB01B274B0281197BAD0E4C
SHA1:	AC9D537B161FCC2DEB326716CC499029D67A1EBD
SHA-256:	0B756492D0BA32BC2DB803986371A08AA9A5D6A46C859E3CA7204D12D1CBB123
SHA-512:	509D9D5D2A1F8EEBCC39D5568E5875635C4D3C78552539270F96894230246EB1ADD6021A202043DE1605F4BB70E3AF16DC741240253C7499C24FEFD3BE865582
Malicious:	false
Preview:	.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....mGY.....__@.)..=t..y.. .....'.....A:R.$!.@z%.B.-....J...B...).R@Hg......;k.].....u}...)...{.g.l..=.-.........==kw.....e..~3bm.{.q..Zv.O.];v.o...{........cB:.+e....A.@.....l....vv."...Sv.5....]..X......Y.]...0~..#..c'......og.kc!k./h'.m...b..e..-HWG..U)]..2#.......^..g.vw.l..]...'.k.b.lz...c<.....oF.s!CR...a.{z......b@;%.zf.{+b..y!g...;.sw[......Q..>C.vv>.c...&>...7<........hm..7k{.V.=3...){>..b...=.4..f/{=.@.=..C.....d.$6q~.A....-....vo......w.n...O............!.;H9......w.........]..ac.Pvv.Q....bc..........7...........S.W?..y."6.E}e.W.H?.Bm;X..,-..........i..dN.2r.S..h%....'..........7?3.c.@.p...)N.YL.!P.[..y..3e..E.T.o.......f.....g.Q.[..=....@}.Gr....@.}:V.`.+.0..\|C.............!.;H9......w.........N.bc.P.\....Z`i......c...Z?.}T......J..g[.m..{..e...a..p.`...z...?!....0..psl..(..;.....N..`..........`.D.LjO'.....b.[p2..%"....-..b.?..q.\.....1.

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.9413063895946845
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	PO_Invoices_pdf.exe
File size:	1655808
MD5:	59d7d8d5dd3e0055e7c0dcc75897f569
SHA1:	b249b28d088d54e971e2d9d8b2688440f8e6d513
SHA256:	ef715cd322f0a805a68840b215c062f2e254977170a11c6800d836eac781fabb
SHA512:	79ebc2a128d018eb7e71b254fdd2fa72deae18081f1732619046e1db9d1aee92f7529521c005a5f861275afcbda3a39fd304cd5e1a49df848675460c5cf8f30d
SSDEEP:	49152:MWHaK9/4HLz1lxNIFSCLulcJVzF+gr6b0XVULw:v6KirHxNPUVO0FULw
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............0......D......N.... ... ....@.. ....................................@................................

File Icon


Icon Hash:	d0d2f8ccf6c4dad8

Static PE Info

General
Entrypoint:	0x591c4e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x601882D9 [Mon Feb 1 22:38:17 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x191bf4	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x192000	0x4186	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x198000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x18fc54	0x18fe00	False	0.788759670991	data	7.94835272626	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0x192000	0x4186	0x4200	False	0.507634943182	data	5.48483136325	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x198000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0x192190	0x468	GLS_BINARY_LSB_FIRST
RT_ICON	0x1925f8	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4286386453, next used block 4285534489
RT_ICON	0x1936a0	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4278198588, next used block 4278263872
RT_GROUP_ICON	0x195c48	0x30	data
RT_VERSION	0x195c78	0x324	data
RT_MANIFEST	0x195f9c	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Copyright (C) 2017
Assembly Version	7.2.12.13
InternalName	Foxmail.exe
FileVersion	7.2.12.13
CompanyName	Tencent Inc.
Comments	Foxmail 7.2
ProductName	Foxmail 7.2
ProductVersion	7.2.12.13
FileDescription	Foxmail
OriginalFilename	Foxmail.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
02/02/21-08:51:54.127437	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49729	104.16.155.36	192.168.2.7
02/02/21-08:51:54.375992	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49729	104.16.155.36	192.168.2.7
02/02/21-08:53:01.225853	TCP	1201	ATTACK-RESPONSES 403 Forbidden	80	49769	104.16.155.36	192.168.2.7

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2021 08:51:54.033477068 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:51:54.073527098 CET	80	49729	104.16.155.36	192.168.2.7
Feb 2, 2021 08:51:54.073673964 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:51:54.075356960 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:51:54.115274906 CET	80	49729	104.16.155.36	192.168.2.7
Feb 2, 2021 08:51:54.127437115 CET	80	49729	104.16.155.36	192.168.2.7
Feb 2, 2021 08:51:54.347234964 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:51:54.375992060 CET	80	49729	104.16.155.36	192.168.2.7
Feb 2, 2021 08:51:54.376856089 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:52:04.636801958 CET	49731	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:04.696549892 CET	80	49731	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:04.696633101 CET	49731	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:04.697185040 CET	49731	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:04.757730961 CET	80	49731	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:04.757770061 CET	80	49731	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:04.757795095 CET	80	49731	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:04.757899046 CET	49731	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:04.758519888 CET	49731	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:04.817929983 CET	80	49731	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:05.157845974 CET	49732	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:05.216881037 CET	80	49732	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:05.217084885 CET	49732	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:05.217569113 CET	49732	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:05.276770115 CET	80	49732	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:05.276901960 CET	80	49732	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:05.276920080 CET	80	49732	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:05.276995897 CET	49732	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:05.277327061 CET	49732	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:05.338064909 CET	80	49732	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.048981905 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.095045090 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.095906973 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.155304909 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.201467037 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.208401918 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.208453894 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.208547115 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.221199989 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.268449068 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.269627094 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.317687988 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.393908024 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.439867020 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.497458935 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.551959991 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.723737001 CET	49734	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:13.783137083 CET	80	49734	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.783849001 CET	49734	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:13.783994913 CET	49734	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:13.844903946 CET	80	49734	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.845175028 CET	80	49734	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.845184088 CET	80	49734	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.845391035 CET	49734	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:13.845911980 CET	49734	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:13.846653938 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:13.892366886 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.905188084 CET	80	49734	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:13.925117970 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:13.973860979 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:14.101875067 CET	49735	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.161318064 CET	80	49735	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.162257910 CET	49735	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.162292004 CET	49735	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.221921921 CET	80	49735	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.221944094 CET	80	49735	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.221972942 CET	80	49735	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.222125053 CET	49735	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.222654104 CET	49735	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.223448992 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:14.282454967 CET	80	49735	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.286712885 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:52:14.333252907 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:52:14.451637030 CET	49736	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.510814905 CET	80	49736	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.510978937 CET	49736	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.511794090 CET	49736	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.571150064 CET	80	49736	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.571176052 CET	80	49736	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.571185112 CET	80	49736	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:14.571312904 CET	49736	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.571866989 CET	49736	80	192.168.2.7	131.186.113.70
Feb 2, 2021 08:52:14.632783890 CET	80	49736	131.186.113.70	192.168.2.7
Feb 2, 2021 08:52:22.430808067 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.430866003 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.621337891 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.621368885 CET	587	49741	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.621531963 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.621571064 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.646863937 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.813158989 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.813167095 CET	587	49741	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.813273907 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.813688993 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.837110043 CET	587	49741	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.837198019 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.837585926 CET	587	49741	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:22.837647915 CET	49741	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:22.881418943 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.003695965 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.004148006 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.004281998 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.074987888 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.075525045 CET	587	49740	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.076524019 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.076555014 CET	49740	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.402386904 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.592878103 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.593267918 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.785701990 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.786706924 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.898519039 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:23.979491949 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.980775118 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:23.980855942 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:24.088573933 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:24.088776112 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:24.089200020 CET	587	49742	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:24.090730906 CET	49742	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:24.644525051 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:24.835292101 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:24.835530043 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.029432058 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.030982018 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.054349899 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.223633051 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.224092007 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.224190950 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.246577978 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.246695995 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.247078896 CET	587	49743	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.247153997 CET	49743	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.673593044 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:25.864118099 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:25.864749908 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.059046984 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.059510946 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.249663115 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.250122070 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.251414061 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.272392035 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.441719055 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.441852093 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.462662935 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.462909937 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:26.463119984 CET	587	49744	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:26.463813066 CET	49744	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.214627981 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.405355930 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.405697107 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.599121094 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.599586964 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.616054058 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.791465998 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.791764021 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.791976929 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.808559895 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.808686972 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:27.809032917 CET	587	49745	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:27.809113979 CET	49745	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:28.548563004 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:28.750631094 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:28.750818968 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:28.954073906 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:28.984247923 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.188133001 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.188302040 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.188587904 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.390053034 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.443900108 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.469114065 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.650768995 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.672576904 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.675661087 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.675695896 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.675719023 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.675789118 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.675849915 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.853066921 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.853096008 CET	587	49746	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:29.853130102 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:29.853163958 CET	49746	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:30.339466095 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:30.529767036 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:30.529936075 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:30.722702980 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:30.723046064 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:30.912913084 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:30.913746119 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:30.914057970 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:31.104008913 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.104806900 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:31.295085907 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.296674967 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.296699047 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.296721935 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.296775103 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:31.350275993 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:31.487548113 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.507309914 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:31.699798107 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.700875998 CET	587	49747	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:31.703349113 CET	49747	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:32.106787920 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:32.297220945 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:32.297470093 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:32.490869999 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:32.491282940 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:32.681353092 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:32.681601048 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:32.682013988 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:32.872016907 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:32.874581099 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.066750050 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.068389893 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.068447113 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.068486929 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.068741083 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.258889914 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.263528109 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.413759947 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.453689098 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.454690933 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.454705000 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.454807997 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.454961061 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.603775978 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.603956938 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:33.604312897 CET	587	49748	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:33.604477882 CET	49748	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:34.045909882 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:34.236255884 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:34.236366987 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:34.427877903 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:34.428292990 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:34.618257999 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:34.618705034 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:34.620052099 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:34.809961081 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:34.810710907 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.002409935 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.003844023 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.003885031 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.003916025 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.003966093 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.053812981 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.193767071 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.197427034 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.387316942 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.388626099 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.388665915 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.388808012 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.464577913 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:35.654637098 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.654838085 CET	587	49750	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:35.655016899 CET	49750	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:36.229115963 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:36.420160055 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:36.420320988 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:36.613873005 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:36.614547968 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:36.804652929 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:36.804939985 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:36.805289984 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:36.996551037 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:36.999145985 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.191437960 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.191489935 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.191627979 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.193527937 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.195100069 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.351351023 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.383682966 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.383728981 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.385188103 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.385380030 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.386022091 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.476883888 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.542326927 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.542467117 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.576432943 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.579998970 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.581418991 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.669040918 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.669630051 CET	587	49751	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.669756889 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.669786930 CET	49751	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.736371040 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.737236977 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:37.927617073 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.928690910 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:37.929166079 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.089505911 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.122827053 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.124461889 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.291722059 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.291889906 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.316478014 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.316548109 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.316587925 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.316621065 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.316822052 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.316857100 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.321955919 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.495201111 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.495958090 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.512725115 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.513864994 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.513885975 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.513989925 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.566257000 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.698401928 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.698676109 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.705585957 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.756731033 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.757205009 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.758481026 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.909257889 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.910059929 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:38.951766014 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.952797890 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:38.962214947 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.114249945 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.114456892 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.114474058 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.114723921 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.118526936 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.141974926 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.154263973 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.157123089 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.158314943 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.320178986 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.320194960 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.345688105 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.346296072 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.347124100 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.350405931 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.354509115 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.355364084 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.545679092 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.550393105 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.552215099 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.553194046 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.572391033 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.573040009 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.617885113 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.756247044 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.759799004 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.760261059 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.764766932 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.765625000 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.769747972 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.769990921 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.770742893 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.770997047 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.771013021 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.771146059 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.771157980 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.771462917 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.819475889 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.819983959 CET	587	49753	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.820153952 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.820183992 CET	49753	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:39.962949038 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.963339090 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.964051962 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.964076996 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.964086056 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.964464903 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:39.981286049 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.024013042 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.256942034 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.291723967 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:52:40.328891039 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.334161997 CET	80	49729	104.16.155.36	192.168.2.7
Feb 2, 2021 08:52:40.334317923 CET	49729	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:52:40.358159065 CET	49755	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.447938919 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.448321104 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.520086050 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.520837069 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.520863056 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.520916939 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.532963991 CET	49752	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.550403118 CET	587	49755	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.550625086 CET	49755	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.640491962 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.640836954 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.691412926 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.724359035 CET	587	49752	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.742924929 CET	587	49755	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.743376017 CET	49755	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.831351995 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.832242012 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.833101988 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.881939888 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.882049084 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:40.936039925 CET	587	49755	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.936414957 CET	587	49755	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:40.992053986 CET	49755	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.023488045 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.024003983 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.073451996 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.073873043 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.214411020 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.214596987 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.214618921 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.214813948 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.216622114 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.217236042 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.264036894 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.264448881 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.264954090 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.406897068 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.406933069 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.407437086 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.413497925 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.414179087 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.454988003 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.463581085 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.606956005 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.608880997 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.609642029 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.656322002 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.656367064 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.656431913 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.656608105 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.658598900 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.673217058 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.800158978 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.803096056 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.804990053 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.848572969 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.848603010 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.863375902 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.863805056 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:41.864960909 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.870376110 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:41.998181105 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.001641989 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.002289057 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.057431936 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.058768988 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.059397936 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.063127995 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.063777924 CET	587	49754	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.063954115 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.064026117 CET	49754	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.249540091 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.252170086 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.256102085 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.422523975 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.446090937 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.449372053 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.484720945 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.613375902 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.613667965 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.677246094 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.700731993 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.701407909 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.805581093 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.808633089 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.891660929 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.892393112 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:42.893728018 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.894661903 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.894682884 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.895026922 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.895417929 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.895958900 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.895992994 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:42.896466970 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.000708103 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.001002073 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.001396894 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.083698034 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.084450960 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.084772110 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.084800005 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.085225105 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.085834026 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.085920095 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.086299896 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.094487906 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.148439884 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.191638947 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.192512989 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.211118937 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.384833097 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.384887934 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.384922028 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.385478973 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.390183926 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.390276909 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.402939081 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.403587103 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.403624058 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.404432058 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.404468060 CET	49756	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.543011904 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.580475092 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.580507994 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.580553055 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.581248999 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.581876993 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.594563961 CET	587	49756	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.735758066 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.735971928 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.774776936 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.776567936 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.777096033 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.927926064 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.928359985 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:43.968168020 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.978843927 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:43.979446888 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.118529081 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.119829893 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.120193958 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.169794083 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.173854113 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.174510956 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.180685043 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.310609102 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.311388969 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.364909887 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.371090889 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.393611908 CET	587	49757	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.393690109 CET	49757	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.501621962 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.501782894 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.501867056 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.502075911 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.505145073 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.506724119 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.695470095 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.695513010 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.696906090 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.697263956 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.708744049 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:44.898935080 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.900060892 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:44.900870085 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.033592939 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.091104984 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.093123913 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.093544960 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.224236012 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.224385023 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.283759117 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.284461021 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.284976959 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.416155100 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.416457891 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.475178003 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.499319077 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.503732920 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.606628895 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.606834888 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.607120991 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.693933010 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.695626020 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.742109060 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:45.799350977 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:45.851524115 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.006593943 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.006700039 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.006804943 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.006928921 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.007040977 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.007123947 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.007205009 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.007287025 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.008215904 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.198745966 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.199147940 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.200407028 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.200431108 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.204071999 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.205136061 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.206247091 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.210243940 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.211616993 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.395510912 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.395533085 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.396709919 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.397103071 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.399458885 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.401722908 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.403373957 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.403388977 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.403517962 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.404187918 CET	49758	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.589608908 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.592832088 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.594245911 CET	587	49758	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.613693953 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.615360975 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:46.803877115 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.805536032 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.807553053 CET	587	49759	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:46.807677984 CET	49759	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.408137083 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.609945059 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:47.610145092 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.649010897 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.812969923 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:47.813316107 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.839474916 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:47.839670897 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:47.871083975 CET	49755	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.014857054 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.015526056 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.015924931 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.031583071 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.031898022 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.217470884 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.218198061 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.222208977 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.222242117 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.225008965 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.414846897 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.415393114 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.419785976 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.419965982 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.420075893 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.420161963 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.421504974 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.422455072 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.607882023 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.607908964 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.607922077 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.608772039 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.609692097 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.610680103 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.624869108 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.624885082 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.625958920 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.625994921 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.626527071 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.799678087 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.799705029 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.801212072 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.802398920 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.802918911 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.829514027 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.831700087 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.832418919 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:48.996751070 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.997478008 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:48.997936964 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.034976959 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.037666082 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.038125992 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.188281059 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.191695929 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.223923922 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.243946075 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.247885942 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.248429060 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.413829088 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.414645910 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.415080070 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.454269886 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.482886076 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.483330965 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.604935884 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.629321098 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.629776955 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.685448885 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.686556101 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.687300920 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.687506914 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.687805891 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.688038111 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.688206911 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.688339949 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.688457012 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.688579082 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.819562912 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.820380926 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.821553946 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:49.890578985 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.890944004 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.890958071 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.891490936 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.891515970 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.899410963 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:49.945641994 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.012770891 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.012913942 CET	587	49761	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.013000965 CET	49761	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.373184919 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.433300018 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.575320005 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.576147079 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.576178074 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.576271057 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.577172041 CET	49760	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.623851061 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.627299070 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.708401918 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.780431032 CET	587	49760	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.819664001 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.819951057 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:50.898982048 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:50.899163961 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.012921095 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.013494968 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.015211105 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.091154099 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.091501951 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.207123995 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.207644939 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.281626940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.282040119 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.282620907 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.397699118 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.397723913 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.397799015 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.397893906 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.399766922 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.400739908 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.472697020 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.473261118 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.590225935 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.590280056 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.590931892 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.591341019 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.591895103 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.663372040 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.663435936 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.663543940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.663676977 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.665920019 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.666897058 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.781949043 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.783520937 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.784267902 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.856020927 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.856074095 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.856911898 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.857275009 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.858023882 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:51.974910975 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.977452993 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:51.978122950 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.050184965 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.051203966 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.052613974 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.168143988 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.171224117 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.171741962 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.242726088 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.245039940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.245719910 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.363264084 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.388606071 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.389321089 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.435751915 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.436444998 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.436901093 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.581518888 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.582205057 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.582750082 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583067894 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583228111 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583365917 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583511114 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583646059 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.583785057 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.629154921 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.652692080 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.653085947 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.772854090 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.772957087 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.772960901 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773156881 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.773313046 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.773363113 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773468971 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.773521900 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773618937 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.773652077 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773679972 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773686886 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.773751020 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.773797035 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.774053097 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.843138933 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.844162941 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.844852924 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.845211029 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.845415115 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.845633030 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.899322987 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.964313984 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.964409113 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.964556932 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.965533018 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.965553045 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.965564013 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.965581894 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:52.965622902 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.965639114 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:52.965703964 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.037092924 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.037239075 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.037467957 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.037487030 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.037528992 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.091675997 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.091793060 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.154759884 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.154782057 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.154894114 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.155580997 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.155659914 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.155735970 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.155750036 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.155786991 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.155814886 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.155853987 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.155865908 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.155883074 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.227684975 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.227814913 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.282006025 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.282129049 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.315840960 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.346841097 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.347016096 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.347894907 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.347980976 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.348000050 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.348021984 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.348351955 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.381727934 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.381961107 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.417980909 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.418154955 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.474466085 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.474539995 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.474667072 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.508261919 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.508476973 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.539225101 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.539279938 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.539977074 CET	587	49762	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.540155888 CET	49762	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.574142933 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.574246883 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.608618021 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.608642101 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.608655930 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.608700037 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.608747005 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.608778000 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.608843088 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.664902925 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.664947987 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.665010929 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.665036917 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.665051937 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.665069103 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.665128946 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.665149927 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.665214062 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.665244102 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.665323973 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.665441990 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.700566053 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.700826883 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.764574051 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.764621973 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.764708042 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.764756918 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.799060106 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799108028 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799149990 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799192905 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.799240112 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.799333096 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799376011 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799387932 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.799387932 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799438000 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.799549103 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.799591064 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.855685949 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.855735064 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.855823994 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.855864048 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.855899096 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.855938911 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.855957985 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.855967999 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.855984926 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.856023073 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.856219053 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.856250048 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.856389046 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.856498003 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.856553078 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.891479015 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.891614914 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.891880035 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.954978943 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.955080032 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.955187082 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.955302000 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.955352068 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.955421925 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.989734888 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.989779949 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.989849091 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.989921093 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.989981890 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.990108013 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.990123034 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.990228891 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:53.990236044 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:53.990304947 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046278954 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046322107 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046391010 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046422958 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046430111 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046502113 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046622992 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046652079 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046680927 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046721935 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.046727896 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.046787977 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.047009945 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.047038078 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.047051907 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.047069073 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.047118902 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.047122955 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.047240973 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.082276106 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.083157063 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.145524979 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.145554066 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.145735979 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.145771027 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.145839930 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.180049896 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.180069923 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.180159092 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.180174112 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.180282116 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.180378914 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.180430889 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.180449963 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.180505991 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.236912966 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.236954927 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.237027884 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.237035036 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.237076998 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.237107038 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.237185001 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.237257004 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.237448931 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.237494946 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.237574100 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.237601042 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.273479939 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.273646116 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.273658991 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.273711920 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.275144100 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.275968075 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.337405920 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.337486029 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.337701082 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.337718964 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.337773085 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.337819099 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.337971926 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.338054895 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.372267008 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.372298956 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.372349977 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.372396946 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.372855902 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.372906923 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.372958899 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.372991085 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.427294016 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427314043 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427452087 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.427567959 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427640915 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.427706003 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427757978 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.427803040 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427855015 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.427872896 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.427925110 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.428080082 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.428143978 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.428158998 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.428209066 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.467257023 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.467308998 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.468228102 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.468688011 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.469050884 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.527914047 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.527935028 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.527981043 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.528033018 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.528090954 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.528103113 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.528175116 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.528238058 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.562673092 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.562721968 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.562757015 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.562797070 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.562851906 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.563028097 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.563057899 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.563127041 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.563144922 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.563251019 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.563256979 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.563380957 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.617641926 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.617755890 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.617913961 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.617921114 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.617932081 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.618035078 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.618217945 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.621283054 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.659368038 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.660650015 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.661741972 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.718214035 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.718266964 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.718295097 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.718346119 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.718354940 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.718419075 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.718451977 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.753119946 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753145933 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753154039 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753254890 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753288984 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.753334045 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.753381014 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.753460884 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753529072 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.753609896 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.808031082 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.808063984 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.808188915 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.808378935 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.808408022 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.808559895 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.811501026 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.811528921 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.811618090 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.811628103 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.811666965 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.811810970 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.853123903 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.855747938 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.858700037 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.908588886 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.908622026 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.908680916 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.908827066 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.908875942 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.908965111 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.911945105 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.943443060 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.943475962 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.943492889 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.943569899 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.943636894 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:54.943810940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:54.943928957 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.000838041 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.000881910 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.000910044 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.001020908 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.001068115 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.001288891 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.002193928 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.003576994 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.003649950 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.003737926 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.004302979 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.004359007 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.050959110 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.051724911 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.052313089 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.098985910 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.099008083 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.099020958 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.099121094 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.102255106 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.102514982 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.133991957 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.134083986 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.134243965 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.134393930 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.134888887 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.191278934 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.191422939 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.191509008 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.191526890 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.191581011 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.191618919 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.191680908 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.191828012 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.192163944 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.192362070 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.192420959 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.192481995 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.192526102 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.193860054 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.193977118 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.194394112 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.205002069 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.242640018 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.268486977 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.269196033 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.289314032 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.289336920 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.289453030 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.289515972 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.292678118 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.292815924 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.324512959 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.324548960 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.324568033 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.324635983 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.324651003 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.324706078 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.324747086 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.324934006 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.325006008 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.325054884 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.325120926 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.325144053 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.325226068 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.381659031 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382155895 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382194996 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382287979 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.382349968 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.382478952 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382545948 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.382580042 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382616997 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.382632971 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.383124113 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.383332968 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.395255089 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.395284891 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.395416975 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.459546089 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.460845947 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.461358070 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.461791039 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.461817980 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.462310076 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.462332010 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.462644100 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.462667942 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.479728937 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.479760885 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.479882002 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.483262062 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.483403921 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.514864922 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.514899015 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.514916897 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.514992952 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.515002012 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.515069962 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.515081882 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.515247107 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.515388012 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.572482109 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.572587967 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.572606087 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.572654009 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.572715998 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.572793007 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.572925091 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.572957039 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.573018074 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.573082924 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.573131084 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.573424101 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.573488951 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.585623026 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.585643053 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.585762978 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.585802078 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.654903889 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.654933929 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.654952049 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.654968023 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.654980898 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.654994965 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.655081987 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.655107975 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.655524969 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.670037985 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.670062065 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.670074940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.670119047 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.670171976 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.673516035 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.673644066 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.705322981 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.705360889 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.705378056 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.705410957 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.705481052 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.705491066 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.705545902 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.705562115 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.705694914 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.707118034 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.762787104 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.762816906 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.762835026 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.762919903 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.762968063 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.763053894 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.763119936 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.763191938 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.763223886 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.763354063 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.763520956 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.763590097 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.765044928 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.776027918 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.776132107 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.845468998 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.845496893 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.845511913 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.845592022 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.845628977 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.845873117 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.847479105 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.860219955 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.860246897 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.860296011 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.860372066 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.860413074 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.863842964 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.863940001 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.895797014 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.895816088 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.895827055 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.895860910 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.895925999 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.895979881 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.897501945 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.897546053 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.897583961 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.897588968 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.897638083 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.897677898 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.953140974 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.953191042 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.953208923 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.953288078 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.953330994 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.953335047 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.953696966 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.953752995 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.953787088 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.955113888 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.955188036 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:55.966418982 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:55.966563940 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.035975933 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.036010981 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.036026001 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.036107063 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.036153078 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.036173105 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.036200047 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.036223888 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.036247015 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.036299944 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.037740946 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.037851095 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.037859917 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.050465107 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.050482035 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.050560951 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.053973913 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.055865049 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.088305950 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.088347912 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.088375092 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.088557959 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.089019060 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.089098930 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.089905024 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.089936972 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.090157986 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.143534899 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.143985987 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.144131899 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.144579887 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.144593954 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.144682884 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.146606922 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.146678925 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.146707058 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.146955013 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.147413015 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.158906937 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.158958912 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.159030914 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.159065962 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.226568937 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226596117 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226608992 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226650953 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226697922 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.226716042 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.226771116 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226782084 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226850033 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226932049 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.226969957 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.227010012 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.228173018 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.240686893 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.240703106 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.240732908 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.240770102 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.240812063 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.246700048 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.246786118 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.279198885 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.279223919 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.279247999 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.279335976 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.279371977 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.279546976 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.279607058 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.280730009 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.280749083 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.280796051 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.280831099 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.334460020 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.334598064 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.334918022 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.335011959 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.335310936 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.335314989 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.335377932 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.337122917 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.337153912 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.337615013 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.337738991 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.338095903 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.349654913 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.349678040 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.349787951 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.349824905 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.368639946 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.417117119 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.417140007 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.417150974 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.420217991 CET	587	49764	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.420308113 CET	49764	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.431689978 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.431714058 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.431725025 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.431736946 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.431811094 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.437232971 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.437339067 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.469877005 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.469902992 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.469918966 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.469934940 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.469991922 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.470048904 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.470793962 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.470907927 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.470921993 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.470968962 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.524780989 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.524801016 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.524933100 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.525028944 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.525115013 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.525192976 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.525240898 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.525331020 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.525434017 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.525511026 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.527821064 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.527838945 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.527905941 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.528073072 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.528212070 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.540036917 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.540319920 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.560144901 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.560277939 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.622126102 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.622164011 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.622306108 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.628705025 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.628810883 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.662326097 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.662364960 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.662388086 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.662494898 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.662537098 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.662947893 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.663263083 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.715454102 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.715495110 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.715555906 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.715718031 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.715811968 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.717473030 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.718281984 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.718295097 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.730515003 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.730536938 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.752723932 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.753062010 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.812972069 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.813003063 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.813021898 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.819120884 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.852648020 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.852678061 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.852699041 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.852715969 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.853357077 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.906847954 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.907290936 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.923122883 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.943370104 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.944964886 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:56.945434093 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:56.956469059 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.136822939 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.137526035 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.147849083 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.147872925 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.147887945 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.147979021 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.330049992 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.330085993 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.330187082 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.333110094 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.335166931 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.523682117 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.523710966 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.527065992 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.530230045 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.532537937 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.722795010 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.723947048 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.725497961 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:57.915913105 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.918307066 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:57.918904066 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.111818075 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.112525940 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.113292933 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.305479050 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.327560902 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.329319954 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.519443035 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.520404100 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.520832062 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.520931959 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.521039963 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.521136999 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.521248102 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.521338940 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.521476030 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711370945 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711401939 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711417913 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711431980 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711505890 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711582899 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711592913 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711652994 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.711661100 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711668015 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711746931 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.711754084 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.901910067 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.901931047 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.901946068 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:58.902041912 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:58.902081966 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.069470882 CET	49763	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.092609882 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.092643976 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.092658997 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.092792988 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.092844963 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.092997074 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.093086958 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.262000084 CET	587	49763	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.287219048 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.287246943 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.287264109 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.287453890 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.330172062 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.478461981 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.478497982 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.479264975 CET	587	49765	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.479350090 CET	49765	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.489454985 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.533768892 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.534924030 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.691487074 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.693167925 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.741539001 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.744452953 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.900674105 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.916116953 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:52:59.948331118 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.948602915 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:52:59.948976994 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.122117996 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.122152090 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.122442961 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.152375937 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.152971983 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.325570107 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.326201916 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.355024099 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.355071068 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.355087996 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.355202913 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.358257055 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.358903885 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.530165911 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.530198097 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.530217886 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.530503035 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.532411098 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.533612013 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.560260057 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.560296059 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.560920000 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.560952902 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.561496973 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.737418890 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.737459898 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.738226891 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.741179943 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.742774963 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.766258955 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.768234015 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.769064903 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.944195032 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.945620060 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.948827982 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:00.973993063 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.975353003 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:00.976488113 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.121990919 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:53:01.150268078 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.153805971 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.155014038 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.161995888 CET	80	49769	104.16.155.36	192.168.2.7
Feb 2, 2021 08:53:01.162293911 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:53:01.163186073 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:53:01.178184986 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.180406094 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.181188107 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.203068972 CET	80	49769	104.16.155.36	192.168.2.7
Feb 2, 2021 08:53:01.225852966 CET	80	49769	104.16.155.36	192.168.2.7
Feb 2, 2021 08:53:01.274698973 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:53:01.356380939 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.357656956 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.358402967 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.383318901 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.408854008 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.409656048 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.561526060 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.599653959 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.602828026 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.613285065 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.614170074 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.614928961 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.615118027 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.615351915 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.615611076 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.615788937 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.615943909 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.616064072 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.616204977 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.806787014 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.807962894 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.808814049 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.808842897 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.809066057 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.809076071 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.809370995 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.809396029 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.812056065 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:01.816483974 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.816555023 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.816853046 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.816997051 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.817205906 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.817351103 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.817433119 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.817573071 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.829643011 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:01.831293106 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.010365009 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.010390043 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.010472059 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.010567904 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.010652065 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.010715961 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.010727882 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.013509989 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.013744116 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.013766050 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.032880068 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.033890963 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.033905029 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.034076929 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.034987926 CET	49767	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.211903095 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.211993933 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.212068081 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.212148905 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.212150097 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.212207079 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.212219954 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.215199947 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.215495110 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.235460043 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.236502886 CET	587	49767	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.413611889 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.413642883 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.413656950 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.413769960 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.413870096 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.416920900 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.417094946 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.425759077 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.426013947 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.615247965 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.615288019 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.615303040 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.615322113 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.615396023 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.615405083 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.615446091 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.618752956 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.618789911 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.618803024 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.618820906 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.619087934 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.808933973 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.809268951 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.815468073 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:02.819407940 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.819482088 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.820132017 CET	587	49768	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:02.820213079 CET	49768	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.005538940 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.056090117 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.175318003 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.365288019 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.365562916 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.365616083 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.365701914 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.366789103 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.367573977 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.556510925 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.556539059 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.557416916 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.558773041 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.561359882 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.751610994 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.753734112 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.756453991 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:03.948369026 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.950861931 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:03.952181101 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:04.142038107 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:04.143091917 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:04.197663069 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:04.573515892 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:04.763379097 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:04.786597013 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:04.787069082 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:04.979701042 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:04.980364084 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.033041954 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.347944975 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348053932 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348162889 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348279953 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348419905 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348496914 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348582029 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.348680973 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.537904024 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.537952900 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.538064003 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.538110018 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.538146019 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.538280010 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.547821999 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.548691034 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.738526106 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.739231110 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.739248991 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:05.739993095 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.740031958 CET	49770	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:05.929836035 CET	587	49770	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.129672050 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:06.320586920 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.320779085 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:06.514214993 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.514597893 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:06.704411983 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.704798937 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.705087900 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:06.894906998 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:06.895612955 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.087703943 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.087738037 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.088159084 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.091908932 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.092698097 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.281861067 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.281893015 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.282468081 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.282990932 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.284193993 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.474126101 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.476145029 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.476942062 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.667062044 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.672916889 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.673640013 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:07.863591909 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.864939928 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:07.865417957 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.055368900 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.078552008 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.079104900 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.269059896 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.269702911 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.270545959 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.270740986 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.270900965 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.271068096 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.271258116 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.271408081 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.271533966 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.271650076 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.460463047 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.460489988 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.460540056 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.460704088 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.461002111 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.461062908 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.461224079 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.461302996 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.479899883 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:08.525266886 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:08.857587099 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.047523022 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.048095942 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.048115015 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.048197031 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.048902988 CET	49771	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.240776062 CET	587	49771	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.283133984 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.475832939 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.475999117 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.670850992 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.671189070 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:09.863368034 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.863631010 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:09.863991976 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.054274082 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.054830074 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.246426105 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.246450901 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.246550083 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.248014927 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.248902082 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.441263914 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.441294909 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.442198992 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.442450047 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.442857027 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.633177042 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.634296894 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.637191057 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:10.827589989 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.830498934 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:10.830955982 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.021461964 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.022128105 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.022584915 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.215308905 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.234529018 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.234970093 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.425368071 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.426081896 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.426743984 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.426928997 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.427146912 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.427340984 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.481211901 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.617258072 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.617374897 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.617510080 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.617568970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.617633104 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.671833038 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.671946049 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.807995081 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.808125973 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:11.862375975 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:11.862528086 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.000587940 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.000760078 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.055372953 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.055388927 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.055481911 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.055725098 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.055809021 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.055845022 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.056036949 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.191349030 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.193566084 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.246680975 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.246710062 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.246725082 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.246826887 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.246884108 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.246953964 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.247122049 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.384077072 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.384145021 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.384202957 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.384253979 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.437185049 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.437279940 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.437407970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.437602043 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.437676907 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.437736988 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.437779903 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.437810898 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.437869072 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.437971115 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.438035965 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.438062906 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.574459076 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.574486017 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.574542999 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.574575901 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.574616909 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.574811935 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.574896097 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.574986935 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.575001001 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.575074911 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.627790928 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.627823114 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.627907991 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.628576040 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.628595114 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.628737926 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.628786087 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.628830910 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.631035089 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.765131950 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.765156984 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.765232086 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.765552044 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.765636921 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.765913963 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.766002893 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.818402052 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.818425894 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.818490982 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.819037914 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.819116116 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.819123983 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.819199085 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.819269896 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.819319963 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.819354057 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.819391966 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.819451094 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.819474936 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.821312904 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.821396112 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.821464062 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.821537018 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.821610928 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.821717024 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.958214998 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.958240986 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.958364964 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:12.958369017 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:12.958455086 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.010602951 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.010698080 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.011025906 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.011149883 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.011617899 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.011639118 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.011697054 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.011770964 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.011781931 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.011825085 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.011858940 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.011897087 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.014007092 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.014027119 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.014127016 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.014278889 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.014350891 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.150928020 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.151086092 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.151205063 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.151361942 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.203061104 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.203161955 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.203418970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.203485012 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.203489065 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.203555107 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.203632116 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.204077005 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.204129934 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.204170942 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.204211950 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.204233885 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.204304934 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.206475019 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.206505060 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.206515074 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.206548929 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.206598997 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.341519117 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.341547966 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.341562986 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.341578007 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.341594934 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.341655016 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.341705084 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.341857910 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.342881918 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.396735907 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.396864891 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.397326946 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.397422075 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.397526979 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.397823095 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.398040056 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.533898115 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.534004927 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.534152985 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.534161091 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.534226894 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.589072943 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.589246988 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.589652061 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.589715958 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.590238094 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.590325117 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.590456009 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.590521097 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.590570927 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.590626001 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.590672016 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.590846062 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.590991020 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.591006994 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.591041088 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.591252089 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.727392912 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.727418900 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.727431059 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.727442026 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.727452040 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.727516890 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.727555990 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.729182959 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.729254007 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.782788992 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.782809019 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.782934904 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.783236027 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.783247948 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.783318996 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.783886909 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.783901930 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.783911943 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.783963919 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.783993959 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.784013987 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.784024954 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.784061909 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.784097910 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.785525084 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.786170006 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.922955990 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.922976017 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.922982931 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.922992945 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.922998905 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.923152924 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.978280067 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978298903 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978306055 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978312016 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978322029 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978328943 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978338957 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978452921 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.978589058 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.978955030 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:13.982945919 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:13.983057976 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.113802910 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.113838911 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.113996029 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.114167929 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.114955902 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.169572115 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169596910 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169605970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169617891 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169631958 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169644117 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.169717073 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.169759035 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.170082092 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.173686028 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.173780918 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.304471970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.304492950 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.304500103 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.304711103 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.304831982 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.304933071 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.305376053 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.305412054 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.305450916 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.305476904 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.361814022 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.361970901 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.362297058 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.362375021 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.362438917 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.362612963 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.362629890 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.362673044 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.362739086 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.363279104 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.363286972 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.363348961 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.365664005 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.365789890 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.495268106 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.495294094 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.495304108 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.495430946 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.495682955 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.495693922 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.495783091 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.495840073 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.552781105 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.552800894 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.553031921 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.553427935 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.553440094 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.553558111 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.553643942 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.553658962 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.553893089 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.553956032 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.556472063 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.556592941 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.655932903 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.656097889 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.685844898 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.685868979 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.685930967 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.686103106 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.686130047 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.686206102 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.686343908 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.686419964 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.747214079 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747256041 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747266054 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747282982 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747292042 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747303009 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747318029 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.747488976 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.747549057 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.747833967 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.748265982 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.748320103 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.748353958 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.748415947 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.878480911 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.878595114 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.878993034 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.879204035 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.879286051 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.938206911 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938237906 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938256025 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938271046 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938285112 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938297987 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938355923 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.938395977 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.938538074 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938618898 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938715935 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:14.938760996 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.938822985 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.938895941 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:14.939162016 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.070806980 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.070831060 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.070875883 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.070914984 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.071032047 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.071103096 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.071511030 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.071571112 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.071573973 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.071623087 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.071861982 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.072078943 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.129556894 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.129589081 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.129884005 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.129904032 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.130096912 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.130219936 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.130414963 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.130636930 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.261306047 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.261398077 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.261409998 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.261461973 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.261874914 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.261929989 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.261979103 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.262085915 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.262355089 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.262424946 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.262459040 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.262475014 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.322037935 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322062969 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322074890 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322084904 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322098970 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322140932 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.322294950 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322350979 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.322510004 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:15.322572947 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322650909 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.322932005 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.454497099 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.454519033 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.454859018 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.455420017 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.455496073 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.512458086 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.512492895 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.512686968 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.532322884 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:15.572724104 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:16.745506048 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:16.935900927 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:16.937378883 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:16.937429905 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:16.938879013 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:16.938910007 CET	49772	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:17.131057024 CET	587	49772	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.106739044 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:18.297419071 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.297610998 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:18.489265919 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.489636898 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:18.679864883 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.680254936 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.680546045 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:18.870492935 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:18.871290922 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.061444998 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.061501026 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.061539888 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.061676979 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.090826035 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.091784000 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.280683994 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.280726910 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.281563997 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.281939983 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.282500982 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.472415924 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.473428965 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.473984957 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.664084911 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.667155027 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.668020010 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:19.860076904 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.860851049 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:19.861819983 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.054236889 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.078418970 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.079133987 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.271677971 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.272644997 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.273149014 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273248911 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273379087 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273555994 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273685932 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273772001 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273865938 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.273947954 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.464348078 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.464783907 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.473300934 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.476608992 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.666666031 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.667285919 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.667309999 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:20.667392969 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.667917967 CET	49774	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.838804960 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:20.857889891 CET	587	49774	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.029418945 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.029623032 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.223431110 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.276321888 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.350620031 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.540679932 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.541002035 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.541326046 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.733660936 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.734222889 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.924520969 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.924835920 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.924861908 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:21.924942970 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.926341057 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:21.927195072 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:22.118164062 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.118192911 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.119041920 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.119376898 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.119929075 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:22.310091019 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.311273098 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.354521990 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:22.459110975 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:22.649308920 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.651936054 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.652671099 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:22.842782974 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.843782902 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:22.844233990 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.034317017 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.057333946 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.104615927 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.368678093 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.558747053 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.559962988 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.560476065 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.560566902 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.560671091 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.560794115 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.560899973 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.560986042 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.561068058 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.561145067 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.750433922 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.750508070 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.750793934 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.751059055 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.751071930 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.767357111 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.769277096 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.961750031 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.962436914 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.962457895 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:23.962590933 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:23.963290930 CET	49775	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:24.153296947 CET	587	49775	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:24.198056936 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:24.399851084 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:24.400023937 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:24.606659889 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:24.607726097 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:24.809148073 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:24.811074972 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:24.811362028 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.012739897 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.013261080 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.214755058 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.214799881 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.214920998 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.216268063 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.217175961 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.418097019 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.418126106 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.418443918 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.419083118 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.419651031 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.620963097 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.622421980 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.623131990 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:25.827366114 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.830163002 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:25.830569983 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.032186031 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.032917023 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.033291101 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.234592915 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.262006044 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.262448072 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.464657068 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.466960907 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.467556953 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.467706919 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.467839003 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.467992067 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.468158007 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.468274117 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.468391895 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.468508005 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.669037104 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669153929 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669183969 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669339895 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669616938 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669646978 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.669662952 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.684863091 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:26.696912050 CET	49777	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:26.729906082 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:26.769817114 CET	80	49777	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:26.769938946 CET	49777	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:26.770868063 CET	49777	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:26.845295906 CET	80	49777	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:26.845346928 CET	80	49777	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:26.845372915 CET	80	49777	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:26.845469952 CET	49777	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:26.846105099 CET	49777	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:26.918797970 CET	80	49777	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:27.110027075 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:27.217086077 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:27.263472080 CET	443	49733	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:27.263631105 CET	49733	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:27.311441898 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.312387943 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.312405109 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.313110113 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:27.313139915 CET	49776	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:27.517050982 CET	587	49776	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.601785898 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:27.794696093 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.794903994 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:27.989326000 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:27.989716053 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.179980993 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.180408955 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.180705070 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.218750954 CET	49779	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:28.294342995 CET	80	49779	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:28.294492006 CET	49779	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:28.295042992 CET	49779	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:28.368140936 CET	80	49779	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:28.368408918 CET	80	49779	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:28.368458986 CET	80	49779	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:28.368534088 CET	49779	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:28.368937016 CET	49779	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:28.373656034 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.374181032 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.441446066 CET	80	49779	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:28.564632893 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.564733028 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.564753056 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.564843893 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.566756964 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.567718983 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.757077932 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.757098913 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.757883072 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.758444071 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.758919001 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:28.949318886 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.950697899 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:28.951489925 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.143127918 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.144758940 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.145239115 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.338052034 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.339030027 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.339622974 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.529927015 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.551131964 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.551522017 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.741822958 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.742816925 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.743452072 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.743694067 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.744069099 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.744277000 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.789237976 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.933826923 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.933856010 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.933953047 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.934412956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.934441090 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.934513092 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:29.979815006 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:29.980015039 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.124861956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.124975920 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.170484066 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.170711040 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.270209074 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.270436049 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.315356016 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.315537930 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.361135006 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.361275911 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.361362934 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.361449003 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.460738897 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.460905075 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.508749962 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.508770943 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.508824110 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.508858919 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.551728964 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.551743031 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.551877022 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.551891088 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.551970005 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.651204109 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.651354074 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.699984074 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.700052977 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.700417995 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.700427055 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.700517893 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.700628996 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.700686932 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742321968 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742341995 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742417097 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742470026 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742500067 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742516041 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742546082 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742558002 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742574930 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.742621899 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742636919 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.742954016 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.743007898 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.841696024 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.841758966 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.841892958 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.892401934 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.892517090 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.892879963 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.892931938 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.892990112 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.893054962 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.932816982 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.932830095 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.932837009 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.933042049 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.933075905 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.933139086 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:30.933284044 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.933295965 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:30.933415890 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.033170938 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.033190012 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.033269882 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.033279896 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.033312082 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.033330917 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.084877968 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.084898949 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.085006952 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.085046053 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.085500956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.085530043 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.085609913 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.085724115 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.085781097 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.123402119 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.123415947 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.123547077 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.123578072 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.123630047 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.123749971 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.123832941 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.123840094 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.123894930 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.124027967 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.124034882 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.124108076 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.223673105 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.223686934 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.223875046 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.223896027 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.224001884 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.275341034 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.275536060 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.275774956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.275842905 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.275861025 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.275933027 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.276061058 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.276149035 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.314016104 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314060926 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314085960 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314110994 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314207077 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.314256907 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314265966 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.314284086 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314407110 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.314485073 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.314517021 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.314608097 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.416630030 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.416655064 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.416785955 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.468501091 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.468530893 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.468548059 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.468622923 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.468676090 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.469191074 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.469268084 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.504729033 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.504755020 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.504761934 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.504825115 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.504893064 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.504936934 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505028963 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505079985 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505117893 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505158901 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505310059 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505373955 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505394936 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505470037 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505599976 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505657911 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505669117 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505714893 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.505747080 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.505796909 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.607125044 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.607187986 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.607218027 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.607297897 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.607347012 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.607440948 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.608918905 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.661844015 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.661878109 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.661892891 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.661967993 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.662023067 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.662384033 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.662553072 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.662630081 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.697948933 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.697973013 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.697983980 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.698071957 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.698122978 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.698410988 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.698549986 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.698585033 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.698649883 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.699017048 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.699196100 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.797700882 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.797732115 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.797837019 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.798017979 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.798104048 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.854082108 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.854124069 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.854317904 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.854507923 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.854582071 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.888643980 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.888667107 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.888783932 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.888813019 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.888830900 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.888869047 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.888879061 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.888896942 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.888919115 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.888974905 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.889286041 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.889297962 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.889338017 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.889460087 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.889678955 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.988372087 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.988432884 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.988558054 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:31.988637924 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:31.988744974 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.044791937 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.044819117 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.044830084 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.044845104 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.044986963 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.079195976 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079222918 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079257011 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079271078 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079437017 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.079499960 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079516888 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079588890 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.079612970 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.079860926 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.079863071 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.079911947 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.080245018 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.080313921 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.182463884 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.182483912 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.182651043 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.182739019 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.235507965 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.235531092 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.235629082 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.235714912 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.235768080 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.235801935 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.235850096 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.269804955 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.269897938 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.269916058 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.269927979 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.270097017 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.270098925 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.270127058 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.270246029 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.270345926 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.270555019 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.270601034 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.270659924 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.370285034 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.370383024 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.375843048 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.375866890 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.375874996 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.375984907 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.426084995 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.426107883 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.426117897 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.426311970 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.460555077 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.460580111 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.460613012 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.460695982 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.460705996 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.460736036 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.460994005 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.461111069 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.568511009 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.568568945 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.568620920 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.568675995 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.616965055 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.617016077 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.617300034 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651153088 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651199102 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651251078 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651292086 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651397943 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651429892 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651453018 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651468992 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651489019 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651490927 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651514053 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651523113 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651549101 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.651565075 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651587963 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651628017 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.651858091 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.652004004 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.759051085 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.759073019 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.759118080 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.759130001 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.759185076 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.759254932 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.759263992 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.759326935 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.807754993 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.807775974 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.807828903 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.807861090 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.807984114 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.808043957 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.808706999 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.808789015 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.841896057 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.841923952 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.841995955 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.842107058 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.842183113 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.842322111 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.842473030 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.842643976 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.842717886 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.842766047 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.843044043 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.951459885 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.951509953 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.951523066 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.951637030 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.951688051 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.998255014 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.998275042 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.998338938 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.998361111 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:32.998394012 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:32.998430014 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035109997 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035132885 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035191059 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035250902 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035295963 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035666943 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035680056 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035727024 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035742044 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.035744905 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035770893 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035815954 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.035969973 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.036045074 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.036567926 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.036633015 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.142039061 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.142066956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.142133951 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.142225027 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.142262936 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.188731909 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.188752890 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.188760042 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.188952923 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.189750910 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.225590944 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.225616932 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.225630999 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.225645065 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.225739002 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.225781918 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.226062059 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.226130009 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.226191998 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.226238966 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.226361990 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.226414919 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.226810932 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.226862907 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.226870060 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.226911068 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.332694054 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.332875967 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.332878113 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.332926035 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.332988977 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.333045006 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.379431963 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.379626989 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.379998922 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.380095005 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416198015 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416266918 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416280985 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416300058 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416323900 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416336060 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416378975 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416481018 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416546106 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416568041 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416614056 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.416692019 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.416749001 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.417094946 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.417143106 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.417174101 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.417193890 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.523310900 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.523355961 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.523431063 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.523495913 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.523582935 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.523648024 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.523669004 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.523737907 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.570010900 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.570034981 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.570066929 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.570247889 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.570277929 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.570363998 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609041929 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609138012 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609188080 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609250069 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609270096 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609287977 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609344959 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609570026 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609596014 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609740019 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:33.609847069 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.609967947 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.713951111 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.713984966 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.714076042 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.714195967 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.760585070 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.760663033 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.760730982 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.760746956 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.760843992 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.799455881 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.799480915 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.799576044 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.799738884 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.799815893 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.825186968 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:33.871176004 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.142569065 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.333065987 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.333825111 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.333847046 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.334000111 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.334661007 CET	49778	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.514961958 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.526488066 CET	587	49778	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.705864906 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.706060886 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.831974030 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.831978083 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:35.901496887 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:35.901990891 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.035042048 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.035075903 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.035197020 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.035317898 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.094254017 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.096594095 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.097197056 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.239164114 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.239751101 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.284514904 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.284563065 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.289796114 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.290457964 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.480844021 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.481043100 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.481055975 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.482881069 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.483447075 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.484139919 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.486027956 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.486046076 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.486347914 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.486578941 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.486627102 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.486783028 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.673646927 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.673682928 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.674385071 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.677081108 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.677648067 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.687962055 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.688091993 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.730750084 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.730858088 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.868122101 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.870306015 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:36.871462107 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.972975016 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:36.973011971 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.061845064 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.068567038 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.069310904 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.176238060 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.176286936 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.177696943 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.177731991 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.177761078 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.177830935 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.177995920 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.178020000 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.178037882 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.178097010 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.261981964 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.263848066 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.264341116 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.379338980 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.379429102 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.385927916 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.420964956 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.454618931 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.496428013 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.496906042 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.587416887 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.588311911 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.588325977 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.588814020 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.622570038 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.623481035 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.623502016 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.623636961 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.687186956 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.690434933 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.691020966 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691149950 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691289902 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691437006 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691570997 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691679001 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691776037 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.691875935 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.881326914 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.881345987 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.881534100 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.881762028 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.881772995 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.882040977 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.882055044 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.882066965 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.902093887 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:37.903172016 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.909133911 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:37.909183979 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.093496084 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.094583988 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.094613075 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.094722033 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.095529079 CET	49780	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.110483885 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.110543966 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.111398935 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.111504078 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.112225056 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.112387896 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.288513899 CET	587	49780	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.300081968 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.315696955 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.315718889 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.318314075 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.318406105 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.371541023 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.371543884 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.490725994 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.490926981 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.501760960 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.501805067 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.683794975 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.684241056 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.703221083 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.703263044 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.706111908 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.706437111 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.706938982 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.707004070 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.876791954 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.877027988 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.877393961 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.910768986 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.910804033 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.912174940 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.912203074 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:38.965326071 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.965353966 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.999655962 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:38.999722958 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.067572117 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.069044113 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.202943087 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.202965975 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.226856947 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.227269888 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.232662916 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.232970953 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.259251118 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.259274006 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.259355068 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.260832071 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.261567116 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.428623915 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.429471016 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.434374094 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.435170889 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.450917006 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.450941086 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.451591015 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.452081919 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.480967045 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.485078096 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.496592999 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539361954 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539554119 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539660931 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539763927 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539870024 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.539954901 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.540045023 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.541538000 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.541680098 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.541955948 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.542113066 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.542217970 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.542330980 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.542447090 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.542548895 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.731595039 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.733355999 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.734113932 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.740751982 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.740782022 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.740849018 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.740885973 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.741058111 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.741079092 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.741149902 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.741167068 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.741178036 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.741220951 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.741261005 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.741295099 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.741302013 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.742193937 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.743026018 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743129015 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.743279934 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743376017 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743426085 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743490934 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.743750095 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743763924 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743834019 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.743844032 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.743907928 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.743988037 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.924268961 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.926784992 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.927217960 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.942272902 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.942331076 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.942405939 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.942424059 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.942483902 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.942502975 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.942518950 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.942564011 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.942600012 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.942790031 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.943461895 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.944195032 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.944502115 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.944729090 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.944799900 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.944818974 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.944873095 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.945219994 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.945219040 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.945508957 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.945525885 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:39.945564985 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:39.945612907 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.117319107 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.118087053 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.118585110 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.143853903 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.143873930 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.143935919 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.143948078 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.143954992 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.144037962 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.144217968 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.144263983 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.144273043 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.144275904 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.146320105 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.146395922 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.147038937 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.147138119 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.147367001 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.147445917 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.147604942 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.147751093 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.156702042 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.308646917 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.334181070 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.335021973 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.345617056 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.345638037 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.345659971 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.345835924 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.345865965 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.345876932 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.345890999 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.345948935 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.347773075 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.348499060 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.348623991 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.348627090 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.348790884 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.348897934 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.349152088 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.349220991 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.349302053 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.349317074 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.349409103 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.349425077 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.358213902 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.525136948 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.527038097 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547257900 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547303915 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547314882 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547569990 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547585011 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.547591925 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550168037 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550184011 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550463915 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550529003 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550561905 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.550865889 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.560719967 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.565915108 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.574832916 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.607013941 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.621661901 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.760965109 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.761395931 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.761514902 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.761732101 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.761864901 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.762345076 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.762444973 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.762763023 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:40.951203108 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.951359034 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.951591969 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.951709032 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.951873064 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.952280998 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.952332973 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.952676058 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.967540026 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:40.973555088 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:41.163860083 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:41.165512085 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:41.165565968 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:41.165755987 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:41.253395081 CET	49783	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:41.443747997 CET	587	49783	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.092335939 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:42.282984972 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.283238888 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:42.474970102 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.475333929 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:42.665721893 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.666105986 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.666457891 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:42.856486082 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:42.861212969 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.051366091 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.051441908 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.051595926 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.052539110 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.053162098 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.053852081 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.243283987 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.243330002 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.243895054 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.244276047 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.244952917 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.435055017 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.436798096 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.437563896 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.631608009 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.635499954 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.636096954 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:43.826169968 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.827163935 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:43.827646017 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.017683029 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.040174961 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.040757895 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.230931997 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.231981993 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.233571053 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.233846903 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.234036922 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.234230995 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.234448910 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.234672070 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.234879017 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.235158920 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.423687935 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.423751116 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.424012899 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.424110889 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.424424887 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.424560070 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.424719095 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.425254107 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.434381008 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:44.481362104 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:44.811611891 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.001781940 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.004369020 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.004395962 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.004467010 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.005201101 CET	49784	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.142251968 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.173844099 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.189687014 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.189775944 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.195158958 CET	587	49784	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.376948118 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.377038002 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.396184921 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.444945097 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.447154045 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.447184086 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.447230101 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.458393097 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.504627943 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.505084991 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.560277939 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.580559969 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.580796957 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.748548985 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.782146931 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.782514095 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.782795906 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:45.794766903 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.812275887 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:45.861219883 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:45.984117031 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:45.984648943 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.188568115 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.188657999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.188673973 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.188788891 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.190341949 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.191157103 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.392175913 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.392208099 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.393096924 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.393327951 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.393827915 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.596565962 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.598474979 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.599237919 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.672476053 CET	49787	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:46.745166063 CET	80	49787	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:46.745297909 CET	49787	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:46.745872021 CET	49787	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:46.802896976 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.806401014 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:46.807007074 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:46.820555925 CET	80	49787	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:46.820859909 CET	80	49787	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:46.820875883 CET	80	49787	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:46.820964098 CET	49787	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:46.821465015 CET	49787	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:46.822500944 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:46.878849030 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:46.894134998 CET	80	49787	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:46.920113087 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:47.010607958 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.011615038 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.013281107 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.216571093 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.240331888 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.240782022 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.444578886 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.446269035 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.447375059 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.447525024 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.447707891 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.447912931 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:53:47.521399021 CET	49788	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:47.596149921 CET	80	49788	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:47.596311092 CET	49788	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:47.596793890 CET	49788	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:47.648813963 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.648852110 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.648957014 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.649157047 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:53:47.669441938 CET	80	49788	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:47.669477940 CET	80	49788	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:47.669496059 CET	80	49788	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:47.669596910 CET	49788	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:47.669961929 CET	49788	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:47.670579910 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:47.730146885 CET	443	49785	104.21.19.200	192.168.2.7
Feb 2, 2021 08:53:47.743587017 CET	80	49788	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:47.779783964 CET	49785	443	192.168.2.7	104.21.19.200
Feb 2, 2021 08:53:48.300132990 CET	49789	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:48.373255968 CET	80	49789	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:48.376035929 CET	49789	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:48.376410007 CET	49789	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:48.450788021 CET	80	49789	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:48.450817108 CET	80	49789	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:48.450834990 CET	80	49789	216.146.43.70	192.168.2.7
Feb 2, 2021 08:53:48.450896978 CET	49789	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:48.451231956 CET	49789	80	192.168.2.7	216.146.43.70
Feb 2, 2021 08:53:48.524095058 CET	80	49789	216.146.43.70	192.168.2.7
Feb 2, 2021 08:54:02.649425983 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:02.652069092 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:06.743398905 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:06.944890976 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:06.944921017 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:06.945075989 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.146617889 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.146828890 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.348198891 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.348445892 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.348460913 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.348475933 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.348695993 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.552638054 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.552669048 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.552683115 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.552697897 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.552896976 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.553344965 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.553364038 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.553464890 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.553553104 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.553611040 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.754302025 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754333019 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754442930 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.754447937 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754539967 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.754590988 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754650116 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.754712105 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.754853964 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754869938 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754930973 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.754940033 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.755008936 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.755080938 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.755151033 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.755280018 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.755358934 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.755450010 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.755491018 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.755512953 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.755565882 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.955847979 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.955878019 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.955893040 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956080914 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956090927 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956137896 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956267118 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956284046 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956350088 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956377983 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956541061 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956558943 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956659079 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956691027 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956842899 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956860065 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956899881 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.956948042 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.956974983 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:07.957075119 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:07.957143068 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.157588959 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.157618999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.157699108 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.157809019 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.157818079 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.157879114 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.157907009 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158061028 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158101082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158216000 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158226967 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158292055 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158444881 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158458948 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158500910 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158545971 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158586025 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158601999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158617973 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158641100 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158683062 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.158829927 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.158895016 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.361608982 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.361732006 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362154007 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.362173080 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.362238884 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362287045 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362345934 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.362402916 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362662077 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362806082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.362869024 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.362962961 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.362978935 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.363027096 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.363053083 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.363164902 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.363219023 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.363406897 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.364691973 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.364780903 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.563198090 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.563227892 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.563306093 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.563600063 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.563663960 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.563833952 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.563909054 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.563992023 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564069986 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564167023 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564183950 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564238071 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564254999 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564265013 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564313889 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564394951 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564448118 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564543009 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564635992 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564654112 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564704895 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564733982 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564877987 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564922094 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.564925909 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.564968109 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.566070080 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.566164017 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.764744043 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.764889956 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.764974117 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765028000 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765269041 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765286922 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765346050 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765374899 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765439987 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765496969 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765592098 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765649080 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765665054 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765712976 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.765882015 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.765932083 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.766074896 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.766133070 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.766262054 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.766278982 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.766320944 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.766345024 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.766509056 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.766556025 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.767497063 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.767602921 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.966449022 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.966476917 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.966558933 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.966609955 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.966664076 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.966741085 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.966758013 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.966815948 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.966849089 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.966939926 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967005014 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967026949 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967072964 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967228889 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967255116 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967273951 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967320919 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967346907 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967468023 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967515945 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.967582941 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967602968 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967644930 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967722893 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967803001 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.967804909 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.968024969 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.968154907 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:08.968924999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:08.969000101 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168006897 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168051958 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168164968 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168186903 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168201923 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168240070 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168313980 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168370962 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168567896 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168678045 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168683052 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168719053 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168739080 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168759108 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168761015 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168819904 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.168867111 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.168908119 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169081926 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.169141054 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.169173956 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169198036 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169229984 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.169281006 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169408083 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.169456005 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169593096 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.169598103 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.169646978 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.170245886 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.170308113 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.369731903 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.369771004 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.369972944 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370012999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370079041 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.370129108 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.370260954 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370296955 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370345116 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370378971 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370589018 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370685101 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370775938 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370807886 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.370884895 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.371018887 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.371052027 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.371583939 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.371587038 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.372236013 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.574563026 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.574613094 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.574697018 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.574757099 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.574801922 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.575050116 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.575084925 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.575124025 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.575150967 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.575690031 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.575721979 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.575779915 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.575815916 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.575850964 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.575896978 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.576369047 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.576464891 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.576670885 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.576728106 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.576761961 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.576772928 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.576970100 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.577050924 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.577517033 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.577599049 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.577613115 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.577650070 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.577711105 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.577738047 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.577800989 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.777739048 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.777873993 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.778078079 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778109074 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778160095 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.778177023 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.778239965 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778325081 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.778747082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778779030 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778804064 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.778932095 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.778989077 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.779092073 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.780049086 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.780086040 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.780219078 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.780297995 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.780394077 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.780417919 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.780589104 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.780591965 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.780759096 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.781157017 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.781189919 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.781301022 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.781747103 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.781987906 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.782227993 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.782569885 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.981807947 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.982218027 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.982306957 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.982337952 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.982434988 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.982537031 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.982603073 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.982924938 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.982952118 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.983000994 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.983036041 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.983669996 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.983751059 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.984718084 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.984746933 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.984772921 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.984790087 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.984847069 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.985327005 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.985407114 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.985856056 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.985925913 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.985955954 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.986032963 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.986296892 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:09.986538887 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:09.986618996 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.183866024 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.183892965 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.183911085 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.183983088 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184027910 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184335947 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.184401035 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.184421062 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184456110 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184523106 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.184592009 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184611082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.184628010 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.184675932 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.184946060 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.185061932 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.185318947 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.186202049 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.186336040 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.186342001 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.186403036 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.186409950 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.186561108 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.186836958 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.186914921 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.187345028 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.187365055 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.187410116 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.187455893 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.187658072 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.187726974 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.187977076 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.188002110 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.188030005 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.188039064 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.188097954 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.288501978 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.288629055 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.388187885 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.388215065 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.388523102 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.388703108 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.388736963 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.388904095 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.389178991 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.392004013 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392116070 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.392417908 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392432928 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392440081 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392452002 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392460108 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392476082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.392549038 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.392597914 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.392905951 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.393965960 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.490199089 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.491560936 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.589993000 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590040922 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590111971 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590183020 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590264082 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590287924 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.590338945 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.590342999 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.590390921 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.590497017 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.593544006 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.593592882 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.593734980 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.593923092 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.593976974 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.593995094 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.594007969 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.594011068 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.594029903 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.594029903 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.594088078 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.594465971 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.594542980 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.594670057 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.595438004 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.595494986 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.695647001 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.695768118 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.791758060 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.791841984 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.791853905 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.791898012 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.791912079 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792123079 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792135000 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792319059 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792418003 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.792525053 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792536974 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.792558908 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.795114040 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795361042 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795535088 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795551062 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795762062 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795797110 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795875072 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.795957088 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.796086073 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.796857119 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.809499025 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.809680939 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.822731018 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.822886944 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:10.898479939 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.995755911 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:10.995779991 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:11.014199972 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:11.070220947 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:12.486318111 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:12.687956095 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:12.689605951 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:12.689634085 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:12.689737082 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:12.690325975 CET	49786	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:12.843605995 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:12.891732931 CET	587	49786	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.045547009 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.045669079 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.248991013 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.249319077 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.450855970 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.451119900 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.451430082 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.652879000 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.653646946 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.855304956 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.855382919 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.855453014 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:13.855609894 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.858515024 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:13.859530926 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:14.059907913 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.059931040 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.060762882 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.061261892 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.062681913 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:14.264322042 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.266032934 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.267164946 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:14.470763922 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.473918915 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.474356890 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:14.675815105 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.681623936 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.682101011 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:14.883676052 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.915713072 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:14.916205883 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.117707014 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.118778944 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.119339943 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119415045 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119550943 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119668007 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119781971 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119884968 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.119997978 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.120094061 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.320899963 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.320988894 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.321017027 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.321043015 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.321079016 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.321345091 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.335123062 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.338428020 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.540795088 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.541327953 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.541342974 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.541493893 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.542332888 CET	49790	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:15.743662119 CET	587	49790	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:15.966166019 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:16.158730030 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:16.163778067 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:16.356473923 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:16.359440088 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:16.551255941 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:16.551491976 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:16.554924011 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:16.747075081 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:16.789439917 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:16.899482012 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.091315985 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.091355085 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.091808081 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.095165014 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.095942020 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.285237074 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.285265923 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.285803080 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.286115885 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.336414099 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.378166914 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.568362951 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.569464922 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.617662907 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.797261953 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:17.987514973 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.991349936 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:17.991863012 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.183521032 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.184381962 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.186069965 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.376044035 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.401719093 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.403039932 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.593116999 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.593919992 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.594455004 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.594551086 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.594672918 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.594785929 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.594880104 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.594964027 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.595037937 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.595118046 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.784537077 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.784562111 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.784600019 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.784779072 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.784810066 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.795957088 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.797889948 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.987816095 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.988342047 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.988356113 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:18.988477945 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:18.989135027 CET	49792	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:19.136688948 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:19.178992033 CET	587	49792	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.340955019 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.341116905 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:19.546262026 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.546660900 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:19.747939110 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.748264074 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.748622894 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:19.949882030 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:19.950479031 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.151793957 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.151917934 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.152017117 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.152842045 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.153455019 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.154295921 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.357317924 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.357347012 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.357799053 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.358149052 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.359107971 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.560497046 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.562074900 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.563250065 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.767132998 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.769463062 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.769896030 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:20.971214056 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.972301960 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:20.973032951 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.176372051 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.207422018 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.207937002 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.409291983 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.410471916 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.411186934 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.411355972 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.411480904 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.411654949 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.411793947 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.411916971 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.412024021 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.412133932 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:21.612483025 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.612517118 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.612546921 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.612761974 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.613250017 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.613312006 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.622597933 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:21.664879084 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.001470089 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.202944994 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.203912973 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.203937054 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.204008102 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.204510927 CET	49793	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.328819036 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.407663107 CET	587	49793	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.519731998 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.519836903 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.712263107 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.712584019 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:22.902983904 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.903280020 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:22.903708935 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.094129086 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.095740080 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.286232948 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.286269903 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.286339045 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.286417007 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.302872896 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.303556919 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.493969917 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.493993044 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.494008064 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.496136904 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.496767044 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.687108040 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.692987919 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.703882933 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.777211905 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:54:23.817687988 CET	80	49769	104.16.155.36	192.168.2.7
Feb 2, 2021 08:54:23.817866087 CET	49769	80	192.168.2.7	104.16.155.36
Feb 2, 2021 08:54:23.882762909 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:23.894396067 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.897068977 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:23.897696018 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.073416948 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.073544979 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.088085890 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.088937998 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.089355946 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.265650034 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.266120911 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.281241894 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.303544044 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.305213928 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.456103086 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.456612110 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.456887007 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.497222900 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.498750925 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.500066996 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.500226974 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.500411987 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.500576973 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.646842957 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.692720890 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.692945004 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:24.696374893 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:24.876979113 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.069672108 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.069703102 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.069720984 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.069863081 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.262639999 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.270415068 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.461529016 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.462735891 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.462769985 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.462878942 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.573612928 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.766063929 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.767239094 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.767887115 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:25.958008051 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.962999105 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:25.963875055 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.010636091 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.010773897 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.023745060 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.023904085 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.159840107 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.164855957 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.165558100 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.355822086 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.356728077 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.357496977 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.549371004 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.588171005 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.588783979 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.778953075 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.779994965 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.780962944 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.781002045 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.781157970 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.781164885 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.781339884 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.781347990 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:26.973980904 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.974005938 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:26.994307995 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.041075945 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.387249947 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.579684973 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.581473112 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.679537058 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.679805994 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.771980047 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.772011042 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.772070885 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.772135019 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.873125076 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.873249054 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.965784073 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.965823889 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.965888977 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.965946913 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:27.966345072 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.966372013 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:27.966464996 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.063848019 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.063905954 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.064074993 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.159380913 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.159547091 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.160044909 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.160067081 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.160075903 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.160152912 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.160200119 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.160552979 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.254492044 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.254522085 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.254586935 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.254678965 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.254709959 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.349972010 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.350075006 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.350228071 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.350295067 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.350419998 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.350661993 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351088047 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.351125956 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351281881 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351296902 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351304054 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351337910 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.351414919 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.351512909 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.351816893 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.351903915 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.352349997 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.445281029 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.445333958 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.445358038 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.445507050 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.540810108 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.541255951 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.542140007 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.542283058 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.542804956 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.542819977 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.542850971 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.542866945 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.542880058 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543224096 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.543386936 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543406963 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543426991 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543446064 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543507099 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.543603897 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.543742895 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.543782949 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.543859959 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.635998011 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.636027098 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.636063099 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.636208057 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.636209965 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.636267900 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.636282921 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.636317015 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.733994007 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.734028101 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.734131098 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.734447002 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.734512091 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.734514952 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.734580994 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.735601902 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.735622883 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.735637903 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.735680103 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.735739946 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.736332893 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.736351013 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.736406088 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.736413002 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.736459017 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.736534119 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.736658096 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.736761093 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.828927994 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.828952074 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.829150915 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.924689054 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.924891949 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.924917936 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.925031900 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.925079107 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.925108910 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.925167084 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.925307989 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.926084995 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.926229954 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.926414967 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.926505089 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.926745892 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.926845074 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.926980019 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.927073002 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.927273989 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.927337885 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:28.927426100 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:28.927455902 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.021112919 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.021162033 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.021374941 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.021466017 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.115341902 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.115365982 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.115478992 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.115519047 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.115545034 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.115742922 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.116522074 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.116599083 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.116724968 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.116758108 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.116759062 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117156029 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117305040 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117320061 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117355108 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117394924 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117429972 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117659092 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117717981 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117784977 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117810011 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.117825031 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117877007 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.117943048 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.118048906 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.213404894 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.213466883 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.213522911 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.213583946 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.213879108 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.213941097 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.306061029 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.306083918 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.306185961 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.306346893 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.306444883 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.307033062 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307055950 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307367086 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307436943 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.307497978 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.307655096 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307732105 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.307754040 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307770014 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.307842016 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308116913 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308132887 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308214903 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308298111 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308309078 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308388948 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308408976 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308417082 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308502913 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308510065 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.308605909 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.308811903 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.405993938 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.406018019 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.406141043 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.496588945 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.496618986 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.496793032 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.496845961 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.496908903 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.497740984 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.497827053 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.497854948 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.497895002 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498032093 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498045921 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498101950 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498208046 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498428106 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498506069 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498631954 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498727083 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498781919 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498786926 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.498816013 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498845100 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.498969078 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.499197006 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.599355936 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.599376917 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.599570036 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.688622952 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688674927 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688724041 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688762903 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688802004 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688838005 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688875914 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688910961 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688925028 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.688946962 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.688973904 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.688983917 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.689321041 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.689351082 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.689359903 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.689395905 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.689464092 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.689505100 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.689944029 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.790745974 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.790874958 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.791024923 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.791055918 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.791124105 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.883306026 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.883475065 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.883656025 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.883708954 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.883749962 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.883776903 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.884085894 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.884116888 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.884140968 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.884150982 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.884175062 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.884191990 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.884222031 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.884265900 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.884656906 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.884855986 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.885190010 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.885215998 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.885262966 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.885292053 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.885570049 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.885597944 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.885643959 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.885682106 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.885930061 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.982871056 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.982897997 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.982917070 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:29.983016014 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:29.983052969 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.074506998 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074536085 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074549913 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074559927 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074681044 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074697018 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074707985 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.074754953 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.074803114 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.074846983 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.074901104 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.075280905 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.075385094 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.075407982 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.075503111 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.075506926 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.075560093 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.075627089 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.075696945 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.075697899 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.075752974 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.076591015 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.076668024 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.077369928 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.077424049 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.077441931 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.077442884 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.077503920 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.077971935 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.078047991 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.078306913 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.173928022 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.173955917 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.174046993 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.266356945 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.266609907 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.266881943 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.266927958 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.266947031 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267026901 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267034054 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.267050028 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267081976 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267146111 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.267505884 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.267729998 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.267735004 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267760992 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267823935 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.267834902 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.267889023 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.268433094 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.268517017 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.268647909 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.268682957 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.364836931 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.364871025 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.365030050 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.457109928 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.457285881 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.457498074 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.457567930 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.457762003 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.457788944 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.457916021 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.457950115 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.457983971 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458107948 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458147049 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458200932 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458223104 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458271980 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458298922 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458349943 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458523035 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458540916 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458585978 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458636045 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458688974 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.458921909 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.458976984 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.459001064 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.459054947 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.459232092 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.555586100 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.555609941 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.555620909 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.555639029 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.555677891 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.555720091 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.555749893 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.647922039 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.647974968 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648001909 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648164034 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.648377895 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648555994 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648665905 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.648672104 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648776054 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.648875952 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.649064064 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649141073 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649224997 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649364948 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.649559975 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649678946 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.649907112 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649924994 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.649935007 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.650073051 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.746228933 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.746253967 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.746263027 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.746450901 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.838824034 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.838881016 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.839085102 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.839250088 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.839278936 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.839324951 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.839392900 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.839574099 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.840213060 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.841829062 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.841911077 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.841950893 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.842122078 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.842140913 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.842159033 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.842235088 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.842291117 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.842784882 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.842807055 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.842915058 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.843117952 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.936994076 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.937021971 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.937031984 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:30.937108994 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:30.937148094 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.031369925 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.031399965 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.031416893 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.031639099 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.031661987 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.031738997 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.031980991 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.032051086 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.032066107 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.032159090 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.034250021 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.034275055 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.034359932 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.034404039 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.034461975 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.034535885 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.034642935 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.035410881 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.035482883 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.035526991 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.035543919 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.035552979 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.035612106 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.035644054 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.035851002 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.127681017 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.127722979 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.127835035 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.127918959 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.224695921 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.224734068 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.224754095 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.224912882 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.225167990 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.225357056 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:31.227206945 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.227471113 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.227493048 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.228610992 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.228631020 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.320559978 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.320586920 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.320597887 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.320605993 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.416126013 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.416153908 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.416167974 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.436005116 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:31.478266001 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.054775000 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.249062061 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.249114990 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.249147892 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.249676943 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.251451015 CET	49794	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.361929893 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.441808939 CET	587	49794	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.553020000 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.554498911 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.747540951 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.748317003 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:33.938709021 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.940007925 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:33.940270901 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.130645990 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.131275892 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.321598053 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.321791887 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.321839094 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.321955919 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.324558020 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.325742960 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.515029907 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.515070915 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.516144037 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.516789913 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.517246962 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.707477093 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.708867073 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.710146904 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:34.900536060 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.902928114 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:34.903305054 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.095990896 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.101035118 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.101562977 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.291860104 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.339823961 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.340315104 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.530577898 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.532433987 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.533113003 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.533162117 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.533293962 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.533396006 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.533507109 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.596637011 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.596751928 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.596848965 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.723437071 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.723462105 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.723469019 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.723633051 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.787028074 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.800299883 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.801362991 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.992284060 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.993715048 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.993746996 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:35.994023085 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:35.995102882 CET	49796	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.185441017 CET	587	49796	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.263139963 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.295272112 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.453915119 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.454427958 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.485877991 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.485991001 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.648380041 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.648818016 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.677932024 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.682199955 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.841489077 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.841758013 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.841996908 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:36.872332096 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.872733116 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:36.876977921 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.033971071 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.038597107 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.067073107 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.071316957 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.228773117 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.228921890 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.228991032 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.229317904 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.230424881 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.235763073 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.261435986 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.261465073 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.261482954 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.261594057 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.420550108 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.420578957 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.425827980 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.426352978 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.428492069 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.451562881 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.486804962 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.620884895 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.622327089 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.623016119 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.676847935 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.678081989 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.678103924 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.678190947 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.705995083 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.813164949 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.816534996 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.817008972 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:37.897208929 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.897814035 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:37.898423910 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.007246017 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.010884047 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.011419058 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.088489056 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.089629889 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.090411901 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.203396082 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.241615057 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.242387056 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.283163071 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.286000967 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.288652897 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.432421923 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.433315039 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.433963060 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434113979 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434258938 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434436083 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434756041 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434772968 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434861898 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.434979916 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.478646040 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.479368925 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.480823040 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.624115944 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624138117 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624242067 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624428034 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624721050 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624742985 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.624870062 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.635267019 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.637582064 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.670871973 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.694772005 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.695730925 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.827838898 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.828313112 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.828326941 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.828972101 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.832243919 CET	49797	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.885976076 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.887000084 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:38.888297081 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.888500929 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.888659954 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.888817072 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.888983011 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.889106989 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.889216900 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.889332056 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:38.993415117 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.021430969 CET	587	49797	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078552961 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078573942 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078663111 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078824997 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078938961 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.078980923 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.079106092 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.088068962 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.135097980 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.184274912 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.187089920 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.379169941 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.381690979 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.572154999 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.572385073 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.574527025 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.766592979 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.767832041 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.960227966 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.960261106 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:39.960346937 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.961817980 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:39.962678909 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.152163982 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.152189016 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.152873039 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.155086040 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.155683041 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.214620113 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.347968102 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.349817038 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.353364944 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.404702902 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.405412912 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.405431032 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.405639887 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.425561905 CET	49798	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.543873072 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.546574116 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.549048901 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.615609884 CET	587	49798	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.740813971 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.744497061 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.745045900 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.768995047 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.937990904 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.962194920 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.962224007 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:40.962338924 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:40.963011980 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.155936003 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.156644106 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.156660080 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.157478094 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.157849073 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.158128023 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.158349991 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.158581972 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.158761024 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.158909082 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.159059048 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.169212103 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.212560892 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.212697983 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.224636078 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.226411104 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.347858906 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.348156929 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.348440886 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.348581076 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.348738909 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.348889112 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.349011898 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.349219084 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.359263897 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.359941006 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.359972954 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.360233068 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.400857925 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.553025961 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.553525925 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.688146114 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.745873928 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.745907068 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.745984077 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.749300957 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.784173012 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.879201889 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.880007982 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.880033016 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.882447958 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.882474899 CET	49799	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:41.939501047 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.939606905 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.977269888 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.980464935 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:41.981214046 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.012784004 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.072829008 CET	587	49799	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.173841953 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.175666094 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.203212976 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.206566095 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.206698895 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.231746912 CET	587	49795	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.232062101 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.394615889 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.398572922 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.399118900 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.419593096 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.420350075 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.591626883 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.592467070 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.593166113 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.610765934 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.611356974 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.611753941 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.786081076 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.805545092 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.806329012 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.822973967 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.823532104 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.996772051 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.996817112 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:42.996989965 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:42.998609066 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.000334978 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.014244080 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.014993906 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.019222975 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.019535065 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.019794941 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.019970894 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.020153046 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.020315886 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.020438910 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.020565987 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.192034006 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.192058086 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.193161011 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.194149971 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.194621086 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.212649107 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.213068008 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.213720083 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.222898960 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.276312113 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.385778904 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.390285969 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.391448975 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.501869917 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.581749916 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.589040041 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.589443922 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.691999912 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.692615032 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.692652941 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.692738056 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.693557978 CET	49800	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.782547951 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.785446882 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.786185026 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.867913008 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:43.883657932 CET	587	49800	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:43.976973057 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.011302948 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.018604040 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.069971085 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.070597887 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.209018946 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.209777117 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.210412979 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.210628986 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.210648060 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.210846901 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.252621889 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.273689032 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.273976088 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.400813103 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.400849104 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.400875092 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.401046038 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.401079893 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.445024967 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.445213079 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.477485895 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.478375912 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.478852987 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.591461897 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.598661900 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.635584116 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.636754036 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.680263996 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.688852072 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.735678911 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.735853910 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.789170980 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.789215088 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.789458036 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.827224016 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.827255011 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.827452898 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.891582966 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.891721010 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.891833067 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.892723083 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.893441916 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.894722939 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.928392887 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.928601027 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.980046034 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.980072021 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.980150938 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:44.980204105 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:44.980245113 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.017946005 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.017980099 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.018162966 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.018359900 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.094899893 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.094934940 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.096122980 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.096419096 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.097737074 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.119085073 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.119195938 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.170743942 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.170764923 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.170833111 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.170866966 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.170975924 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.170986891 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.171030998 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.171294928 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.209105015 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209127903 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209136963 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209147930 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209327936 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209358931 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.209472895 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.209716082 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.209743023 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.299293041 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.300466061 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.301150084 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.309757948 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.309855938 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.361274958 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.361298084 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.361305952 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.361316919 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.361450911 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.361494064 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.361557961 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.361619949 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.399743080 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.399761915 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.399872065 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.399909973 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.400012016 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.400044918 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.400070906 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.400249004 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.401370049 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.500258923 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.500289917 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.500300884 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.500411034 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.502624035 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.505501986 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.505966902 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.551929951 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.551953077 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.552040100 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.552054882 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.552134037 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.552175999 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.552234888 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.552306890 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.590413094 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.590435028 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.590574026 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.590598106 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.590624094 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.590698004 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.591783047 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.591814995 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.591861010 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.591891050 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.592034101 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.592093945 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.690870047 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.690887928 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.690895081 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.691138983 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.691361904 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.707494974 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.708234072 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.708790064 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.742621899 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.742657900 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.742666960 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.742672920 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.742831945 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.742955923 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.742989063 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.781176090 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781198978 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781351089 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781405926 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.781440973 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.781547070 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781558990 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781595945 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.781615973 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.781645060 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.782355070 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.782439947 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.782478094 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.782541037 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.782682896 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.782740116 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.881764889 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.881793022 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.881977081 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.882038116 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.911783934 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.933466911 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.933485031 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.933573008 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.933621883 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.933664083 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.945517063 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.946098089 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.971926928 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.971949100 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.972033978 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.972198009 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.972511053 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.972743034 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.972820044 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.972820044 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.972835064 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.972868919 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.972901106 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.973115921 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:45.973182917 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:45.976104021 CET	49795	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.072309017 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.072335005 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.072343111 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.072395086 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.072444916 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.072783947 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.123996973 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.124022961 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.124110937 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.124123096 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.124146938 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.124188900 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.124303102 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.124350071 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.124407053 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.147584915 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.148375988 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.149024010 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.149305105 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.149480104 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.149632931 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.149825096 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.149954081 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.150085926 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.150202990 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.162494898 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.162520885 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.162530899 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.162570953 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.162604094 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.162811041 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.162873030 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.163006067 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.163141966 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.163145065 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.163213968 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.163446903 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.163538933 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.264391899 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.264424086 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.264532089 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.264605999 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.264982939 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.314498901 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.314527988 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.314541101 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.314573050 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.314615965 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.314651012 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.314661980 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.314718962 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.314764977 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.350538969 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.350570917 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.350883007 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.350899935 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.351358891 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.351372957 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.351499081 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.352916002 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.352932930 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.352983952 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.352994919 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.353053093 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.353266001 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.353348017 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.353506088 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.353583097 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.353745937 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.353823900 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.353868961 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.353934050 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.365009069 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.417035103 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.457067013 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.457093954 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.457441092 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.457614899 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.457987070 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.507373095 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:46.507500887 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.536802053 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.807636976 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:46.839296103 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:47.151906013 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:47.420063972 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:47.760900021 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.535778046 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535839081 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535855055 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535865068 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535875082 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535886049 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.535916090 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.535943985 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.536005020 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.536022902 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.536037922 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.536137104 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.536269903 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.536292076 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.690964937 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.690998077 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.691015005 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.691032887 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.691055059 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.691075087 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.691086054 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.691205978 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.691251993 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.702347040 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.703517914 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.703557968 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.704082012 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.705358982 CET	49802	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.726326942 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.726577997 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.726602077 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.726681948 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.726703882 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.729367018 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.881720066 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.881736040 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.881752968 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.881882906 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.881999016 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.882011890 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.882077932 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.882106066 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.882174015 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.882253885 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.882308006 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.905683041 CET	587	49802	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.917112112 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.917207956 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.917212963 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.917248964 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.917304039 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.917366028 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.919734001 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.919882059 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.919955015 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:48.920047045 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:48.993065119 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.073955059 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.073990107 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.074037075 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.074429035 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.074646950 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.074691057 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.074729919 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.074791908 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.109563112 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.109807968 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.109934092 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.110016108 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.111566067 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.111721992 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.112065077 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.112140894 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.183751106 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.184197903 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.264828920 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.264929056 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265023947 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265039921 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265059948 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265130043 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265135050 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265161037 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265183926 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265193939 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265371084 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.265404940 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265500069 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.265769005 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.266156912 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.266268015 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.266483068 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.300250053 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.300276995 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.300295115 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.300379992 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.300427914 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.300438881 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.300651073 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.302072048 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.302489996 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.302613020 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.376130104 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.376744032 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.458333015 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.458558083 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.458673000 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.458743095 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.458758116 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.458797932 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.458894968 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.459007978 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.459285975 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.459372997 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.459445000 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.459573984 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.459636927 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.460268021 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.460292101 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.460378885 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.460422039 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.460745096 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.490871906 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.491055965 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.491738081 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.491774082 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.491792917 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.491837978 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.491867065 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.492945910 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.492970943 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.492980003 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.493630886 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.568509102 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.568742037 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.571069002 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.649166107 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.649188042 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.649285078 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.649398088 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.649491072 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.649575949 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.649662971 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.649669886 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.649776936 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650008917 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.650022030 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650091887 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.650660038 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650687933 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650734901 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650815010 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.650923967 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.650988102 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.681514978 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.681735992 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.682236910 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.682270050 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.682341099 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.682379007 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.684206009 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.684230089 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.684319019 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.761332035 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.763991117 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.842834949 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.842959881 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843061924 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843091965 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843096972 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843154907 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843250036 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843276978 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843312979 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843456030 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.843544006 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843839884 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843888044 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.843928099 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.844042063 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.844484091 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.844880104 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.844917059 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.875442028 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.875642061 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.875943899 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.876256943 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.877816916 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.877952099 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.878130913 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.878345013 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.878475904 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.879198074 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.954201937 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.954368114 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.954562902 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:49.954658985 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.957845926 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:49.958856106 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.033670902 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.033694983 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.033817053 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.033879995 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.033926964 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.033938885 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034018040 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034106016 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034132957 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034312010 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034425974 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034503937 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034534931 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034672022 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034748077 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034753084 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034846067 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.034887075 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.034953117 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.035242081 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.035262108 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.035336971 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.035355091 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.066212893 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.066524982 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.066978931 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.066997051 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.067039013 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.067069054 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.067146063 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.068490028 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.068602085 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.068897009 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.069350958 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.069365978 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.069680929 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.148185968 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.148205042 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.148879051 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.149311066 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.149940968 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.170002937 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224483013 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224524975 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224540949 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224556923 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224832058 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224854946 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.224895000 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.225236893 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.225266933 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.225636959 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.257025957 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.257353067 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.257606983 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.257630110 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.258794069 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.259604931 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.271317005 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.320473909 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.341661930 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.343364954 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.360486031 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.552958965 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.555299044 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.555936098 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.748533964 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.749072075 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.749725103 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:50.942343950 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.965986967 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:50.966533899 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.156645060 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.157426119 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.158219099 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158456087 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158468008 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158776045 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158782959 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158940077 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.158947945 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.159205914 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.348301888 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.348370075 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.348742008 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.348843098 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.349133968 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.357678890 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.402012110 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.413710117 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.491231918 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.603892088 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.604371071 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.604402065 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.605297089 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.605321884 CET	49803	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.681638956 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.683098078 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.683113098 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.683960915 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.683984041 CET	49801	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.796503067 CET	587	49803	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.874264956 CET	587	49801	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:51.877419949 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:51.882539988 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.067889929 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.068624020 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.073224068 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.074588060 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.260323048 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.260835886 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.267551899 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.269411087 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.451788902 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.452074051 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.452435970 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.459775925 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.460019112 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.460841894 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.644531012 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.645127058 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.653999090 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.655324936 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.835089922 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.835186958 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.835208893 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.835378885 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.836880922 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.837713957 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.845618010 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.845668077 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.845695972 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:52.845825911 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.848761082 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:52.849666119 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.029133081 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.029535055 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.030157089 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.030400038 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.041179895 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.041208982 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.042234898 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.042630911 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.045357943 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.073694944 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.074469090 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.235503912 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.236418009 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.237404108 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.264427900 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.266259909 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.267226934 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.429955006 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.432326078 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.434752941 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.459705114 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.463150024 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.463742018 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.624828100 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.625449896 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.627396107 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.653681040 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.654453039 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.654879093 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.818644047 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.843288898 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.844769955 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.845614910 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:53.870467901 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:53.871407986 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.037595034 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.038660049 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.063215017 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.063860893 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.064472914 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.064754963 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.064938068 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.065118074 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.065279961 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.065416098 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.065547943 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.065675020 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071012974 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071270943 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071643114 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071655989 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071923018 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.071933031 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.072169065 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.072180033 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.254452944 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.254961014 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.254976988 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.255275011 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.255388975 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.255677938 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.261192083 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.261235952 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.261672020 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.261965990 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.262202978 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.262265921 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.264640093 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.265655041 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.271908045 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.275449991 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.455672026 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.456226110 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.456245899 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.456315041 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.456965923 CET	49804	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.465636015 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.466109991 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.466121912 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.466334105 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.467082977 CET	49805	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.613370895 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.632890940 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.646887064 CET	587	49804	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.657124043 CET	587	49805	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.805814028 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.805896997 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.823754072 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.823976040 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:54.997694969 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:54.998035908 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.015147924 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.015799999 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.189466953 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.189517021 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.190080881 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.206564903 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.206698895 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.207362890 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.380321980 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.381218910 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.397460938 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.399213076 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.571609020 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.571630955 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.571880102 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.574095011 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.575582981 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.589483023 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.589510918 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.589665890 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.592758894 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.594443083 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.764393091 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.764432907 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.765921116 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.766887903 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.767602921 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.782773018 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.782795906 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.784462929 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.785185099 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.841172934 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.860850096 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:55.958146095 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.961564064 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:55.962296963 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.051517010 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.053514957 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.055437088 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.152684927 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.155224085 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.156131983 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.247787952 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.252553940 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.253802061 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.349725962 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.350186110 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.350814104 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.413619995 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.413852930 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.429127932 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.429320097 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.444231033 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.444854975 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.446074009 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.545530081 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.571569920 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.572947979 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.636713028 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.660300970 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.661518097 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.765531063 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.766875029 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.767568111 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.767852068 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768208981 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768222094 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768490076 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768498898 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768702030 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.768711090 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.852479935 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.852986097 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.853490114 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.853621006 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.853760004 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.853899002 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.854022026 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.854054928 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.854233027 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.854252100 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:56.961021900 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.961396933 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.962135077 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.971070051 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:56.973082066 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.043889999 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.043915033 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.043937922 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.044375896 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.044404984 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.054326057 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.055649996 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.163373947 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.164669991 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.164688110 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.165600061 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.166789055 CET	49806	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.245904922 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.246716022 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.246746063 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.246880054 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.247586012 CET	49807	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.318015099 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.359987020 CET	587	49806	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.437808037 CET	587	49807	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.481107950 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.508873940 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.509018898 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.673760891 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.676063061 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.700922012 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.701092958 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.870578051 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.870820045 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:57.893893003 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.894201040 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:57.894429922 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.062249899 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.062791109 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.062974930 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.086261034 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.088372946 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.252882957 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.253350019 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.278717041 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.278867006 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.278996944 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.279187918 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.279815912 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.280236006 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.443253040 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.443403006 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.443646908 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.443795919 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.444725990 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.444746971 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.470233917 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.470254898 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.470323086 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.471723080 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.472227097 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.634628057 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.634654999 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.635185003 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.635596991 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.662513971 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.663494110 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.663846016 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.825478077 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.826508045 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.827862978 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:58.854172945 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.856637955 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:58.856940031 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.017750978 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.019814968 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.020622015 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.047278881 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.047805071 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.048080921 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.210618019 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.211376905 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.211716890 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.238432884 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.262876987 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.263194084 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.401612043 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.423310995 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.427890062 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.456042051 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.456800938 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.457281113 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457432032 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457442999 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457597017 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457612991 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457755089 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457813025 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.457819939 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.617886066 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.618697882 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.619127035 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619146109 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619178057 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619180918 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619266987 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619275093 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619302034 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.619304895 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.647599936 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.647620916 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.647705078 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.647717953 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.647901058 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.647936106 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.656075001 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.699959040 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.759649038 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.809170961 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.809195995 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.817970037 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.871179104 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.873671055 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.950843096 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.951399088 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.951412916 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:54:59.951932907 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.951965094 CET	49808	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:54:59.952323914 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.065478086 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.066481113 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.066500902 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.067019939 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.067068100 CET	49809	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.067401886 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.142277002 CET	587	49808	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.142802000 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.142961979 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.258932114 CET	587	49809	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.260111094 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.260307074 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.334939957 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.336182117 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.452255964 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.452501059 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.529043913 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.529437065 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.529710054 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.642472029 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.642693043 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.642937899 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.720020056 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.720601082 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.833960056 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.834414005 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.910953999 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.910985947 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:00.911427021 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.911839008 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:00.912230968 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.027297020 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.027335882 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.027589083 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.028630018 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.029150963 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.104605913 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.104650974 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.105027914 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.105607986 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.106021881 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.220170021 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.220252037 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.220846891 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.221138954 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.296363115 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.297842026 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.298408031 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.413407087 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.415004015 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.415421963 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.488486052 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.500060081 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.500442028 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.605488062 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.609414101 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.609774113 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.690613031 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.691792965 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.692070007 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.802427053 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.802910089 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.803172112 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.883223057 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.904234886 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:01.904519081 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:01.998213053 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.019262075 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.019547939 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.095772028 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.095825911 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.096774101 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.096828938 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.097274065 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.097467899 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.134099007 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.212311983 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.213457108 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.213983059 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214045048 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214112997 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214174032 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214215994 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214260101 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214272022 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.214288950 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.287436962 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.287491083 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.287569046 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.287693024 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.324450970 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.324585915 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.404092073 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.404128075 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.404162884 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.404212952 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.404232979 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.441612959 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.442590952 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.478230000 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.478492975 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.515120983 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.515306950 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.615354061 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.615580082 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.632860899 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.633204937 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.633229017 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.633322954 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.633738995 CET	49811	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.634077072 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.668973923 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.669014931 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.669238091 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.669302940 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.705549955 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.705712080 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.705730915 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.705740929 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.705809116 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.806066990 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.806242943 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.824007988 CET	587	49811	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.836349010 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.836569071 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.859406948 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.859549999 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.859558105 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.859565973 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.859666109 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.896209955 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.896236897 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.896250010 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.896260977 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.896485090 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.896547079 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.896610975 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.999002934 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.999043941 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:02.999135017 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:02.999176025 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.041965008 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.042279005 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.052658081 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.052692890 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.052736044 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.052979946 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.089283943 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.089306116 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.089359999 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.089420080 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.089668989 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.089700937 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.089764118 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.089808941 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.189336061 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.189393997 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.189528942 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.243139029 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.243166924 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.243366957 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.243451118 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.243577003 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.243634939 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.243681908 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.243741035 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.243761063 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.244170904 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.246289968 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.281192064 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.281213999 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.281303883 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.281354904 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.281424046 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.282351971 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.282424927 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.282526970 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.282598019 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.379621029 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.379648924 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.379731894 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.379971981 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.380048037 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.433478117 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.433501005 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.433628082 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.433701992 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.433752060 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.433828115 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.447788954 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.450232029 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.473434925 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.473458052 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.473464966 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.473479033 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.473577976 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.473629951 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.473710060 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.473793030 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.474082947 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.474168062 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.474291086 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.474380970 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.571731091 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.571764946 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.571916103 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.572145939 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.572263002 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.572345972 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.625893116 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.625919104 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.625930071 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.626022100 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.626182079 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.626252890 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.651880980 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.651904106 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.652352095 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.652973890 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.653424978 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.663790941 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.663815975 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.663930893 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.664028883 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.664084911 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.664108038 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.664180040 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.664201021 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.664258003 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.664421082 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.664467096 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.664637089 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.762227058 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.762275934 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.762305021 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.762347937 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.762430906 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.762492895 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.762604952 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.816186905 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.816214085 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.816301107 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.816304922 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.816318035 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.816368103 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.816400051 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.816458941 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.816520929 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.854190111 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854213953 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854384899 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854403019 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.854429960 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854444981 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.854722977 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854737997 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.854790926 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.854818106 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.854979038 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.855110884 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.855128050 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.855248928 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.857232094 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.858298063 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:03.955274105 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.955297947 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.955312014 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:03.955408096 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.011951923 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.011992931 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.012007952 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.012025118 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.012243986 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.047584057 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.047724962 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.047959089 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.047985077 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.048024893 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.048074007 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.048171997 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.048238993 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.048770905 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.048803091 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.048820972 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.048887968 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.048928976 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.049355030 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.049432993 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.064908981 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.069094896 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.069420099 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.145786047 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.145808935 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.145977020 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.202742100 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.202766895 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.202775002 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.202930927 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.202991009 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.203057051 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.203182936 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.237823009 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.238028049 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.238049984 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.238116980 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.238163948 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.238230944 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.238281965 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.238347054 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.238919973 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239006996 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239021063 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.239061117 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.239207983 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239289045 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239298105 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.239306927 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239409924 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.239480972 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.239546061 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.270987034 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.273996115 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.274301052 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.337455034 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.337615013 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.337816954 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.337831974 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.337843895 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.337953091 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.393347979 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.393419027 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.393486023 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.393498898 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.393557072 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.393635988 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.428353071 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.428425074 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.428535938 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.428580046 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.428797960 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.429415941 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.429454088 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.429522991 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.429558039 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.429595947 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.429608107 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.429656029 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.429734945 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.429858923 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.429912090 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.477888107 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.478697062 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.479012966 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.530637980 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.530664921 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.530672073 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.530812025 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.530885935 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.585758924 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.585905075 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.586318970 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.586405993 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.586431980 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.586505890 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.618767023 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.618803024 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.618820906 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.618849039 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.618865013 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.618905067 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.618932962 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.619144917 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.619539022 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.619561911 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.619637966 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.619658947 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.619729042 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.619729042 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.619786978 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.619918108 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.619971991 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.680558920 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.703067064 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.703370094 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.720936060 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.720959902 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.720968008 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.721136093 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.721205950 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.778609991 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.778635979 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.778750896 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.778831005 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.779402971 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.779530048 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809113026 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809142113 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809206009 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809286118 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809339046 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809544086 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809758902 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809839964 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809854984 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809900999 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.809937000 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.809990883 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.810031891 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.810043097 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.810105085 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.810261965 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.810336113 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.904845953 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.905798912 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.906213045 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906260014 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906289101 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906342983 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906403065 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906424999 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906445980 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.906466007 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.911696911 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.911886930 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.912254095 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.912352085 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.913856030 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.913975000 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.969152927 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.969182014 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.969276905 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.969656944 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.969676971 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.969768047 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.970216036 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.970288992 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:04.999906063 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.999932051 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.999941111 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.999953032 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:04.999963999 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.000128984 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.000134945 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.000143051 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.000194073 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.000217915 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.000380039 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.000380993 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.000438929 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.102073908 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.102257967 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.102380991 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.102451086 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.104846001 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.104870081 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.104932070 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.107733011 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.107777119 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.107789993 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.107800961 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.121526957 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.122390985 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.160435915 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.160644054 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.160923004 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.161001921 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.162045002 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.162147999 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.162162066 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.162166119 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.162214994 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.162252903 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.192398071 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.192429066 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.192445993 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.192559958 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.192964077 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.192981958 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.193059921 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.193062067 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.193082094 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.193099022 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.193147898 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.193182945 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.292356968 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.292388916 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.292429924 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.292440891 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.292468071 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.292500019 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.295027018 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.295121908 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.295272112 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.323867083 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.324508905 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.324523926 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.324594975 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.324960947 CET	49812	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.325206041 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.350792885 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.350867987 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.351002932 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.351052046 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.352124929 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.352183104 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.352241039 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.352271080 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.352288961 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.352317095 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.352473974 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.352524996 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.382606030 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.382627010 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.382669926 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.382719040 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.382764101 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.382811069 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.382854939 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.383136034 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.383162022 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.383203030 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.383219957 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.383292913 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.383591890 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.383680105 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.482537031 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.482660055 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.485438108 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.485472918 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.485577106 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.485698938 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.517215967 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.517395020 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.528084040 CET	587	49812	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.540967941 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.541137934 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.542653084 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.542749882 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.543956995 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.544013023 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.544051886 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.544100046 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.572798967 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.572823048 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.572949886 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.572967052 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573012114 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573052883 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573132038 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.573184967 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573225021 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.573275089 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573277950 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.573328018 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573405981 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.573473930 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573631048 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.573759079 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.573821068 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.672792912 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.672816992 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.672910929 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.675529003 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.675595999 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.675630093 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.675642967 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.675694942 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.675878048 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.709295034 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.709516048 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.731317997 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.731420040 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.732793093 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.732862949 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.734129906 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.734154940 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.734217882 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.734236956 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.734272957 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.734335899 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.763489962 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.763525009 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.763551950 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.763715029 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.763721943 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.763783932 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.763813972 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.763928890 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.764180899 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.865417957 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.865562916 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.865807056 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.865911007 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.868211985 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.868319988 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.868846893 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.868940115 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.899972916 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.900187016 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.900346041 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.921674013 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.921823978 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.922918081 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.923024893 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.924307108 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.924370050 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.924395084 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.924423933 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.924447060 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.924568892 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.924707890 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.924772978 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.953948975 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.954066992 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.954087973 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.954134941 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.954183102 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.954235077 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.954302073 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.954438925 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.954464912 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:05.954628944 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.955009937 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:05.955363989 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.058696032 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.058716059 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.059353113 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.059371948 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.091825962 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.092263937 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.112025023 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.113085985 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.114623070 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.114650011 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.114701986 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.114989996 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.145502090 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.145551920 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.145590067 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.161034107 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.164211035 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.282461882 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.282536983 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.282567978 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.282754898 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.283770084 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.284147978 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.354322910 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.354980946 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.355012894 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.355138063 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.355568886 CET	49810	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.357409000 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.473886967 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.473925114 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.474236012 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.474646091 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.475375891 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.545667887 CET	587	49810	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.547787905 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.548491001 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.665498018 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.666775942 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.667152882 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.739952087 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.741314888 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.859016895 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.862740993 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.863149881 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:06.931375980 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.931937933 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:06.933430910 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.053359032 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.053981066 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.054224014 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.123622894 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.124551058 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.244344950 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.271159887 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.271728039 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.314534903 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.314686060 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.314876080 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.315849066 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.315876961 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.316777945 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.463187933 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.464441061 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.464883089 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.464915991 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.464963913 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.465068102 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.465146065 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.465168953 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.465202093 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.465234995 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.507947922 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.507973909 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.508418083 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.513864040 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.514707088 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.655251980 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.655280113 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.655287027 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.664000034 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.704832077 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.707501888 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.707981110 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.715620041 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.760586977 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.900310040 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.904375076 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.904764891 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.950875998 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.951420069 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.951455116 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:07.951567888 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.952081919 CET	49813	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:07.952464104 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.096882105 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.097374916 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.097760916 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.144485950 CET	587	49813	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.144849062 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.144994974 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.287899017 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.308249950 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.308789968 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.336911917 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.337141037 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.498805046 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.499483109 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.499947071 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.499975920 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500072002 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500080109 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500173092 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500181913 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500236988 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.500245094 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.527137041 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.527364016 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.527591944 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.692652941 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.692697048 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.708000898 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.710088015 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.717672110 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.718339920 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.900291920 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.901058912 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.901093006 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.901457071 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.901920080 CET	49814	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.901966095 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.908484936 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.908706903 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.908741951 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:08.908824921 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.909504890 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:08.910015106 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.091955900 CET	587	49814	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.092308044 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.094733000 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.099502087 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.099534035 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.099910975 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.100222111 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.100625038 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.286880016 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.287231922 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.290641069 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.292704105 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.293092012 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.477569103 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.477727890 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.480767965 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.483331919 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.487139940 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.487461090 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.670908928 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.671495914 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.677527905 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.679204941 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.679491997 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.861673117 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.861707926 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.862128973 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.862788916 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.863212109 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.864789963 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:09.869585037 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.898773909 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:09.899287939 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.053347111 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.053374052 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.054898977 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.055341959 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.056200027 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.089368105 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.090298891 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.091089964 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.091121912 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.091253042 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.094952106 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.132329941 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.246316910 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.247764111 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.248316050 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.281198978 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.281225920 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.281856060 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.282269001 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.285003901 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.322588921 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.325176001 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.438359976 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.440785885 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.445180893 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.472413063 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.473171949 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.515275002 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.515311956 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.515471935 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.515511036 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.638149977 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.638991117 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.641437054 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.666451931 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.671608925 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.705575943 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.705708027 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.708935022 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.833776951 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.858285904 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.859708071 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.864070892 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.864089966 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.864099026 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.864260912 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.864319086 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.901634932 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.901701927 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.901716948 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:10.901726961 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.901854992 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:10.901892900 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.049827099 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.051547050 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.051848888 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051872969 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051898003 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051928043 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051964045 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051983118 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.051996946 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.052012920 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.054271936 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.054343939 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.054362059 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.054409027 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.054466009 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.054511070 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.054577112 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.092293978 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.092324018 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.092415094 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.092418909 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.092457056 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.092479944 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.094432116 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.094508886 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.094547987 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.094584942 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.094599009 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.094656944 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.241986036 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.242016077 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244425058 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244508982 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244545937 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.244582891 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.244590044 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244640112 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.244685888 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244752884 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244754076 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.244812012 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.244920969 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.244978905 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.259171009 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.259839058 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.282644987 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.282680035 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.282690048 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.282757998 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.282840014 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.282896042 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.283056974 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.284612894 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.284640074 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.284729004 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.284763098 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.284818888 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.284820080 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.284874916 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.434721947 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.434747934 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.434756041 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.434844971 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.434891939 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.435024023 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.435060024 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.435112953 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.435141087 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.441528082 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.449740887 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.451323032 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.451340914 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.451391935 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.452176094 CET	49816	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.452630997 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.475003958 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475027084 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475034952 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475045919 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475056887 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475066900 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475080013 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.475173950 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.475410938 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.475505114 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.616055012 CET	587	49781	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.616229057 CET	49781	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.627046108 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.627137899 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.627156019 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.627187014 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.627233028 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.627290964 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.627347946 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.627474070 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.627545118 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.630673885 CET	587	49782	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.630774975 CET	49782	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.634185076 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.634354115 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.643956900 CET	587	49816	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.645111084 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.645239115 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667376995 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.667485952 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667629004 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.667644024 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.667680979 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667714119 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667735100 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.667794943 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667839050 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.667891026 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.667942047 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.668006897 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.668246984 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.668324947 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.668448925 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.770307064 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.770406961 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.817266941 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817290068 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817329884 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817434072 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.817483902 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.817529917 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817542076 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817608118 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.817737103 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.817792892 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.825762987 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.826100111 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.842029095 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.842259884 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.860615969 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.860696077 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.860707998 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.860876083 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.860888958 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.860913992 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.860949039 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.861466885 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.861534119 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.861717939 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:11.861783981 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:11.861915112 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.007529974 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.007555962 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.007601976 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.007656097 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.007698059 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.007814884 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.007829905 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.007885933 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.009027958 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.009104013 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.016391039 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.016412973 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.016590118 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.033798933 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.033821106 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.034054995 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.052418947 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.052443027 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.052580118 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.052848101 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.052861929 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.052921057 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.052967072 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.052979946 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.053028107 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.053618908 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.053632975 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.053694963 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.053863049 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.199377060 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.199402094 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.199413061 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.199424028 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.199568033 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.201088905 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.201185942 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.209115982 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.216262102 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.227118015 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.227624893 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.244035006 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244056940 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244230032 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.244528055 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244541883 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244620085 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.244636059 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244647980 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.244709015 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.245784998 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.245805025 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.245878935 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.246884108 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.246956110 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.247211933 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.389774084 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.389795065 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.389942884 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.390311956 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.390415907 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.391235113 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.391339064 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.407529116 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.409461021 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.409482956 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.409502983 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.409574032 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.418804884 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.419097900 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.419111967 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.419187069 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.420258999 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.420628071 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.434493065 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434506893 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434607983 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.434657097 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434670925 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434681892 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434710026 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.434756041 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.434778929 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.434832096 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.434952021 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.436836004 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.436925888 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.437064886 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.437077045 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.437141895 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.437963963 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.438051939 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.438226938 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.450306892 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.581793070 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.581813097 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.581937075 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.581994057 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.582269907 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.582284927 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.582343102 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.582957983 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.582971096 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.582982063 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.583034039 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.583070040 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.603190899 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.606211901 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.612124920 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.612140894 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.612827063 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.612842083 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.613132000 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.626760006 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.626775980 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.626784086 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.626873970 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.626931906 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.626986980 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.627114058 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.628796101 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.628880978 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.628967047 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.628979921 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.629038095 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.630407095 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.630630016 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.630665064 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.773830891 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.773854017 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.774096012 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.774146080 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.774250984 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.774291039 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.774312973 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.774358988 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.774626017 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.774688005 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.774887085 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.774960995 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.777066946 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.777134895 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.798998117 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.799025059 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.799035072 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.799245119 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.805110931 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.808130980 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.813097954 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.813357115 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.818782091 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.818804979 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.818814039 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.819068909 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.819197893 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.820400953 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.820416927 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.820492983 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.820537090 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.821060896 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.821115017 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.823925018 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.824033976 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.824253082 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.964186907 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.964224100 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.964339018 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.964368105 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.964457989 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.964951038 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.965028048 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.967133999 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.967251062 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:12.998805046 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:12.999902964 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.000375032 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.003721952 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.006506920 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.006808996 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.009154081 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.009169102 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.009176016 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.009305000 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.009371042 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.009435892 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.009448051 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.009516954 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.009546041 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.009582043 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.010458946 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.010564089 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.010586977 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.010632038 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.011130095 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.011234045 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.013999939 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.014127016 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.014935970 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.015045881 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.156672001 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.156696081 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.156702995 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.156728983 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.156970024 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.157932043 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.158061981 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.160140038 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.160271883 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.190452099 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.191446066 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.191807985 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.196887970 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.197439909 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.197915077 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.199315071 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.199389935 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.199592113 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.199742079 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.200160027 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.200334072 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.200556993 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.200608015 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.200623989 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.200675964 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.201154947 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.201208115 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.204211950 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.204293013 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.204972982 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.205071926 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.347207069 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.347235918 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.347366095 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.347438097 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.348135948 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.348226070 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.350344896 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.350462914 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.381877899 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.384486914 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.384888887 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.387948990 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.389435053 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.389595985 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.389699936 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.389776945 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.389951944 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390003920 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390022039 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.390074968 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.390131950 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390202999 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.390330076 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390391111 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.390414000 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390497923 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.390568018 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390661955 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.390733004 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.391176939 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.391254902 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.394345999 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.394471884 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.395170927 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.395260096 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.395452023 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.410208941 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.410556078 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.539589882 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.539621115 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.539628983 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.539635897 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.539839983 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.540195942 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.540285110 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.542378902 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.542515993 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.576891899 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.577569008 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.577943087 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.582465887 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.582645893 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.582756996 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.582834005 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.583040953 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.583054066 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.583137989 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.584269047 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.584290028 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.584300995 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.584397078 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.593470097 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.593492985 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.593575954 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.593620062 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.593641996 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.603257895 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.604159117 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.604547977 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604583979 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604617119 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604665995 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604722977 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604748011 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604762077 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.604782104 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.729974985 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.730000019 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.730031967 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.730114937 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.730169058 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.730222940 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.730360031 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.730531931 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.732604980 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.732718945 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.768122911 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.772836924 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.772861958 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.772888899 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.773015976 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.773119926 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.773175955 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.773188114 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.773233891 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.773260117 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.773297071 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.773365021 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.774455070 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.774477959 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.774534941 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.774564028 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.774575949 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.774606943 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.774641037 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.783698082 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.788736105 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.788925886 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.793466091 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.794610023 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.794740915 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.794855118 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.804575920 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.856676102 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.869797945 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.920314074 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.920337915 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.920378923 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.920463085 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.920511961 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.920614958 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.920680046 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.922723055 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.922840118 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.963099003 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.963123083 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.963219881 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.963232994 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.963260889 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.963401079 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.963424921 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.963438988 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.963464975 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.964575052 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.964591980 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.978857040 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.978878975 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.984966993 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.986211061 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:13.987078905 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.987138987 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.987165928 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:13.987181902 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.060645103 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.061482906 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.061502934 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.061588049 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.061989069 CET	49818	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.062236071 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.111857891 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.111884117 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.111891985 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.112471104 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.112489939 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.114734888 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.153305054 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.153328896 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.153336048 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.153342962 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.171602011 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.174644947 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.177930117 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.189030886 CET	587	49817	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.231758118 CET	49817	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.251977921 CET	587	49818	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.263998032 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.264080048 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.364696980 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.365536928 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.365562916 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.365700006 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.366096973 CET	49815	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.366359949 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.469098091 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.469307899 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.556076050 CET	587	49815	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.556485891 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.556562901 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.670787096 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.670991898 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.671222925 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.748943090 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.749162912 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.872647047 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.873070955 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:14.938996077 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.939352989 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:14.939585924 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.074661970 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.074687958 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.077409029 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.077987909 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.078332901 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.129380941 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.130191088 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.279347897 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.279372931 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.279577971 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.280031919 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.280324936 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.319997072 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.320152044 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.320228100 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.321083069 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.321106911 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.321613073 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.481703997 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.483053923 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.483393908 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.510902882 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.510932922 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.511293888 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.513262987 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.513786077 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.684689999 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.687148094 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.687488079 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.707642078 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.707803965 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.708092928 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.888797045 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.890202045 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.890549898 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:15.898039103 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.901309967 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:15.901575089 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.094080925 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.094585896 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.095334053 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.095730066 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.116856098 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.117273092 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.285495996 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.308597088 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.309009075 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.318660021 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.319833040 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.320281982 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320318937 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320394039 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320439100 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320502043 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320528984 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320555925 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.320579052 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.499398947 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.500221968 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.500694990 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.500731945 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.500801086 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.500920057 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.500971079 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.500996113 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.501032114 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.501045942 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.523823977 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.523868084 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.523879051 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.523894072 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.538733006 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.539479017 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.691535950 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.691564083 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.691572905 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.705698967 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.706855059 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.740868092 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.741343975 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.741364002 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.741461992 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.741940975 CET	49819	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.742301941 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.896703005 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.897969961 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.897998095 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.898566008 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.898627996 CET	49820	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.898946047 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.933068037 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:16.933399916 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:16.943242073 CET	587	49819	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.088501930 CET	587	49820	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.089459896 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.089659929 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.125241041 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.125453949 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.282188892 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.282394886 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.315850973 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.316113949 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.316272974 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.472611904 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.472850084 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.473069906 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.506520987 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.507076025 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.663238049 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.663712978 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.697319984 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.697510004 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.697840929 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.697946072 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.698383093 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.698766947 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.855818987 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.855994940 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.856010914 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.856158018 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.857007027 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.857440948 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:17.890930891 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.890974045 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.891093016 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.891480923 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:17.891928911 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.047914982 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.047935009 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.049179077 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.051635981 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.051980972 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.082314014 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.085702896 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.086050987 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.244577885 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.245980024 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.246296883 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.276352882 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.280334949 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.280549049 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.438421011 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.451805115 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.452080965 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.471029043 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.471441984 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.471697092 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.642313957 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.642901897 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.643156052 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.662081003 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.682394981 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.682738066 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.835319996 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.865643024 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.866102934 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.873047113 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.874063969 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:18.876795053 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876827002 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876832008 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876836061 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876878977 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876916885 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876919985 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:18.876923084 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.058304071 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.059150934 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.059537888 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059567928 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059572935 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059585094 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059639931 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059648037 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059650898 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.059875965 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.067154884 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.067298889 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.076122999 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.077898979 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.251688957 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.251730919 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.251756907 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.264213085 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.265619993 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.270684004 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.271312952 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.271341085 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.273992062 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.274025917 CET	49821	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.277548075 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.455853939 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.456950903 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.456990957 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.457638025 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.458149910 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.458153009 CET	49822	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.464833021 CET	587	49821	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.470421076 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.470787048 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.648406029 CET	587	49822	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.660129070 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.660372972 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.663860083 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.664026976 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.854093075 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.854288101 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.854476929 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:19.863238096 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:19.863399982 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.047234058 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.047812939 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.067437887 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.067862034 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.068080902 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.240181923 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.240407944 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.240425110 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.240489960 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.241255045 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.241712093 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.271485090 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.272114992 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.431282043 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.431305885 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.431647062 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.431999922 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.432276964 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.473835945 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.473882914 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.474597931 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.475198030 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.475568056 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.622611046 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.623615026 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.624000072 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.676719904 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.676744938 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.676861048 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.677234888 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.677568913 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.814182043 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.816653013 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.817025900 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:20.879110098 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.880795002 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:20.881218910 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.007118940 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.007818937 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.008086920 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.083343983 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.087048054 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.087591887 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.198296070 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.218895912 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:21.219217062 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.388581991 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.529181004 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.732321024 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:21.873008966 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:22.341965914 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:22.482428074 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.240854025 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.240883112 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.241105080 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.395332098 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.395524979 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.395792007 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.396482944 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.396893978 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.397017956 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.397100925 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.397180080 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.486294031 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.486329079 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.486886024 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.641602993 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.641813040 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.690366030 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.691359043 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.691755056 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.691783905 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.691793919 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.691797018 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.832159996 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.845451117 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.888744116 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.893240929 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:23.893318892 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:23.949708939 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.094918013 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.114217997 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.141329050 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.143012047 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.143037081 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.143157959 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.143835068 CET	49823	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.144326925 CET	49825	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.154556990 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.179480076 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.333980083 CET	587	49823	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.334992886 CET	587	49825	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.335120916 CET	49825	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.381249905 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.384068966 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.384092093 CET	587	49824	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.384218931 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.384644032 CET	49824	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.385004044 CET	49826	587	192.168.2.7	199.193.7.228
Feb 2, 2021 08:55:24.527071953 CET	587	49825	199.193.7.228	192.168.2.7
Feb 2, 2021 08:55:24.527304888 CET	49825	587	192.168.2.7	199.193.7.228

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 2, 2021 08:51:30.116107941 CET	58717	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:30.172230959 CET	53	58717	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:31.337563992 CET	59762	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:31.400734901 CET	53	59762	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:32.221174002 CET	54329	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:32.273967981 CET	53	54329	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:33.975642920 CET	58052	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:34.026186943 CET	53	58052	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:35.326277971 CET	54008	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:35.374140978 CET	53	54008	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:38.306018114 CET	59451	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:38.362137079 CET	53	59451	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:39.282435894 CET	52914	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:39.335496902 CET	53	52914	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:40.727047920 CET	64569	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:40.777889967 CET	53	64569	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:42.254206896 CET	52816	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:42.310305119 CET	53	52816	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:43.344412088 CET	50781	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:43.392345905 CET	53	50781	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:44.466734886 CET	54230	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:44.516629934 CET	53	54230	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:45.447211981 CET	54911	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:45.477125883 CET	49958	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:45.505021095 CET	53	54911	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:45.529052973 CET	53	49958	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:46.893997908 CET	50860	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:46.941816092 CET	53	50860	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:48.213689089 CET	50452	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:48.261679888 CET	53	50452	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:50.513789892 CET	59730	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:50.572828054 CET	53	59730	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:52.579267979 CET	59310	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:52.630502939 CET	53	59310	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:53.379492044 CET	51919	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:53.438116074 CET	53	51919	8.8.8.8	192.168.2.7
Feb 2, 2021 08:51:53.900830984 CET	64296	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:51:53.960005045 CET	53	64296	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:00.056057930 CET	56680	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:00.112185001 CET	53	56680	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:04.437439919 CET	58820	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:04.487238884 CET	53	58820	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:04.516426086 CET	60983	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:04.566323042 CET	53	60983	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:12.981060028 CET	49247	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:13.041534901 CET	53	49247	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:17.680474997 CET	52286	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:17.738408089 CET	53	52286	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:17.837726116 CET	56064	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:17.900806904 CET	53	56064	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:18.850114107 CET	63744	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:18.898106098 CET	53	63744	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:22.276596069 CET	61457	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:22.335807085 CET	53	61457	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:23.339813948 CET	58367	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:23.400106907 CET	53	58367	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:24.584064960 CET	60599	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:24.643059969 CET	53	60599	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:25.612889051 CET	59571	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:25.671786070 CET	53	59571	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:27.152910948 CET	52689	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:27.212202072 CET	53	52689	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:28.490356922 CET	50290	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:28.546897888 CET	53	50290	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:30.280812979 CET	60427	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:30.337150097 CET	53	60427	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:32.047787905 CET	56209	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:32.104201078 CET	53	56209	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:33.669477940 CET	59582	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:33.717605114 CET	53	59582	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:33.987025976 CET	60949	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:34.043262005 CET	53	60949	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:36.163332939 CET	58542	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:36.223865032 CET	53	58542	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:37.289861917 CET	59179	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:37.348948956 CET	53	59179	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:38.025207043 CET	60927	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:38.086824894 CET	53	60927	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:40.204969883 CET	57854	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:40.252991915 CET	53	57854	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:40.299511909 CET	62026	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:40.356125116 CET	53	62026	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:40.632177114 CET	59453	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:40.688971043 CET	53	59453	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:42.364404917 CET	62468	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:42.421161890 CET	53	62468	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:43.485554934 CET	52563	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:43.541801929 CET	53	52563	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:44.979003906 CET	54721	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:45.028855085 CET	53	54721	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:47.347949982 CET	62826	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:47.405642033 CET	53	62826	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:47.588212013 CET	62046	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:47.647037029 CET	53	62046	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:50.374495983 CET	51223	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:50.431301117 CET	53	51223	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:50.658818007 CET	63908	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:50.706617117 CET	53	63908	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:53.261665106 CET	49226	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:53.313534021 CET	53	49226	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:56.275100946 CET	60212	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:56.331607103 CET	53	60212	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:59.256263018 CET	58867	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:59.312505007 CET	53	58867	8.8.8.8	192.168.2.7
Feb 2, 2021 08:52:59.423389912 CET	50864	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:52:59.482912064 CET	53	50864	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:00.292697906 CET	61504	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:00.353419065 CET	53	61504	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:01.004070044 CET	60231	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:01.060314894 CET	53	60231	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:02.156910896 CET	50095	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:02.204837084 CET	53	50095	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:05.881093979 CET	59654	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:05.928864956 CET	53	59654	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:09.224340916 CET	58233	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:09.281547070 CET	53	58233	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:10.724493980 CET	56822	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:10.772320032 CET	53	56822	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:18.055473089 CET	62572	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:18.103461981 CET	53	62572	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:20.778110027 CET	57179	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:20.837517023 CET	53	57179	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:24.139029980 CET	56124	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:24.195363045 CET	53	56124	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:26.415201902 CET	62287	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:26.463123083 CET	53	62287	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:26.516926050 CET	54644	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:26.564953089 CET	53	54644	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:27.549843073 CET	59159	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:27.599453926 CET	53	59159	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:35.453262091 CET	57924	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:35.512851000 CET	53	57924	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:35.593250036 CET	51712	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:35.649574995 CET	53	51712	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:38.249537945 CET	58865	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:38.297360897 CET	53	58865	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:42.031311989 CET	64337	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:42.090331078 CET	53	64337	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:45.081511021 CET	50407	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:45.116350889 CET	61075	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:53:45.140338898 CET	53	50407	8.8.8.8	192.168.2.7
Feb 2, 2021 08:53:45.172378063 CET	53	61075	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:12.793908119 CET	54952	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:12.842149973 CET	53	54952	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:15.301547050 CET	59186	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:15.354489088 CET	53	59186	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:15.887363911 CET	52280	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:15.948564053 CET	53	52280	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:19.049554110 CET	51794	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:19.097718954 CET	53	51794	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:22.277606964 CET	50815	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:22.327384949 CET	53	50815	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:23.821609020 CET	58498	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:23.880672932 CET	53	58498	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:33.298855066 CET	56862	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:33.360323906 CET	53	56862	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:36.197577953 CET	61807	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:36.201062918 CET	52009	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:36.256642103 CET	53	61807	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:36.260183096 CET	53	52009	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:38.931622028 CET	58648	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:38.991988897 CET	53	58648	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:40.716998100 CET	59337	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:40.767158031 CET	53	59337	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:41.961437941 CET	59269	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:42.011138916 CET	53	59269	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:43.813313961 CET	49802	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:43.863847971 CET	53	49802	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:48.922760010 CET	50706	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:48.980370045 CET	53	50706	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:51.820154905 CET	55153	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:51.831574917 CET	59744	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:51.876228094 CET	53	55153	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:51.879745960 CET	53	59744	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:54.559792995 CET	59987	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:54.580755949 CET	61272	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:54.609613895 CET	53	59987	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:54.630439997 CET	53	61272	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:57.268471956 CET	54352	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:57.316422939 CET	53	54352	8.8.8.8	192.168.2.7
Feb 2, 2021 08:54:57.419401884 CET	60696	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:54:57.477765083 CET	53	60696	8.8.8.8	192.168.2.7
Feb 2, 2021 08:55:11.386878967 CET	59139	53	192.168.2.7	8.8.8.8
Feb 2, 2021 08:55:11.436451912 CET	53	59139	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Feb 2, 2021 08:51:53.379492044 CET	192.168.2.7	8.8.8.8	0xf445	Standard query (0)	69.170.12.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Feb 2, 2021 08:51:53.900830984 CET	192.168.2.7	8.8.8.8	0x6da6	Standard query (0)	whatismyipaddress.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.437439919 CET	192.168.2.7	8.8.8.8	0x6b02	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.516426086 CET	192.168.2.7	8.8.8.8	0xc21c	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:12.981060028 CET	192.168.2.7	8.8.8.8	0x872a	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:22.276596069 CET	192.168.2.7	8.8.8.8	0x849c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:23.339813948 CET	192.168.2.7	8.8.8.8	0xb3be	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:24.584064960 CET	192.168.2.7	8.8.8.8	0x9e74	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:25.612889051 CET	192.168.2.7	8.8.8.8	0x52d5	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:27.152910948 CET	192.168.2.7	8.8.8.8	0xc1d8	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:28.490356922 CET	192.168.2.7	8.8.8.8	0xc3b0	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:30.280812979 CET	192.168.2.7	8.8.8.8	0x9914	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:32.047787905 CET	192.168.2.7	8.8.8.8	0x276	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:33.987025976 CET	192.168.2.7	8.8.8.8	0xd60a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:36.163332939 CET	192.168.2.7	8.8.8.8	0xb80c	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:37.289861917 CET	192.168.2.7	8.8.8.8	0xcfe2	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:38.025207043 CET	192.168.2.7	8.8.8.8	0x220e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.204969883 CET	192.168.2.7	8.8.8.8	0x91f5	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.299511909 CET	192.168.2.7	8.8.8.8	0xfe1e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.632177114 CET	192.168.2.7	8.8.8.8	0xfc0e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:42.364404917 CET	192.168.2.7	8.8.8.8	0x368e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:43.485554934 CET	192.168.2.7	8.8.8.8	0xe0c2	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:44.979003906 CET	192.168.2.7	8.8.8.8	0xbda6	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:47.347949982 CET	192.168.2.7	8.8.8.8	0x1787	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:47.588212013 CET	192.168.2.7	8.8.8.8	0x3404	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:50.374495983 CET	192.168.2.7	8.8.8.8	0x3390	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:50.658818007 CET	192.168.2.7	8.8.8.8	0x9a1a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:53.261665106 CET	192.168.2.7	8.8.8.8	0x7125	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:56.275100946 CET	192.168.2.7	8.8.8.8	0xca4	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:59.256263018 CET	192.168.2.7	8.8.8.8	0xb67f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:59.423389912 CET	192.168.2.7	8.8.8.8	0xe5c5	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:00.292697906 CET	192.168.2.7	8.8.8.8	0x1a9c	Standard query (0)	69.170.12.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)
Feb 2, 2021 08:53:01.004070044 CET	192.168.2.7	8.8.8.8	0x3e9	Standard query (0)	whatismyipaddress.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:02.156910896 CET	192.168.2.7	8.8.8.8	0x747f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:05.881093979 CET	192.168.2.7	8.8.8.8	0x7f71	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:09.224340916 CET	192.168.2.7	8.8.8.8	0x3367	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:18.055473089 CET	192.168.2.7	8.8.8.8	0x249a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:20.778110027 CET	192.168.2.7	8.8.8.8	0x89c8	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:24.139029980 CET	192.168.2.7	8.8.8.8	0x2a46	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.415201902 CET	192.168.2.7	8.8.8.8	0x1132	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.516926050 CET	192.168.2.7	8.8.8.8	0x667a	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:27.549843073 CET	192.168.2.7	8.8.8.8	0x43b4	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:35.453262091 CET	192.168.2.7	8.8.8.8	0xba64	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:35.593250036 CET	192.168.2.7	8.8.8.8	0xbb55	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:38.249537945 CET	192.168.2.7	8.8.8.8	0x74bc	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:42.031311989 CET	192.168.2.7	8.8.8.8	0x3d6a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:45.081511021 CET	192.168.2.7	8.8.8.8	0x68c3	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:45.116350889 CET	192.168.2.7	8.8.8.8	0x5a1f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:12.793908119 CET	192.168.2.7	8.8.8.8	0xcb32	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:15.887363911 CET	192.168.2.7	8.8.8.8	0xe537	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:19.049554110 CET	192.168.2.7	8.8.8.8	0x224f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:22.277606964 CET	192.168.2.7	8.8.8.8	0xd7e	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:23.821609020 CET	192.168.2.7	8.8.8.8	0xaef0	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:33.298855066 CET	192.168.2.7	8.8.8.8	0xa8a1	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:36.197577953 CET	192.168.2.7	8.8.8.8	0x92d2	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:36.201062918 CET	192.168.2.7	8.8.8.8	0x2b45	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:38.931622028 CET	192.168.2.7	8.8.8.8	0x874f	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:40.716998100 CET	192.168.2.7	8.8.8.8	0xc8e5	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:41.961437941 CET	192.168.2.7	8.8.8.8	0x53c9	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:43.813313961 CET	192.168.2.7	8.8.8.8	0xca13	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:48.922760010 CET	192.168.2.7	8.8.8.8	0xc966	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:51.820154905 CET	192.168.2.7	8.8.8.8	0xba1a	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:51.831574917 CET	192.168.2.7	8.8.8.8	0xecd6	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:54.559792995 CET	192.168.2.7	8.8.8.8	0x5da3	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:54.580755949 CET	192.168.2.7	8.8.8.8	0xee93	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:57.268471956 CET	192.168.2.7	8.8.8.8	0x756b	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:57.419401884 CET	192.168.2.7	8.8.8.8	0xaa2b	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)
Feb 2, 2021 08:55:11.386878967 CET	192.168.2.7	8.8.8.8	0x1733	Standard query (0)	smtp.privateemail.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Feb 2, 2021 08:51:53.438116074 CET	8.8.8.8	192.168.2.7	0xf445	Name error (3)	69.170.12.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Feb 2, 2021 08:51:53.960005045 CET	8.8.8.8	192.168.2.7	0x6da6	No error (0)	whatismyipaddress.com		104.16.155.36	A (IP address)	IN (0x0001)
Feb 2, 2021 08:51:53.960005045 CET	8.8.8.8	192.168.2.7	0x6da6	No error (0)	whatismyipaddress.com		104.16.154.36	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.487238884 CET	8.8.8.8	192.168.2.7	0x6b02	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:04.566323042 CET	8.8.8.8	192.168.2.7	0xc21c	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:13.041534901 CET	8.8.8.8	192.168.2.7	0x872a	No error (0)	freegeoip.app		104.21.19.200	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:13.041534901 CET	8.8.8.8	192.168.2.7	0x872a	No error (0)	freegeoip.app		172.67.188.154	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:22.335807085 CET	8.8.8.8	192.168.2.7	0x849c	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:23.400106907 CET	8.8.8.8	192.168.2.7	0xb3be	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:24.643059969 CET	8.8.8.8	192.168.2.7	0x9e74	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:25.671786070 CET	8.8.8.8	192.168.2.7	0x52d5	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:27.212202072 CET	8.8.8.8	192.168.2.7	0xc1d8	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:28.546897888 CET	8.8.8.8	192.168.2.7	0xc3b0	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:30.337150097 CET	8.8.8.8	192.168.2.7	0x9914	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:32.104201078 CET	8.8.8.8	192.168.2.7	0x276	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:34.043262005 CET	8.8.8.8	192.168.2.7	0xd60a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:36.223865032 CET	8.8.8.8	192.168.2.7	0xb80c	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:37.348948956 CET	8.8.8.8	192.168.2.7	0xcfe2	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:38.086824894 CET	8.8.8.8	192.168.2.7	0x220e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.252991915 CET	8.8.8.8	192.168.2.7	0x91f5	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.356125116 CET	8.8.8.8	192.168.2.7	0xfe1e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:40.688971043 CET	8.8.8.8	192.168.2.7	0xfc0e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:42.421161890 CET	8.8.8.8	192.168.2.7	0x368e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:43.541801929 CET	8.8.8.8	192.168.2.7	0xe0c2	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:45.028855085 CET	8.8.8.8	192.168.2.7	0xbda6	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:47.405642033 CET	8.8.8.8	192.168.2.7	0x1787	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:47.647037029 CET	8.8.8.8	192.168.2.7	0x3404	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:50.431301117 CET	8.8.8.8	192.168.2.7	0x3390	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:50.706617117 CET	8.8.8.8	192.168.2.7	0x9a1a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:53.313534021 CET	8.8.8.8	192.168.2.7	0x7125	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:56.331607103 CET	8.8.8.8	192.168.2.7	0xca4	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:59.312505007 CET	8.8.8.8	192.168.2.7	0xb67f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:52:59.482912064 CET	8.8.8.8	192.168.2.7	0xe5c5	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:00.353419065 CET	8.8.8.8	192.168.2.7	0x1a9c	Name error (3)	69.170.12.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)
Feb 2, 2021 08:53:01.060314894 CET	8.8.8.8	192.168.2.7	0x3e9	No error (0)	whatismyipaddress.com		104.16.155.36	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:01.060314894 CET	8.8.8.8	192.168.2.7	0x3e9	No error (0)	whatismyipaddress.com		104.16.154.36	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:02.204837084 CET	8.8.8.8	192.168.2.7	0x747f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:05.928864956 CET	8.8.8.8	192.168.2.7	0x7f71	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:09.281547070 CET	8.8.8.8	192.168.2.7	0x3367	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:18.103461981 CET	8.8.8.8	192.168.2.7	0x249a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:20.837517023 CET	8.8.8.8	192.168.2.7	0x89c8	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:24.195363045 CET	8.8.8.8	192.168.2.7	0x2a46	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.463123083 CET	8.8.8.8	192.168.2.7	0x1132	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:26.564953089 CET	8.8.8.8	192.168.2.7	0x667a	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:27.599453926 CET	8.8.8.8	192.168.2.7	0x43b4	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:35.512851000 CET	8.8.8.8	192.168.2.7	0xba64	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:35.649574995 CET	8.8.8.8	192.168.2.7	0xbb55	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:38.297360897 CET	8.8.8.8	192.168.2.7	0x74bc	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:42.090331078 CET	8.8.8.8	192.168.2.7	0x3d6a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:45.140338898 CET	8.8.8.8	192.168.2.7	0x68c3	No error (0)	freegeoip.app		104.21.19.200	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:45.140338898 CET	8.8.8.8	192.168.2.7	0x68c3	No error (0)	freegeoip.app		172.67.188.154	A (IP address)	IN (0x0001)
Feb 2, 2021 08:53:45.172378063 CET	8.8.8.8	192.168.2.7	0x5a1f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:12.842149973 CET	8.8.8.8	192.168.2.7	0xcb32	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:15.948564053 CET	8.8.8.8	192.168.2.7	0xe537	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:19.097718954 CET	8.8.8.8	192.168.2.7	0x224f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:22.327384949 CET	8.8.8.8	192.168.2.7	0xd7e	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:23.880672932 CET	8.8.8.8	192.168.2.7	0xaef0	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:33.360323906 CET	8.8.8.8	192.168.2.7	0xa8a1	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:36.256642103 CET	8.8.8.8	192.168.2.7	0x92d2	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:36.260183096 CET	8.8.8.8	192.168.2.7	0x2b45	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:38.991988897 CET	8.8.8.8	192.168.2.7	0x874f	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:40.767158031 CET	8.8.8.8	192.168.2.7	0xc8e5	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:42.011138916 CET	8.8.8.8	192.168.2.7	0x53c9	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:43.863847971 CET	8.8.8.8	192.168.2.7	0xca13	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:48.980370045 CET	8.8.8.8	192.168.2.7	0xc966	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:51.876228094 CET	8.8.8.8	192.168.2.7	0xba1a	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:51.879745960 CET	8.8.8.8	192.168.2.7	0xecd6	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:54.609613895 CET	8.8.8.8	192.168.2.7	0x5da3	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:54.630439997 CET	8.8.8.8	192.168.2.7	0xee93	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:57.316422939 CET	8.8.8.8	192.168.2.7	0x756b	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:54:57.477765083 CET	8.8.8.8	192.168.2.7	0xaa2b	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)
Feb 2, 2021 08:55:11.436451912 CET	8.8.8.8	192.168.2.7	0x1733	No error (0)	smtp.privateemail.com		199.193.7.228	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

whatismyipaddress.com

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49729	104.16.155.36	80	C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:51:54.075356960 CET	1007	OUT	GET / HTTP/1.1 Host: whatismyipaddress.com Connection: Keep-Alive
Feb 2, 2021 08:51:54.127437115 CET	1008	IN	HTTP/1.1 403 Forbidden Date: Tue, 02 Feb 2021 07:51:54 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: __cfduid=de810853b8bb2cf1036f76079d68ccb1c1612252314; expires=Thu, 04-Mar-21 07:51:54 GMT; path=/; domain=.whatismyipaddress.com; HttpOnly; SameSite=Lax; Secure cf-request-id: 08035311fa00000eb751133000000001 Server: cloudflare CF-RAY: 61b254632f520eb7-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020
Feb 2, 2021 08:51:54.375992060 CET	1008	IN	HTTP/1.1 403 Forbidden Date: Tue, 02 Feb 2021 07:51:54 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: __cfduid=de810853b8bb2cf1036f76079d68ccb1c1612252314; expires=Thu, 04-Mar-21 07:51:54 GMT; path=/; domain=.whatismyipaddress.com; HttpOnly; SameSite=Lax; Secure cf-request-id: 08035311fa00000eb751133000000001 Server: cloudflare CF-RAY: 61b254632f520eb7-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49731	131.186.113.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:52:04.697185040 CET	1039	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Feb 2, 2021 08:52:04.757770061 CET	1039	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.7	49788	216.146.43.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:47.596793890 CET	5141	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:53:47.669477940 CET	5141	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.7	49789	216.146.43.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:48.376410007 CET	5143	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:53:48.450817108 CET	5144	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49732	131.186.113.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:52:05.217569113 CET	1040	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:52:05.276901960 CET	1040	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.7	49734	131.186.113.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:52:13.783994913 CET	1046	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:52:13.845175028 CET	1046	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49735	131.186.113.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:52:14.162292004 CET	1049	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:52:14.221944094 CET	1049	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.2.0 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.7	49736	131.186.113.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:52:14.511794090 CET	1051	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:52:14.571176052 CET	1051	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.7	49769	104.16.155.36	80	C:\Users\user\AppData\Local\Temp\hawkgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:01.163186073 CET	2529	OUT	GET / HTTP/1.1 Host: whatismyipaddress.com Connection: Keep-Alive
Feb 2, 2021 08:53:01.225852966 CET	2530	IN	HTTP/1.1 403 Forbidden Date: Tue, 02 Feb 2021 07:53:01 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 16 Connection: keep-alive X-Frame-Options: SAMEORIGIN Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: __cfduid=d8412a81e43270e1884d4cbba2a07a91d1612252381; expires=Thu, 04-Mar-21 07:53:01 GMT; path=/; domain=.whatismyipaddress.com; HttpOnly; SameSite=Lax; Secure cf-request-id: 080354181000001f3177225000000001 Server: cloudflare CF-RAY: 61b256067e711f31-FRA alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400 Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 32 30 Data Ascii: error code: 1020

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.7	49777	216.146.43.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:26.770868063 CET	3778	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Feb 2, 2021 08:53:26.845346928 CET	3778	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.7	49779	216.146.43.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:28.295042992 CET	3780	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:53:28.368408918 CET	3781	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.7	49787	216.146.43.70	80	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe

Timestamp	kBytes transferred	Direction	Data
Feb 2, 2021 08:53:46.745872021 CET	5135	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Feb 2, 2021 08:53:46.820859909 CET	5136	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 34 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.74</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Feb 2, 2021 08:52:13.208453894 CET	104.21.19.200	443	192.168.2.7	49733	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 10 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 10 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
Feb 2, 2021 08:52:13.208453894 CET	104.21.19.200	443	192.168.2.7	49733	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad
Feb 2, 2021 08:53:45.447184086 CET	104.21.19.200	443	192.168.2.7	49785	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 10 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 10 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
Feb 2, 2021 08:53:45.447184086 CET	104.21.19.200	443	192.168.2.7	49785	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Feb 2, 2021 08:52:22.813158989 CET	587	49740	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:22.813167095 CET	587	49741	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:22.813688993 CET	49740	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:23.004148006 CET	587	49740	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:23.785701990 CET	587	49742	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:23.786706924 CET	49742	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:23.980775118 CET	587	49742	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:25.029432058 CET	587	49743	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:25.030982018 CET	49743	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:25.224092007 CET	587	49743	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:26.059046984 CET	587	49744	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:26.059510946 CET	49744	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:26.250122070 CET	587	49744	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:26.251414061 CET	49744	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:26.441719055 CET	587	49744	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:27.599121094 CET	587	49745	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:27.599586964 CET	49745	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:27.791764021 CET	587	49745	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:28.954073906 CET	587	49746	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:28.984247923 CET	49746	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:29.188302040 CET	587	49746	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:29.188587904 CET	49746	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:29.390053034 CET	587	49746	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:30.722702980 CET	587	49747	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:30.723046064 CET	49747	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:30.913746119 CET	587	49747	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:30.914057970 CET	49747	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:31.104008913 CET	587	49747	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:32.490869999 CET	587	49748	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:32.491282940 CET	49748	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:32.681601048 CET	587	49748	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:32.682013988 CET	49748	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:32.872016907 CET	587	49748	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:34.427877903 CET	587	49750	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:34.428292990 CET	49750	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:34.618705034 CET	587	49750	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:34.620052099 CET	49750	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:34.809961081 CET	587	49750	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:36.613873005 CET	587	49751	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:36.614547968 CET	49751	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:36.804939985 CET	587	49751	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:36.805289984 CET	49751	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:36.996551037 CET	587	49751	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:37.736371040 CET	587	49752	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:37.737236977 CET	49752	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:37.928690910 CET	587	49752	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:37.929166079 CET	49752	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:38.122827053 CET	587	49752	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:38.495201111 CET	587	49753	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:38.495958090 CET	49753	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:38.698676109 CET	587	49753	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:38.705585957 CET	49753	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:38.909257889 CET	587	49753	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:40.640491962 CET	587	49754	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:40.640836954 CET	49754	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:40.742924929 CET	587	49755	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:40.743376017 CET	49755	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:40.832242012 CET	587	49754	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:40.833101988 CET	49754	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:40.936414957 CET	587	49755	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:41.023488045 CET	587	49754	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:41.073451996 CET	587	49756	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:41.073873043 CET	49756	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:41.264448881 CET	587	49756	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:41.264954090 CET	49756	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:41.454988003 CET	587	49756	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:42.805581093 CET	587	49757	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:42.808633089 CET	49757	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:43.001002073 CET	587	49757	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:43.001396894 CET	49757	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:43.191638947 CET	587	49757	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:43.927926064 CET	587	49758	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:43.928359985 CET	49758	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:44.119829893 CET	587	49758	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:44.120193958 CET	49758	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:44.310609102 CET	587	49758	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:45.416155100 CET	587	49759	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:45.416457891 CET	49759	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:45.606834888 CET	587	49759	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:45.607120991 CET	49759	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:45.799350977 CET	587	49759	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:47.812969923 CET	587	49760	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:47.813316107 CET	49760	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:48.015526056 CET	587	49760	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:48.015924931 CET	49760	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:48.031583071 CET	587	49761	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:48.031898022 CET	49761	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:48.217470884 CET	587	49760	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:48.222242117 CET	587	49761	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:48.225008965 CET	49761	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:48.414846897 CET	587	49761	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:50.819664001 CET	587	49762	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:50.819951057 CET	49762	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:51.013494968 CET	587	49762	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:51.015211105 CET	49762	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:51.091154099 CET	587	49763	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:51.091501951 CET	49763	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:51.207123995 CET	587	49762	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:51.282040119 CET	587	49763	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:51.282620907 CET	49763	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:51.472697020 CET	587	49763	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:53.700566053 CET	587	49764	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:53.700826883 CET	49764	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:53.891614914 CET	587	49764	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:53.891880035 CET	49764	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:54.082276106 CET	587	49764	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:56.752723932 CET	587	49765	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:56.753062010 CET	49765	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:56.944964886 CET	587	49765	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:56.945434093 CET	49765	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:52:57.136822939 CET	587	49765	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:52:59.741539001 CET	587	49767	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:59.744452953 CET	49767	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:59.900674105 CET	587	49768	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:52:59.916116953 CET	49768	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:52:59.948602915 CET	587	49767	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:52:59.948976994 CET	49767	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:00.122152090 CET	587	49768	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:00.122442961 CET	49768	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:00.152375937 CET	587	49767	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:00.325570107 CET	587	49768	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:02.618752956 CET	587	49770	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:02.619087934 CET	49770	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:02.809268951 CET	587	49770	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:02.815468073 CET	49770	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:03.005538940 CET	587	49770	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:06.514214993 CET	587	49771	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:06.514597893 CET	49771	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:06.704798937 CET	587	49771	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:06.705087900 CET	49771	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:06.894906998 CET	587	49771	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:09.670850992 CET	587	49772	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:09.671189070 CET	49772	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:09.863631010 CET	587	49772	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:09.863991976 CET	49772	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:10.054274082 CET	587	49772	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:18.489265919 CET	587	49774	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:18.489636898 CET	49774	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:18.680254936 CET	587	49774	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:18.680546045 CET	49774	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:18.870492935 CET	587	49774	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:21.223431110 CET	587	49775	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:21.350620031 CET	49775	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:21.541002035 CET	587	49775	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:21.541326046 CET	49775	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:21.733660936 CET	587	49775	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:24.606659889 CET	587	49776	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:24.607726097 CET	49776	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:24.811074972 CET	587	49776	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:24.811362028 CET	49776	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:25.012739897 CET	587	49776	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:27.989326000 CET	587	49778	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:27.989716053 CET	49778	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:28.180408955 CET	587	49778	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:28.180705070 CET	49778	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:28.373656034 CET	587	49778	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:35.901496887 CET	587	49780	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:35.901990891 CET	49780	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:36.096594095 CET	587	49780	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:36.097197056 CET	49780	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:36.239164114 CET	587	49782	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:36.239751101 CET	587	49781	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:36.284514904 CET	49782	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:36.284563065 CET	49781	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:36.289796114 CET	587	49780	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:36.486347914 CET	587	49781	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:36.486578941 CET	587	49782	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:36.486627102 CET	49781	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:36.486783028 CET	49782	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:36.687962055 CET	587	49781	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:36.688091993 CET	587	49782	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:38.683794975 CET	587	49783	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:38.684241056 CET	49783	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:38.877027988 CET	587	49783	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:38.877393961 CET	49783	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:39.067572117 CET	587	49783	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:42.474970102 CET	587	49784	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:42.475333929 CET	49784	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:42.666105986 CET	587	49784	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:42.666457891 CET	49784	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:42.856486082 CET	587	49784	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:53:45.580559969 CET	587	49786	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:53:45.580796957 CET	49786	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:53:45.782514095 CET	587	49786	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:53:45.782795906 CET	49786	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:53:45.984117031 CET	587	49786	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:13.248991013 CET	587	49790	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:13.249319077 CET	49790	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:13.451119900 CET	587	49790	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:13.451430082 CET	49790	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:13.652879000 CET	587	49790	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:16.356473923 CET	587	49792	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:16.359440088 CET	49792	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:16.551491976 CET	587	49792	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:16.554924011 CET	49792	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:16.747075081 CET	587	49792	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:19.546262026 CET	587	49793	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:19.546660900 CET	49793	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:19.748264074 CET	587	49793	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:19.748622894 CET	49793	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:19.949882030 CET	587	49793	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:22.712263107 CET	587	49794	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:22.712584019 CET	49794	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:22.903280020 CET	587	49794	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:22.903708935 CET	49794	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:23.094129086 CET	587	49794	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:24.265650034 CET	587	49795	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:24.266120911 CET	49795	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:24.456612110 CET	587	49795	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:24.456887007 CET	49795	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:24.646842957 CET	587	49795	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:33.747540951 CET	587	49796	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:33.748317003 CET	49796	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:33.940007925 CET	587	49796	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:33.940270901 CET	49796	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:34.130645990 CET	587	49796	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:36.648380041 CET	587	49797	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:36.648818016 CET	49797	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:36.677932024 CET	587	49798	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:36.682199955 CET	49798	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:36.841758013 CET	587	49797	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:36.841996908 CET	49797	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:36.872733116 CET	587	49798	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:36.876977921 CET	49798	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:37.033971071 CET	587	49797	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:37.067073107 CET	587	49798	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:39.379169941 CET	587	49799	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:39.381690979 CET	49799	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:39.572385073 CET	587	49799	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:39.574527025 CET	49799	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:39.766592979 CET	587	49799	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:41.156644106 CET	587	49800	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:41.169212103 CET	49800	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:41.359941006 CET	587	49800	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:41.360233068 CET	49800	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:41.553025961 CET	587	49800	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:42.419593096 CET	587	49801	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:42.420350075 CET	49801	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:42.611356974 CET	587	49801	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:42.611753941 CET	49801	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:42.805545092 CET	587	49801	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:44.273689032 CET	587	49802	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:44.273976088 CET	49802	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:44.478375912 CET	587	49802	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:44.478852987 CET	49802	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:44.680263996 CET	587	49802	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:49.376130104 CET	587	49803	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:49.376744032 CET	49803	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:49.568742037 CET	587	49803	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:49.571069002 CET	49803	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:49.761332035 CET	587	49803	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:52.260323048 CET	587	49804	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:52.260835886 CET	49804	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:52.267551899 CET	587	49805	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:52.269411087 CET	49805	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:52.452074051 CET	587	49804	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:52.452435970 CET	49804	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:52.460019112 CET	587	49805	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:52.460841894 CET	49805	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:52.644531012 CET	587	49804	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:52.653999090 CET	587	49805	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:54.997694969 CET	587	49806	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:54.998035908 CET	49806	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:55.015147924 CET	587	49807	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:55.015799999 CET	49807	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:55.189517021 CET	587	49806	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:55.190080881 CET	49806	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:55.206698895 CET	587	49807	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:55.207362890 CET	49807	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:55.380321980 CET	587	49806	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:55.397460938 CET	587	49807	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:57.700922012 CET	587	49808	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:57.701092958 CET	49808	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:57.870578051 CET	587	49809	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:54:57.870820045 CET	49809	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:54:57.894201040 CET	587	49808	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:57.894429922 CET	49808	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:58.062791109 CET	587	49809	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:54:58.062974930 CET	49809	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:54:58.086261034 CET	587	49808	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:54:58.252882957 CET	587	49809	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:00.334939957 CET	587	49810	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:00.336182117 CET	49810	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:00.452255964 CET	587	49811	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:00.452501059 CET	49811	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:00.529437065 CET	587	49810	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:00.529710054 CET	49810	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:00.642693043 CET	587	49811	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:00.642937899 CET	49811	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:00.720020056 CET	587	49810	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:00.833960056 CET	587	49811	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:03.041965008 CET	587	49812	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:03.042279005 CET	49812	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:03.244170904 CET	587	49812	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:03.246289968 CET	49812	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:03.447788954 CET	587	49812	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:05.709295034 CET	587	49813	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:05.709516048 CET	49813	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:05.900187016 CET	587	49813	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:05.900346041 CET	49813	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:06.091825962 CET	587	49813	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:06.739952087 CET	587	49814	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:06.741314888 CET	49814	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:06.931937933 CET	587	49814	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:06.933430910 CET	49814	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:07.123622894 CET	587	49814	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:08.336911917 CET	587	49815	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:08.337141037 CET	49815	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:08.527364016 CET	587	49815	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:08.527591944 CET	49815	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:08.717672110 CET	587	49815	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:09.286880016 CET	587	49816	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:09.287231922 CET	49816	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:09.477727890 CET	587	49816	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:09.480767965 CET	49816	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:09.670908928 CET	587	49816	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:11.825762987 CET	587	49817	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:11.826100111 CET	49817	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:11.842029095 CET	587	49818	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:11.842259884 CET	49818	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:12.016412973 CET	587	49817	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:12.016590118 CET	49817	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:12.033821106 CET	587	49818	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:12.034054995 CET	49818	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:12.209115982 CET	587	49817	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:12.227118015 CET	587	49818	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:14.469098091 CET	587	49819	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:14.469307899 CET	49819	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:14.670991898 CET	587	49819	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:14.671222925 CET	49819	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:14.748943090 CET	587	49820	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:14.749162912 CET	49820	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:14.872647047 CET	587	49819	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:14.939352989 CET	587	49820	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:14.939585924 CET	49820	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:15.129380941 CET	587	49820	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:17.125241041 CET	587	49821	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:17.125453949 CET	49821	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:17.282188892 CET	587	49822	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:17.282394886 CET	49822	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:17.316113949 CET	587	49821	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:17.316272974 CET	49821	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:17.472850084 CET	587	49822	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:17.473069906 CET	49822	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:17.506520987 CET	587	49821	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:17.663238049 CET	587	49822	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:19.663860083 CET	587	49823	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:19.664026976 CET	49823	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:19.854288101 CET	587	49823	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:19.854476929 CET	49823	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:19.863238096 CET	587	49824	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:19.863399982 CET	49824	587	192.168.2.7	199.193.7.228	EHLO 830021
Feb 2, 2021 08:55:20.047234058 CET	587	49823	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:20.067862034 CET	587	49824	199.193.7.228	192.168.2.7	250-mta-13.privateemail.com 250-PIPELINING 250-SIZE 81788928 250-ETRN 250-AUTH PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 STARTTLS
Feb 2, 2021 08:55:20.068080902 CET	49824	587	192.168.2.7	199.193.7.228	STARTTLS
Feb 2, 2021 08:55:20.271485090 CET	587	49824	199.193.7.228	192.168.2.7	220 Ready to start TLS
Feb 2, 2021 08:55:24.527071953 CET	587	49825	199.193.7.228	192.168.2.7	220 PrivateEmail.com prod Mail Node
Feb 2, 2021 08:55:24.527304888 CET	49825	587	192.168.2.7	199.193.7.228	EHLO 830021

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: PO_Invoices_pdf.exe PID: 5372 Parent PID: 5680

General

Start time:	08:51:34
Start date:	02/02/2021
Path:	C:\Users\user\Desktop\PO_Invoices_pdf.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\PO_Invoices_pdf.exe'
Imagebase:	0xaf0000
File size:	1655808 bytes
MD5 hash:	59D7D8D5DD3E0055E7C0DCC75897F569
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000000.00000002.277417941.00000000040A8000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 5904 Parent PID: 5372

General

Start time:	08:51:44
Start date:	02/02/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\Desktop\PO_Invoices_pdf.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Imagebase:	0x13c0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 8 Parent PID: 5904

General

Start time:	08:51:44
Start date:	02/02/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff774ee0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: RegAsm.exe PID: 4888 Parent PID: 5372

General

Start time:	08:51:45
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Imagebase:	0xb60000
File size:	64616 bytes
MD5 hash:	6FD7592411112729BF6B1F2F6C34899F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.273863512.0000000003E4D000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.285132773.0000000003DE1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.269169616.00000000010E3000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.272090410.0000000003B4B000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.276618597.0000000003B4B000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.286093751.00000000010E3000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000005.00000003.281965972.0000000003BE0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.284634932.0000000003E4D000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000005.00000002.287278765.0000000000403000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.271788096.00000000010E3000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000003.283633869.0000000003B4B000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: hawkgoods.exe PID: 3724 Parent PID: 4888

General

Start time:	08:51:47
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\hawkgoods.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Imagebase:	0x2f0000
File size:	532992 bytes
MD5 hash:	FFDB58533D5D1362E896E96FB6F02A95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000006.00000002.390146582.0000000003A21000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000006.00000002.398436711.0000000007540000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 00000006.00000002.398332656.00000000073F0000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: C:\Users\user\AppData\Local\Temp\hawkgoods.exe, Author: JPCERT/CC Incident Response Group
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 96%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: origigoods40.exe PID: 6172 Parent PID: 4888

General

Start time:	08:51:48
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\origigoods40.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Imagebase:	0xc30000
File size:	221696 bytes
MD5 hash:	AE36F0D16230B9F41FFECBD3C5B1D660
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.445463818.0000000000C32000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.455680542.0000000002FE1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000000.273140883.0000000000C32000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\origigoods40.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 43%, Metadefender, Browse Detection: 82%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: Matiexgoods.exe PID: 6264 Parent PID: 4888

General

Start time:	08:51:51
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Imagebase:	0xf70000
File size:	455680 bytes
MD5 hash:	80C61B903400B534858D047DD0919F0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000008.00000002.681623451.0000000000F72000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.699392963.000000000352E000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: C:\Users\user\AppData\Local\Temp\Matiexgoods.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 46%, Metadefender, Browse Detection: 89%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: origigoods20.exe PID: 6352 Parent PID: 4888

General

Start time:	08:51:52
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\origigoods20.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Imagebase:	0xe0000
File size:	220672 bytes
MD5 hash:	61DC57C6575E1F3F2AE14C1B332AD2FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.430720019.00000000000E2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000000.281843308.00000000000E2000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.454660209.0000000002801000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: C:\Users\user\AppData\Local\Temp\origigoods20.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 43%, Metadefender, Browse Detection: 86%, ReversingLabs
Reputation:	low

Chronological Activities

Analysis Process: dw20.exe PID: 6684 Parent PID: 3724

General

Start time:	08:51:54
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 2164
Imagebase:	0x10000000
File size:	33936 bytes
MD5 hash:	8D10DA8A3E11747E51F23C882C22BBC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 6852 Parent PID: 3724

General

Start time:	08:51:57
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000011.00000002.296594780.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: vbc.exe PID: 6868 Parent PID: 3724

General

Start time:	08:51:58
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000012.00000002.308131659.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: WerFault.exe PID: 7028 Parent PID: 3724

General

Start time:	08:52:03
Start date:	02/02/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 1996
Imagebase:	0xb60000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000014.00000002.379809632.0000000005930000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	high

Chronological Activities

Analysis Process: netsh.exe PID: 1744 Parent PID: 6264

General

Start time:	08:52:33
Start date:	02/02/2021
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	'netsh' wlan show profile
Imagebase:	0x13c0000
File size:	82944 bytes
MD5 hash:	A0AA3322BB46BBFC36AB9DC1DBBBB807
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: conhost.exe PID: 1200 Parent PID: 1744

General

Start time:	08:52:33
Start date:	02/02/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff774ee0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: I$s#$lT3ssl.exe PID: 1808 Parent PID: 3292

General

Start time:	08:52:43
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Imagebase:	0xa20000
File size:	1655808 bytes
MD5 hash:	59D7D8D5DD3E0055E7C0DCC75897F569
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 20%, ReversingLabs

Chronological Activities

Analysis Process: powershell.exe PID: 6908 Parent PID: 1808

General

Start time:	08:52:50
Start date:	02/02/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'Powershell.exe' -ExecutionPolicy Bypass -command Copy-Item 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe' 'C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\I$s#$lT3ssl.exe'
Imagebase:	0x13c0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: conhost.exe PID: 6980 Parent PID: 6908

General

Start time:	08:52:51
Start date:	02/02/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff774ee0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: RegAsm.exe PID: 4828 Parent PID: 1808

General

Start time:	08:52:53
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Imagebase:	0x770000
File size:	64616 bytes
MD5 hash:	6FD7592411112729BF6B1F2F6C34899F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.425880345.0000000003A2D000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.414221299.00000000036C1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.418225668.0000000000E23000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.418385560.000000000372B000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.427152213.00000000039C1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.428390015.0000000000E23000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000001A.00000002.433264598.0000000000403000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.419784850.000000000372B000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.413803172.0000000000E23000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001A.00000003.424187770.000000000372B000.00000004.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: hawkgoods.exe PID: 5440 Parent PID: 4828

General

Start time:	08:52:55
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\hawkgoods.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\hawkgoods.exe' 0
Imagebase:	0xa40000
File size:	532992 bytes
MD5 hash:	FFDB58533D5D1362E896E96FB6F02A95
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000001B.00000002.651684392.0000000007F40000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: HKTL_NET_GUID_Stealer, Description: Detects c# red/black-team tools via typelibguid, Source: 0000001B.00000002.651227274.0000000007C90000.00000004.00000001.sdmp, Author: Arnim Rupp Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000001B.00000000.417887646.0000000000A42000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001B.00000002.642866499.00000000041B1000.00000004.00000001.sdmp, Author: Joe Security Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000001B.00000002.636644097.0000000000A42000.00000002.00020000.sdmp, Author: JPCERT/CC Incident Response Group Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 0000001B.00000002.641318198.00000000031B1000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group

Chronological Activities

Analysis Process: origigoods40.exe PID: 3080 Parent PID: 4828

General

Start time:	08:52:56
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\origigoods40.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\origigoods40.exe' 0
Imagebase:	0xe20000
File size:	221696 bytes
MD5 hash:	AE36F0D16230B9F41FFECBD3C5B1D660
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001C.00000002.696128013.0000000003201000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001C.00000000.419299258.0000000000E22000.00000002.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: Matiexgoods.exe PID: 6532 Parent PID: 4828

General

Start time:	08:52:57
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\Matiexgoods.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\Matiexgoods.exe' 0
Imagebase:	0xbd0000
File size:	455680 bytes
MD5 hash:	80C61B903400B534858D047DD0919F0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 0000001E.00000002.681849072.0000000000BD2000.00000002.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: origigoods20.exe PID: 7160 Parent PID: 4828

General

Start time:	08:52:57
Start date:	02/02/2021
Path:	C:\Users\user\AppData\Local\Temp\origigoods20.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user~1\AppData\Local\Temp\origigoods20.exe' 0
Imagebase:	0x720000
File size:	220672 bytes
MD5 hash:	61DC57C6575E1F3F2AE14C1B332AD2FB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001F.00000000.423374232.0000000000722000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.703454217.0000000002F71000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001F.00000002.681903640.0000000000722000.00000002.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: dw20.exe PID: 5252 Parent PID: 5440

General

Start time:	08:53:04
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
Wow64 process (32bit):	true
Commandline:	dw20.exe -x -s 2092
Imagebase:	0x10000000
File size:	33936 bytes
MD5 hash:	8D10DA8A3E11747E51F23C882C22BBC3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: vbc.exe PID: 5776 Parent PID: 5440

General

Start time:	08:53:06
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holdermail.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MailPassView, Description: Yara detected MailPassView, Source: 00000022.00000002.446713470.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: vbc.exe PID: 6108 Parent PID: 5440

General

Start time:	08:53:07
Start date:	02/02/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe /stext 'C:\Users\user\AppData\Local\Temp\holderwb.txt'
Imagebase:	0x400000
File size:	1171592 bytes
MD5 hash:	C63ED21D5706A527419C9FBD730FFB2E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_WebBrowserPassView, Description: Yara detected WebBrowserPassView password recovery tool, Source: 00000023.00000002.465758929.0000000000400000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: WerFault.exe PID: 4776 Parent PID: 5440

General

Start time:	08:53:14
Start date:	02/02/2021
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 940
Imagebase:	0xb60000
File size:	434592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: RAT_HawkEye, Description: Detects HawkEye RAT, Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_HawkEye, Description: Yara detected HawkEye Keylogger, Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, Author: Joe Security Rule: Hawkeye, Description: detect HawkEye in memory, Source: 00000025.00000002.619183539.0000000005360000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: PO_Invoices_pdf.exe PID: 5372 Parent PID: 5680 PO_Invoices_pdf.exeCOMMON

Executed Functions

Function 07C493D8, Relevance: 1.9, Strings: 1, Instructions: 642COMMON

Download Yara Rule

Strings

(, xrefs: 07C49BF8

Memory Dump Source

Source File: 00000000.00000002.308341507.0000000007C40000.00000040.00000001.sdmp, Offset: 07C40000, based on PE: false

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 08b95b559016a6e8b08571b1ae08ab9690ba8a945a97718d8a7722f28c3b5cb0
Instruction ID: 39fd7bd63f3ac0fa31d1cf53be49b0c688d8cc3e1504eb280f7b443c4b2eee8e
Opcode Fuzzy Hash: 08b95b559016a6e8b08571b1ae08ab9690ba8a945a97718d8a7722f28c3b5cb0
Instruction Fuzzy Hash: 0662E3B5E042288FDB65DF65C884BEDBBB2FB89305F1081EAD509A7250DB346E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 07B81928, Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 824c944e3ac424ff3de91d2e8d51f8a7543a5d32b58f9f3653af82a1408bd9d2
Instruction ID: 089443d74213f7422e3ec4685a8cb9fbaea65e7f117d03a554d53c32697efb0b
Opcode Fuzzy Hash: 824c944e3ac424ff3de91d2e8d51f8a7543a5d32b58f9f3653af82a1408bd9d2
Instruction Fuzzy Hash: 9FF16EB0A0120DCFEB54EFA9C844B9DBBF1FF88304F1585A9E415AF255DB74A946CB40

Uniqueness

Uniqueness Score: -1.00%

Function 07B82950, Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77cc0c7371a1398f36b1c0b23533762d017b4bb4bef200199d4e48b40f7b0818
Instruction ID: df8a9d92b50f6432143b8d1547902afc810d489409570a6057cd04bcd3025b12
Opcode Fuzzy Hash: 77cc0c7371a1398f36b1c0b23533762d017b4bb4bef200199d4e48b40f7b0818
Instruction Fuzzy Hash: 0CC1A8B17016059FEB69EB75C860BAEB7E7EF89300F1444AED2468B390DB35E901CB51

Uniqueness

Uniqueness Score: -1.00%

Function 07C47F80, Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.308341507.0000000007C40000.00000040.00000001.sdmp, Offset: 07C40000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f63b0302f36370c439b178375cbd78c55562544454678843bbb8678b0e21baf9
Instruction ID: 6ba62ae04f6c3095ed7382e281a5e2d89cefff24dd3418297a1cfe1c3e763564
Opcode Fuzzy Hash: f63b0302f36370c439b178375cbd78c55562544454678843bbb8678b0e21baf9
Instruction Fuzzy Hash: 3D81D879E042089FDB49DFAAE584A9EBBF6FB99301F108139E505AB354DB386C05CF50

Uniqueness

Uniqueness Score: -1.00%

Function 02F7A708, Relevance: 1.7, APIs: 1, Instructions: 194COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02F7A94E

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ec1268ef8778756e1272288c22af03d1d8443ba2ab607422cf1cb9c7befb235e
Instruction ID: 023ebae6983232fae51241b376a37516c8a316563fc6992266d9fc348351b5a2
Opcode Fuzzy Hash: ec1268ef8778756e1272288c22af03d1d8443ba2ab607422cf1cb9c7befb235e
Instruction Fuzzy Hash: DA712570A00B058FDB24DF2AD450B5AB7F1FF88254F01892ED54ADBA50DB74E846CF91

Uniqueness

Uniqueness Score: -1.00%

Function 02F75365, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02F75421

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b382a3d6d5dfe5a6f88f5d4340b97731f8d5d37a3042856c0b84cb059d69e8c3
Instruction ID: 59182192dbf3e393473d7d91cfa1b3642d9d62195c2939e8ff05079d5aa196fe
Opcode Fuzzy Hash: b382a3d6d5dfe5a6f88f5d4340b97731f8d5d37a3042856c0b84cb059d69e8c3
Instruction Fuzzy Hash: 0341F5B1D04618CFDB14CFA9C984BDDBBB1BF48308F60806AD509BB651DB756949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02F73E40, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 02F75421

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 8865e2b3c1a6280ecb0c2fd6ec706e756fe0ff148022031294a6a260c489b219
Instruction ID: ae75c2b6d495ff83a92d33183a14c3d3053ab945b84346060f7a10b73c10a8c3
Opcode Fuzzy Hash: 8865e2b3c1a6280ecb0c2fd6ec706e756fe0ff148022031294a6a260c489b219
Instruction Fuzzy Hash: B141E271D0461CCFDB24CFA9C984B9EBBB1BF88308F60806AD509BB250DB756949CF90

Uniqueness

Uniqueness Score: -1.00%

Function 02F7C94C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02F7CFDE,?,?,?,?,?), ref: 02F7D09F

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 55a1a775d8c1454fa2f7c66bfb592642ac1167e9bf99d94b2dac72e84233f07f
Instruction ID: 6bf66b19796c22732595949956b9b189be1779bc4dd2595730514541655b918e
Opcode Fuzzy Hash: 55a1a775d8c1454fa2f7c66bfb592642ac1167e9bf99d94b2dac72e84233f07f
Instruction Fuzzy Hash: D021E6B5904208AFDB10CFA9D984AEEBBF4FF48314F14845AE915A3310D779A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F7D010, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02F7CFDE,?,?,?,?,?), ref: 02F7D09F

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 90b5d8ea14b574fbfd2e8b7648a1a59700a6d81722570d7849115564dd968559
Instruction ID: ea6022e370be7c776bd926dcfc8b858ea99e1a6caf41d8e7ea60a7a04b69c16a
Opcode Fuzzy Hash: 90b5d8ea14b574fbfd2e8b7648a1a59700a6d81722570d7849115564dd968559
Instruction Fuzzy Hash: 3121E6B5D002089FDB10CFA9D984ADEBBF4FB48314F14841AE914A3310D375A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F79AE0, Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02F7ADC9,00000800,00000000,00000000), ref: 02F7AFDA

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 74e5da8435e1370a095eef996e6d2543069565c0df4a3685e93f60fa38862788
Instruction ID: 4404d1477bdffba802c5fe63bd9975b9a22b9577625674b9f8adb5f801947b6e
Opcode Fuzzy Hash: 74e5da8435e1370a095eef996e6d2543069565c0df4a3685e93f60fa38862788
Instruction Fuzzy Hash: F12179B68043488FCB10CFAAC884BDEBBF4AF98324F05846ED555A7300D374A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07C48AB8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C48B38

Memory Dump Source

Source File: 00000000.00000002.308341507.0000000007C40000.00000040.00000001.sdmp, Offset: 07C40000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 251e458a69c6206705bd145e4cb8f2530c89f700f7a86c432f7d152b5705ddc9
Instruction ID: c4702ff899485e65e6280d46a4141219fcfd1c4e2a6fb4eb6f1caf478713d8dc
Opcode Fuzzy Hash: 251e458a69c6206705bd145e4cb8f2530c89f700f7a86c432f7d152b5705ddc9
Instruction Fuzzy Hash: 442128B19003599FCB00CFAAC884BEEBBF5FF48314F50842AE919A7240C7389945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B84D79, Relevance: 1.6, APIs: 1, Instructions: 61threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000000,?), ref: 07B84DF1

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: de9cdace70f98161c3a7c7f7fa281fd1f2c28901daf037b82c5ec6320fd41d1e
Instruction ID: 37e37a0df76e0cf8d3d4b82e205f94f52850ce01f9f27ba7e59dc85d91f1f706
Opcode Fuzzy Hash: de9cdace70f98161c3a7c7f7fa281fd1f2c28901daf037b82c5ec6320fd41d1e
Instruction Fuzzy Hash: 0A2138B29002598FDB50CFAAC844BEEFBF5FB88324F14842AD454A3740D778A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07B84D80, Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON

Download Yara Rule

APIs

EnumThreadWindows.USER32(?,00000000,?), ref: 07B84DF1

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: EnumThreadWindows
String ID:
API String ID: 2941952884-0
Opcode ID: 388cb7bc3518a20afd60fbacc607720487b5adc8e8af31e90dbd5a0b46ef4b1b
Instruction ID: 70561fe471f47fe0d44d6d85aea07f532022d4cea60c867559a34f220781b174
Opcode Fuzzy Hash: 388cb7bc3518a20afd60fbacc607720487b5adc8e8af31e90dbd5a0b46ef4b1b
Instruction Fuzzy Hash: D62124B190025A8FDB54CFAAC844BEEFBF4FB88324F14842AD455A3340D778A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07B81EE8, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 07B81F58

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: fb67e2bd0c07a3d5ac18ae8dd485ce43c965e6458bedcdbd1f0a36eaf7131a45
Instruction ID: f03ac2c7ca326e624caba0cf69dc6417d58b91834e661737fe526e50042e8e68
Opcode Fuzzy Hash: fb67e2bd0c07a3d5ac18ae8dd485ce43c965e6458bedcdbd1f0a36eaf7131a45
Instruction Fuzzy Hash: A4113AB5900209DFDB10CF9AD544BDEBBF4FB48324F14842AE954A3340C378A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F79AF8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02F7ADC9,00000800,00000000,00000000), ref: 02F7AFDA

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a91255036f2f4d0a98f820e30bd5b202de05a0d8ec1643e0370fd13d87ab1eef
Instruction ID: ff256445649b44b5bb3af392e5d8778e41f47332f1da0bc4b794b46c4a63b4b3
Opcode Fuzzy Hash: a91255036f2f4d0a98f820e30bd5b202de05a0d8ec1643e0370fd13d87ab1eef
Instruction Fuzzy Hash: 261103B69042098FCB10CFAAC844BDEFBF4AB88364F11842EE525A7200C775A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02F7AF68, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02F7ADC9,00000800,00000000,00000000), ref: 02F7AFDA

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: c86f41669548a0f05e18db87f943dd2e8c665aeaa4d6c67c6779dfaa33298abd
Instruction ID: 5c480ee6929760031faa26147d8a8e5e53e1dbc5a3036c4608233a6809483181
Opcode Fuzzy Hash: c86f41669548a0f05e18db87f943dd2e8c665aeaa4d6c67c6779dfaa33298abd
Instruction Fuzzy Hash: 901106B6D002098FDB10CFA9C944ADEBBF4AB48314F15842EE525A7600D374A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07B81EF0, Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 07B81F58

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: f932b79404dfdc3d072c8129eb6e77996a8657613cfb580559628f3c3f997a0f
Instruction ID: 7e8e95dfa001d4dce4425be42aae6a87a82f27c660997ad70b8c58df62d81c76
Opcode Fuzzy Hash: f932b79404dfdc3d072c8129eb6e77996a8657613cfb580559628f3c3f997a0f
Instruction Fuzzy Hash: 59110AB59002499FDB10CF9AD544BDEBBF4FB48324F10842AE554A3240C378A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07C47ED0, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07C47F32

Memory Dump Source

Source File: 00000000.00000002.308341507.0000000007C40000.00000040.00000001.sdmp, Offset: 07C40000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f705bac1d51044e1b05fbbc57759746b1decec48151a673825b5dc14b91ea8ac
Instruction ID: 53fe0fe62f3dda1392bc944539699fb65d7c3e5eb9c9a6f56ae5e8eb58786e7c
Opcode Fuzzy Hash: f705bac1d51044e1b05fbbc57759746b1decec48151a673825b5dc14b91ea8ac
Instruction Fuzzy Hash: 7F116AB19043488BDB14CFAAC4447EFFBF4AB88224F10842AD515A7740CB38A944CFE4

Uniqueness

Uniqueness Score: -1.00%

Function 07C4B708, Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07C4B765

Memory Dump Source

Source File: 00000000.00000002.308341507.0000000007C40000.00000040.00000001.sdmp, Offset: 07C40000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 000954aaa4d0014035c0566643b7cfe4c10b998bb37b4ba21503423ef581611f
Instruction ID: 18ab1e9067693926c03efacff2b9e5a0976ebc858b7ce05aeec8a92ab6feba37
Opcode Fuzzy Hash: 000954aaa4d0014035c0566643b7cfe4c10b998bb37b4ba21503423ef581611f
Instruction Fuzzy Hash: BD1106B58003499FDB10CF9AC985BEEBBF8FB48324F14841AE954A3740D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02F7A8E8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 02F7A94E

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 8b1eea9c101c64e342c98a78d986c212abab3e12e9e0368da943ca9bd7a849e6
Instruction ID: 560b6f25fbdca6d96545a8f9d4070bbfbb724b1c2f817d6ef6a9d721e4da4d23
Opcode Fuzzy Hash: 8b1eea9c101c64e342c98a78d986c212abab3e12e9e0368da943ca9bd7a849e6
Instruction Fuzzy Hash: B01110B6D003498FCB10CF9AC444BDEFBF4AF88228F11842AD969B7200D378A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07B82680, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,07B81C4F), ref: 07B826E5

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 1029996af786d701d8dd64860496b99245738159bea3405f3b05ffd377b714a0
Instruction ID: fe9f8878d32309796fadbf9f9f4aec7bbe6027bcca40ddcc3c9f7c33844adffb
Opcode Fuzzy Hash: 1029996af786d701d8dd64860496b99245738159bea3405f3b05ffd377b714a0
Instruction Fuzzy Hash: 371110B5C002498FCB10CF9AD844BDEBBF4EB48324F24856AD419A3700C378A541CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07B80E00, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,07B81C4F), ref: 07B826E5

Memory Dump Source

Source File: 00000000.00000002.308025454.0000000007B80000.00000040.00000001.sdmp, Offset: 07B80000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 78b5e4470814bffe887cda175dbe18aa0fc64c6d8298d58088688ebd52f8cbb5
Instruction ID: 173dac5dec504da3303f6eff3ef28b156cebd6b2b03bc5cf0cf29d511ecea87f
Opcode Fuzzy Hash: 78b5e4470814bffe887cda175dbe18aa0fc64c6d8298d58088688ebd52f8cbb5
Instruction Fuzzy Hash: CC111DB1C042499FDB10DF9AD848BDEBBF4FB48324F10856AE819B3200D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0158D061, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.276861755.000000000158D000.00000040.00000001.sdmp, Offset: 0158D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98350107cc21fc006e297eca5ceb8c2bf27a720103c5e1364cb5cbe15312b8a4
Instruction ID: 54a1227fd159e00d623b9be497a5145f168ba93b9de90b20cf455b7edb9e8318
Opcode Fuzzy Hash: 98350107cc21fc006e297eca5ceb8c2bf27a720103c5e1364cb5cbe15312b8a4
Instruction Fuzzy Hash: F821B2755083809FCB028F64D990B15BFB1FF46324F29C5EAD8458F2A7D37A9846CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0143D530, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.275868462.000000000143D000.00000040.00000001.sdmp, Offset: 0143D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e73624f14fd5f090f7fe8304fe28af47e18df605c188db4b74b2eeaf1c1441
Instruction ID: c34b36b51d5b96a21acbb8f7482b746ef87904ad71cf6237954552710bfc8d87
Opcode Fuzzy Hash: 14e73624f14fd5f090f7fe8304fe28af47e18df605c188db4b74b2eeaf1c1441
Instruction Fuzzy Hash: D22106B1A08240DFDB05DF54D8C0B27BF65FBC8318F64856AE9094B267C336D856CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0143D61C, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.275868462.000000000143D000.00000040.00000001.sdmp, Offset: 0143D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3fd565cd4a92419fd8cb98c5c2c850c1ab6d53146ba0df4ddc70b0a56ff24d3
Instruction ID: 734660a3dc59587ed2f1593404d8c0634506f5a996b8d5e4ce4cfbff5af8ea2f
Opcode Fuzzy Hash: e3fd565cd4a92419fd8cb98c5c2c850c1ab6d53146ba0df4ddc70b0a56ff24d3
Instruction Fuzzy Hash: EE21FFB1A04240DFDB05DF94D9C0B2BBB65FBC8224F24856AE90D4B226C336D856DAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0158D09C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.276861755.000000000158D000.00000040.00000001.sdmp, Offset: 0158D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f520e81b8b9127ef81583052d2e483c62187c126bce3235486cae62e23550c2d
Instruction ID: 805943e726d76db94b968db3d8e23ac63ebe167b4122c5c5804301827503babd
Opcode Fuzzy Hash: f520e81b8b9127ef81583052d2e483c62187c126bce3235486cae62e23550c2d
Instruction Fuzzy Hash: 7B21F5B5604240DFDB05EF54D8C0B26BBF5FB84314F24C96DD9095F286C73AD846CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0158D254, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.276861755.000000000158D000.00000040.00000001.sdmp, Offset: 0158D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4867ef886a8db63108bbb0e35bd8fb8161b590cb5281c97121e2e5b0d15a99d
Instruction ID: bc00b050333e35599c243351837521a24eb4186ef97595ec3404ce5e28e0a89b
Opcode Fuzzy Hash: a4867ef886a8db63108bbb0e35bd8fb8161b590cb5281c97121e2e5b0d15a99d
Instruction Fuzzy Hash: 1321F575608240DFDB05EF54D9C0B2ABBF5FB84324F24C96DD94A5F282C73AD846CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0143D52B, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.275868462.000000000143D000.00000040.00000001.sdmp, Offset: 0143D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18bcf616dee0a07d43b54f2bb823a2816d828f2a8caaf6a98c8640434ae3538a
Instruction ID: fa011e0957cdacfad1be9fcbfa1db74697d9c3de334b7cc440879cd0f4f3714d
Opcode Fuzzy Hash: 18bcf616dee0a07d43b54f2bb823a2816d828f2a8caaf6a98c8640434ae3538a
Instruction Fuzzy Hash: 1211B176904280CFCB16CF54D9C4B56BF71FB88324F24C6AAD8090B667C336D456CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0143D617, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.275868462.000000000143D000.00000040.00000001.sdmp, Offset: 0143D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18bcf616dee0a07d43b54f2bb823a2816d828f2a8caaf6a98c8640434ae3538a
Instruction ID: 5065fb5e2b449e1b576e83380aa079553e9d44f14d23fa8bab66006af12a04ef
Opcode Fuzzy Hash: 18bcf616dee0a07d43b54f2bb823a2816d828f2a8caaf6a98c8640434ae3538a
Instruction Fuzzy Hash: 9311B176904280CFCB06CF54D9C4B16BF72FB88324F24C6AAD8090B667C336D456DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0158D24F, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.276861755.000000000158D000.00000040.00000001.sdmp, Offset: 0158D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83a7535daa40322c17dd9de87dae9833a1fb83cf4ca7570605c0cb994e6f8f8
Instruction ID: c799877b587be06d65641aecd17891e14fa4b71c193a887c4611e855c60750e1
Opcode Fuzzy Hash: d83a7535daa40322c17dd9de87dae9833a1fb83cf4ca7570605c0cb994e6f8f8
Instruction Fuzzy Hash: D111BB75904280DFCB12DF58D9C0B19BBB1FB84224F28C6A9D8494B696C33AD84ACF61

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02F7CC7C, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.277107217.0000000002F70000.00000040.00000001.sdmp, Offset: 02F70000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec2c0e3c751f24735226f06d2f02f52ba8fbef07b9a6e32443bdc471db3f4ee
Instruction ID: 60390d617fdeaab0564cde895dfcbfc5696fc285e345216476f2688d3d719b0c
Opcode Fuzzy Hash: dec2c0e3c751f24735226f06d2f02f52ba8fbef07b9a6e32443bdc471db3f4ee
Instruction Fuzzy Hash: CDA16B32E1061A8FDF05DFA5C8849DDBBB3FF85340B1581ABE905AB261EB31A945CF40

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: powershell.exe PID: 5904 Parent PID: 5372 powershell.exeCOMMON

Executed Functions

Function 0095420C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000000), ref: 009553D0

Strings

XL9n, xrefs: 0095537F

Memory Dump Source

Source File: 00000003.00000002.378252587.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false

Similarity

API ID: AttributesFile
String ID: XL9n
API String ID: 3188754299-4076031248
Opcode ID: 1c8d73d220689e946b3561356831aa272547d52671e2c4a82b9185bd29ce55a5
Instruction ID: aca1e7c52a3e7efa9a48dad165000501220dcddd0f6e347c2b5d845ac0bae71d
Opcode Fuzzy Hash: 1c8d73d220689e946b3561356831aa272547d52671e2c4a82b9185bd29ce55a5
Instruction Fuzzy Hash: 092124B1D046199BCB14CF9AD444B9EFBB4BB48314F11812AE819B3640D778A904CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 00955359, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(00000000), ref: 009553D0

Strings

XL9n, xrefs: 0095537F

Memory Dump Source

Source File: 00000003.00000002.378252587.0000000000950000.00000040.00000001.sdmp, Offset: 00950000, based on PE: false

Similarity

API ID: AttributesFile
String ID: XL9n
API String ID: 3188754299-4076031248
Opcode ID: fbcc74d7c77435cba8bd010d88fb2ad4163a8085fb8607d575b6f1f81096155a
Instruction ID: 810890a6023add2ec5b71c679039890a32cf1792893ad4be12b69a79d0b68871
Opcode Fuzzy Hash: fbcc74d7c77435cba8bd010d88fb2ad4163a8085fb8607d575b6f1f81096155a
Instruction Fuzzy Hash: 122133B5D04659DBCB10CF9AD844B9EFBB4BB48314F15812AE828B7600C774A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0069D006, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.377632612.000000000069D000.00000040.00000001.sdmp, Offset: 0069D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 236162e5a7a5b75efa28ab298a8226223cefbc34c0fc410039be0722a3854d34
Instruction ID: b1c6f8d6ae0f37e8f71921713dad78d8c2926d26d41099d3d08c4c328782a1f2
Opcode Fuzzy Hash: 236162e5a7a5b75efa28ab298a8226223cefbc34c0fc410039be0722a3854d34
Instruction Fuzzy Hash: 68014C7140D3C09FDB168A258C947A2BFA8EF43224F19849BE9449F697C2695C45CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0069D01D, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.377632612.000000000069D000.00000040.00000001.sdmp, Offset: 0069D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c03c306f91f9345b0f6b6791779e345c0f39748704224a768e82fa2197e7ac
Instruction ID: 70ea503269ed4c17c364bacbcef79c141337cd2c9fc4c8680b5331a7ecc2c434
Opcode Fuzzy Hash: b2c03c306f91f9345b0f6b6791779e345c0f39748704224a768e82fa2197e7ac
Instruction Fuzzy Hash: B401F770508380ABDB108F25CCC4BA7FB9CEF41328F18813AED045B646C3799C46CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: RegAsm.exe PID: 4888 Parent PID: 5372 RegAsm.exeCOMMON

Executed Functions

Function 0040104C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401051

Strings

VB5!6&*, xrefs: 0040104C

Memory Dump Source

Source File: 00000005.00000002.287262461.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
Instruction ID: a12084c55d1ffc36602276b3cafedaf3d59f71825310c224ab85d25d8918c0d8
Opcode Fuzzy Hash: 3cdc8536199cd560e2627349f8158df96f2d3e5b25d6b8b93e5c5f73a6db8eeb
Instruction Fuzzy Hash: F1D0A44004E3C40ED30756B60DA56862F70090325031A00EBC5C0EE4E3805C09888336

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: hawkgoods.exe PID: 3724 Parent PID: 4888 hawkgoods.exeCOMMON

Executed Functions

Function 04B377F0, Relevance: 2.0, APIs: 1, Instructions: 465libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04B37861

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4855b268a4600747b28c6080f27d045657614572cf3efb0b0451c443dabcab43
Instruction ID: 8b31be05438faa8b4f558417a4d9c7b1804a660683e17f02c0dad627e69ccfab
Opcode Fuzzy Hash: 4855b268a4600747b28c6080f27d045657614572cf3efb0b0451c443dabcab43
Instruction Fuzzy Hash: 7132A174901229CFDB65DF24C894BEDB7B2BF4A304F5095EAD809A7254DB35AE81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 04B60A50, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60AE4

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 0c38818b3ff100ad9fdb6b9f10b9a3480d89b5726aa75d72edc3270540530299
Instruction ID: e0893575c00a4884f3cb43e7e2a8196a853e874326b67d3cb6db798d1e3fb35e
Opcode Fuzzy Hash: 0c38818b3ff100ad9fdb6b9f10b9a3480d89b5726aa75d72edc3270540530299
Instruction Fuzzy Hash: E731F4B25043846FE712CF15DC45FA6BFA8EF46320F1880EEE944DB292D2786909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B60E6B, Relevance: 1.6, APIs: 1, Instructions: 81networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60EFF

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: d4af38da1dd56f5e3e9e3b7e4c077127083e36933f140f5fe17e2aa860fc9ec4
Instruction ID: 74bc0fa14d48ea71558e4696df717af730a3d2de5835ce4dc0288a067bd79a30
Opcode Fuzzy Hash: d4af38da1dd56f5e3e9e3b7e4c077127083e36933f140f5fe17e2aa860fc9ec4
Instruction Fuzzy Hash: 5D2180715097806FD712CF65DC84F96BFA8EF06310F0884EAE945DB152D278A849CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64E1B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04B64E9B

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: b4b0991cb9e58b791c25248ed84197b8f5f69f24269eb99e673aadc48ade5856
Instruction ID: ee046ce0e017ea9ff369baa3f0457f979e2a39a12589525a5c1a6959065b4641
Opcode Fuzzy Hash: b4b0991cb9e58b791c25248ed84197b8f5f69f24269eb99e673aadc48ade5856
Instruction Fuzzy Hash: C321A1755097849FDB128F25DC44B52BFB4EF06310F0888DAE9858F163D275A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B657DA, Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 04B65859

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: dd06b45892aa13c7f78f2e9080ad2d142728c980779e7b21eaf4fd382d3ebfe9
Instruction ID: 9f6f83e1c84bd79f4ddd60f1efa4473b822f1ce02c02c71d0eb0640757ee3436
Opcode Fuzzy Hash: dd06b45892aa13c7f78f2e9080ad2d142728c980779e7b21eaf4fd382d3ebfe9
Instruction Fuzzy Hash: 8D219C7140D3C0AFDB238F219854AA2FFB0EF16214F1C84DED9C94F163D26AA559CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B60E9E, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60EFF

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: cff6817fdc8721ecb74ea47224c45b5bc394cd0006d8304e80ee29a2316f8724
Instruction ID: 8c546db4d03fed63898bab2e8779bff995bd4d6523d62460710c9f6625486829
Opcode Fuzzy Hash: cff6817fdc8721ecb74ea47224c45b5bc394cd0006d8304e80ee29a2316f8724
Instruction Fuzzy Hash: E4118271504204AFEB20DF56DC85FA6FBD8EF44720F18C8AAED49DB241D674E445CA71

Uniqueness

Uniqueness Score: -1.00%

Function 04B65941, Relevance: 1.6, APIs: 1, Instructions: 60nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL ref: 04B659AC

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 262b72adc13e0b002906c823c61f426481fad6afea443d381381fabee104cfaf
Instruction ID: 6ba64dcac2b0d194778c7780accd955674f25a739b088580abf67c608cddc97d
Opcode Fuzzy Hash: 262b72adc13e0b002906c823c61f426481fad6afea443d381381fabee104cfaf
Instruction Fuzzy Hash: 69118E72409384AFDB22CF55EC44BA2FFB4EF46320F08859AED858B152C376A459DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B60A8E, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

listen.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60AE4

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: listen
String ID:
API String ID: 3257165821-0
Opcode ID: 6d111604aab20172dfdfd150b98ec1c57807062883e81819aa3901096c0d3ee8
Instruction ID: 7b4aa26e716af6563753c7e755628cda3d7c1fe0511a102d56321ec0a60ce544
Opcode Fuzzy Hash: 6d111604aab20172dfdfd150b98ec1c57807062883e81819aa3901096c0d3ee8
Instruction Fuzzy Hash: 3C11E571500204AFEB21DF56DC85FAAFBDCEF48720F18C4AAED499B241E278A445CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64E52, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 04B64E9B

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 00e51f9368bfd4f023c07a0bb679465510f9a3f061f96cefe43286867d116cce
Instruction ID: 28f1c7ee568674a78244f7a8443aa4ecc11952145ca209d73f6d738f9963fd28
Opcode Fuzzy Hash: 00e51f9368bfd4f023c07a0bb679465510f9a3f061f96cefe43286867d116cce
Instruction Fuzzy Hash: E2115E355006449FDB24CF55D984B66FBE8EF04220F0888AADD4A8B651E375E418DF71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6596E, Relevance: 1.5, APIs: 1, Instructions: 43nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL ref: 04B659AC

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 048f8c2b3d96e807b00480f2b81632c0f17aef44efacade50ad1a26938036812
Instruction ID: 21a969216609eb0ff43226f4b613a2c4958f2fc5be6d3212a39a0036ac65cf10
Opcode Fuzzy Hash: 048f8c2b3d96e807b00480f2b81632c0f17aef44efacade50ad1a26938036812
Instruction Fuzzy Hash: 5C019E31900340EFDB31CF55E844B66FBA0EF18320F1884AADD8A8B656D279A418CF72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A14A, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00C6A185

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 4d63862fcdd1acfed4bc3ec57049b531dde83d29ecfa2226efe8e5f5cb4388c0
Instruction ID: a3802c357551f9d11c9869c784031f4f22e33d94fb48238c7648d6a5722b3827
Opcode Fuzzy Hash: 4d63862fcdd1acfed4bc3ec57049b531dde83d29ecfa2226efe8e5f5cb4388c0
Instruction Fuzzy Hash: 6F01BC31800240DFDB20CF55E884B6AFBA0EF09320F18C4AADD899B612D275A408CF72

Uniqueness

Uniqueness Score: -1.00%

Function 04B658C6, Relevance: 1.5, APIs: 1, Instructions: 40nativeCOMMON

Download Yara Rule

APIs

NtUnmapViewOfSection.NTDLL(?,?), ref: 04B658FB

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: SectionUnmapView
String ID:
API String ID: 498011366-0
Opcode ID: 3632437facccb5652ab506a4a1bca1db7474d5cf0f3e097e1f12c25d54ff23d7
Instruction ID: fc5c80e55fee20b0648adc19ac68119528e3700b61397bb9f6542afd104654af
Opcode Fuzzy Hash: 3632437facccb5652ab506a4a1bca1db7474d5cf0f3e097e1f12c25d54ff23d7
Instruction Fuzzy Hash: 96018F31904240EFDB20CF55E885B65FBA4EF44220F08C4AADD4A8B642D279A415CF71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6581E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL ref: 04B65859

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 99b19755bd9e8010b94a4f25f9948abe7fc98cc2f5b8d9e6c9b29dc876cd19ac
Instruction ID: f388214108f611ec330933f889c96dc4443b403af46744776ba9a5dd7f9e72d4
Opcode Fuzzy Hash: 99b19755bd9e8010b94a4f25f9948abe7fc98cc2f5b8d9e6c9b29dc876cd19ac
Instruction Fuzzy Hash: A0018F31500340EFDB308F55E844B65FBA0EF08720F08C89ADD8A4B615D375A418DF72

Uniqueness

Uniqueness Score: -1.00%

Function 04B392A6, Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0705ab8ab2c33d4da8e4e4f824a4ff2b6d37d0b46a1dc1b9a9ee2641aaf1d66
Instruction ID: 19dd8c1e1078c6b07afc67f6bfede061b15bf31e03fe7efd5ede5ac6adfdbdf6
Opcode Fuzzy Hash: c0705ab8ab2c33d4da8e4e4f824a4ff2b6d37d0b46a1dc1b9a9ee2641aaf1d66
Instruction Fuzzy Hash: 5342C374A01228DFDB65DF68C894B9DBBB6EF89304F1091E9D409A7364CB319E82CF15

Uniqueness

Uniqueness Score: -1.00%

Function 04B391BC, Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e715c0a477e021745986142117902f70aa1d64792c40e17e6f18c2896949f27d
Instruction ID: f3df40d4a67cb4860ef755c187b84f5e857d2be7701149b2df4ede5ef1fa41ca
Opcode Fuzzy Hash: e715c0a477e021745986142117902f70aa1d64792c40e17e6f18c2896949f27d
Instruction Fuzzy Hash: 6242C374A01228DFDB65DF68C894B9DBBB6EF89304F1081E9D408A7364CB319E82CF15

Uniqueness

Uniqueness Score: -1.00%

Function 04B3956B, Relevance: .5, Instructions: 535COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb2c5e3b971e3ebe8f323ed5819669a3ee65f8ca5242b619df8fbb1852191554
Instruction ID: 15fa3de1641edded0395ea7524e853d86ed14c32bf292d8c7be41d97b7d8c0cf
Opcode Fuzzy Hash: fb2c5e3b971e3ebe8f323ed5819669a3ee65f8ca5242b619df8fbb1852191554
Instruction Fuzzy Hash: F742A374A01228DFDB65DF68C894B9DBBB6EF89304F1081E9D409A7364CB319E82DF15

Uniqueness

Uniqueness Score: -1.00%

Function 04B3603C, Relevance: .4, Instructions: 378COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09d2acd5ee269c46fcfef47585dc8d561d4c8f0f81c522d30b68ca437f17aa6
Instruction ID: 4c8f4f7fb274a0a5f166ac91033ebf790e3979c58b855cd3a38c32803c10cdec
Opcode Fuzzy Hash: c09d2acd5ee269c46fcfef47585dc8d561d4c8f0f81c522d30b68ca437f17aa6
Instruction Fuzzy Hash: 7F02B474A012298FDB68DF39C851BEEB7B2AF8A300F1080E9D94967354CB355E92DF54

Uniqueness

Uniqueness Score: -1.00%

Function 04B398B1, Relevance: .4, Instructions: 368COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dede1d7f3eba31bf0e1863004f7f423ba691fae57bee905d71ecb15f40bf09d2
Instruction ID: ed76d078abdd33598582cc4757a8b02d060eac1b223bae34958a85c6cdc28c34
Opcode Fuzzy Hash: dede1d7f3eba31bf0e1863004f7f423ba691fae57bee905d71ecb15f40bf09d2
Instruction Fuzzy Hash: 6202D434A02228DFDB65DF68C854B9DBBB6EF8A304F1051E9D40867364CB315E82DF11

Uniqueness

Uniqueness Score: -1.00%

Function 04B35B70, Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 029e1e2fcbf1e49ee81229e51a001246088e78ea5ec06fec3795dda51c2a4a45
Instruction ID: 80783c62044f395429cdcd15f6fb2d27d7f7b7539085231f43b7b0fd27830a09
Opcode Fuzzy Hash: 029e1e2fcbf1e49ee81229e51a001246088e78ea5ec06fec3795dda51c2a4a45
Instruction Fuzzy Hash: F84103B0D01218DFDB54DFA9C894BEDBBF1FB49300F1090AAC409A7294E7345A85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04B3A79F, Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bed55449417524681de1aeabf67f9e6aff1a7f92cd6b29b1bee48bcc5812119
Instruction ID: 79fd3d7d626c0ac92653e15ae6c35e893fa6442d903749a31ffb6dfa061f95fe
Opcode Fuzzy Hash: 1bed55449417524681de1aeabf67f9e6aff1a7f92cd6b29b1bee48bcc5812119
Instruction Fuzzy Hash: 30410270D02218CFDB64DFA9C884BADBBF2AF49301F1094AAC008B7250D7359A85CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04B377E0, Relevance: 2.0, APIs: 1, Instructions: 481libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04B37861

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 04d949ce3cd23127afc8f081be34d0d550b046de0873b48b61040bc7a7e5bf9e
Instruction ID: 71f41a844eb6b68cd8f0946596ffb5f45027e0a93fbad7f390c2c930b0fc25ad
Opcode Fuzzy Hash: 04d949ce3cd23127afc8f081be34d0d550b046de0873b48b61040bc7a7e5bf9e
Instruction Fuzzy Hash: 5332B374901229CFCB65DF24C894BEDB7B2BF4A304F5095EAD809A7254DB31AE85CF80

Uniqueness

Uniqueness Score: -1.00%

Function 04B38094, Relevance: 1.9, APIs: 1, Instructions: 438libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 04B37861

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 245da914385872ab466d2772f8a45f13364b7cc0e437c635076255cca673cc57
Instruction ID: b0f1de60804e28b5a059596cd4fb90278fd3e7ff38191f42666e511600e76a1d
Opcode Fuzzy Hash: 245da914385872ab466d2772f8a45f13364b7cc0e437c635076255cca673cc57
Instruction Fuzzy Hash: B8229274901229CFCB65DF24C894BEDB7B2BF4A304F5095EAD809AB254DB35AE81CF40

Uniqueness

Uniqueness Score: -1.00%

Function 04B60465, Relevance: 1.6, APIs: 1, Instructions: 141COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 04B60575

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 88dc0df0129d4c02cfa8c15f2f70aa68c6c726732499c8755166818157c4d2a8
Instruction ID: 566a2479e015252cc59f974547c2bd0a928d482ace2891a101f3696a3283cce5
Opcode Fuzzy Hash: 88dc0df0129d4c02cfa8c15f2f70aa68c6c726732499c8755166818157c4d2a8
Instruction Fuzzy Hash: 7941F3715493806FD722CF65DC45BA2BFB8EF06220F1884DBED859F293D265A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B63B98, Relevance: 1.6, APIs: 1, Instructions: 138COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 04B63CC7

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 23d87c2329a6617cc41346ed2bf9c49f59f7e293bc1ada1edc90973dead5198c
Instruction ID: 674d9f796ab65845d52d106ffb372e6da5e3e4d2d72d22c4545f7889237fed20
Opcode Fuzzy Hash: 23d87c2329a6617cc41346ed2bf9c49f59f7e293bc1ada1edc90973dead5198c
Instruction Fuzzy Hash: 1D514C7110D3C06FE7238B258C55BA6BFB8AF07314F1944DBE9859B0A3D269A909C772

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B7D9, Relevance: 1.6, APIs: 1, Instructions: 138registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 00C6B8B2

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: cb512fd804ed4e0d7c188b6518d4adfd13e31f153d2976f52aad59d4198eb65c
Instruction ID: 1752b8ff63b362da7387855da048f4d676a72d9ae15d0fa76e06fda3ed621c6c
Opcode Fuzzy Hash: cb512fd804ed4e0d7c188b6518d4adfd13e31f153d2976f52aad59d4198eb65c
Instruction Fuzzy Hash: 3A415A7550E3C06FD3138B259C65A61BFB4EF47620F0A81DBD884CB5A3D2296D19CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04B630B4, Relevance: 1.6, APIs: 1, Instructions: 127COMMON

Download Yara Rule

APIs

getnameinfo.WS2_32(?,00000E2C), ref: 04B631A5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getnameinfo
String ID:
API String ID: 1866240144-0
Opcode ID: 79dcae4f3940b409b1d9bd8390bd6c2f86b7c9b958de9c9ea349db1ac8edf640
Instruction ID: 7a3c5a90978375feebb9fff0fd7e95e8c39a24e73f2d45d4b22a7569611f4b98
Opcode Fuzzy Hash: 79dcae4f3940b409b1d9bd8390bd6c2f86b7c9b958de9c9ea349db1ac8edf640
Instruction Fuzzy Hash: 77416C724083846FE7228B658C55FA6BFB8EF06310F0984DFE985CB0A3D665A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 04B63392, Relevance: 1.6, APIs: 1, Instructions: 114networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63479

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: b1794563070ca917276f71e64a3192ef7ffa0e001850187b26c2c9f0705811ef
Instruction ID: e2f0c8e8ce4ddbfb6f9f327520469f44278d7bab09a07387578d1c400b83d7d0
Opcode Fuzzy Hash: b1794563070ca917276f71e64a3192ef7ffa0e001850187b26c2c9f0705811ef
Instruction Fuzzy Hash: 61411C7150D7C06FD7238B658C54A62BFB8EF07610F0985DFE985CB1A3D229A849CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04B65697, Relevance: 1.6, APIs: 1, Instructions: 110processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,00000E2C), ref: 04B65784

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: cf15e2bda6f20fcdd10c9c7da0f090df9cb8e07afb700a6c083e232733272864
Instruction ID: 31d73e0590c7280e8df30332269a0aa621bd14aca554da4dafae034f07f6b0ef
Opcode Fuzzy Hash: cf15e2bda6f20fcdd10c9c7da0f090df9cb8e07afb700a6c083e232733272864
Instruction Fuzzy Hash: 9F317C72100200AFEB32CF65DC85FA6BBECEF09710F04899EF9468A591D265F959CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04B6368A, Relevance: 1.6, APIs: 1, Instructions: 110registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04B63741

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 9a31b5873399730fb4adacdfb16073ecf84cb9561491b8b832f24f04db04250d
Instruction ID: 81148e19e2774d82e9d24d2dc5b0ce59a1e22a5ce7cf8c04653b81419c068937
Opcode Fuzzy Hash: 9a31b5873399730fb4adacdfb16073ecf84cb9561491b8b832f24f04db04250d
Instruction Fuzzy Hash: 5931B5714083806FE7128F65CC44FA6BFE8EF06310F0888EBE985DB153D268A509C771

Uniqueness

Uniqueness Score: -1.00%

Function 04B6207C, Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 04B6215A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: bc6ec30f39596404b3227126a869651c1e2faaade0540335a97625b658044fb7
Instruction ID: 779029ae6650e7401eb3405ef67d1693efbba7dc6b77497810aaa5729d8ef103
Opcode Fuzzy Hash: bc6ec30f39596404b3227126a869651c1e2faaade0540335a97625b658044fb7
Instruction Fuzzy Hash: 5D315B7540E3C05FD7138B758C65AA1BFB4EF47614B0E85DBD8848F1A3D268A909CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04B63796, Relevance: 1.6, APIs: 1, Instructions: 103registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63840

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 1ac971b198f3251da2798fb42266e1b5d7b91bb5e66f775916257a0beb92498b
Instruction ID: 485f1c4224ee7901a3031feef6804f24b65b2ec74af91e9a92fb1d73aa61f02d
Opcode Fuzzy Hash: 1ac971b198f3251da2798fb42266e1b5d7b91bb5e66f775916257a0beb92498b
Instruction Fuzzy Hash: D531D4714093846FE722CF65DC85FA6FFF8EF06710F0885DAE9859B152C229A509CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B4AF, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

APIs

LsaLookupSids.ADVAPI32(?,00000E2C), ref: 00C6B56A

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LookupSids
String ID:
API String ID: 2427636062-0
Opcode ID: 369d60ad4e3f02a9e0253ab64418f83c7160d1889916f1c6792b36eb02f9e7fd
Instruction ID: ee38cead7d697234cce3e0b073eaaa5a08bae9bc84c0b01f22ad470ecdb19845
Opcode Fuzzy Hash: 369d60ad4e3f02a9e0253ab64418f83c7160d1889916f1c6792b36eb02f9e7fd
Instruction Fuzzy Hash: 7D3172725042446FE721CF65DC84FA6BBECEF45710F08895AE985DB151D334E948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64936, Relevance: 1.6, APIs: 1, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B64A00

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: e1a45be517bbdaa3fc3b9a333c483fb5ab0ed7981e447f86e92628dc257e57cb
Instruction ID: 9e685e94e70aad3a27b649a9d7792a3c1495168a8a0b5f6bac006f063c2a36d7
Opcode Fuzzy Hash: e1a45be517bbdaa3fc3b9a333c483fb5ab0ed7981e447f86e92628dc257e57cb
Instruction Fuzzy Hash: 03315E7104D7C06FD7238B259C51B52BFB8AF07210F0985DBE985DB1A3D268A849C771

Uniqueness

Uniqueness Score: -1.00%

Function 00C6BBF3, Relevance: 1.6, APIs: 1, Instructions: 98fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00C6BCA9

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f6701143d7ca05dbc919cdc8ce4fd4b0b1cdba8141e8ff28b41f1df6cf0fa9a8
Instruction ID: 5464a3c54570f9a9ed0506bc6f238be83fb965e0df316178128941d6fd76bf97
Opcode Fuzzy Hash: f6701143d7ca05dbc919cdc8ce4fd4b0b1cdba8141e8ff28b41f1df6cf0fa9a8
Instruction Fuzzy Hash: 0D318DB1504380AFE722CF25DD84F62BFE8EF06314F08849EE9858B252D375A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B656BA, Relevance: 1.6, APIs: 1, Instructions: 97processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,00000E2C), ref: 04B65784

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c3089e0746013e43c5542ec728d284e551af5e9ecbe2e77c841f3be1c76d6ffb
Instruction ID: 8251193d881d32d8e54c83032d7af3d727a558d0dab478e62fda002e6e3768ae
Opcode Fuzzy Hash: c3089e0746013e43c5542ec728d284e551af5e9ecbe2e77c841f3be1c76d6ffb
Instruction Fuzzy Hash: 16318D72200200AFEB31CF65DC81FA6FBECEF08710F14895EEA468A591E675F554CB60

Uniqueness

Uniqueness Score: -1.00%

Function 04B63205, Relevance: 1.6, APIs: 1, Instructions: 97windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 04B632CE

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: 9b7aa4204e656c4215cd959893ae9f635aab0f56826b1ce6ee4db831ec8919b8
Instruction ID: dd2c7ef17895f639f6315996173703d67c4649a05a71d395dd911872a0c70b37
Opcode Fuzzy Hash: 9b7aa4204e656c4215cd959893ae9f635aab0f56826b1ce6ee4db831ec8919b8
Instruction Fuzzy Hash: 1A316B7150E3C05FD7138B758C65A66BFB4AF47610F1E80CBD8848F1A3E624A91AC7B2

Uniqueness

Uniqueness Score: -1.00%

Function 04B63BF7, Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 04B63CC7

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 68d7f75ad6d667c02a68cd49b50ef0ae3964e26dd79928583a60111bb9af5ba2
Instruction ID: 5adf8f9b33679ac859ee1bd972305349758b9c51fa6382cabf57fdd56ffa304f
Opcode Fuzzy Hash: 68d7f75ad6d667c02a68cd49b50ef0ae3964e26dd79928583a60111bb9af5ba2
Instruction Fuzzy Hash: 9531B071104340AFE722CF25CC84FA6BBACEF45710F18899EF9859B182D374A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6388A, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04B63936

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 56a97af4c29c8ebcb7998defeb5e67fd7cca9d046f5ca8349f2d400893cdb9a9
Instruction ID: e516cf7ca1636dca72c4bdfa5cd88a588b505e91ca9812db0ee68e90baaa8186
Opcode Fuzzy Hash: 56a97af4c29c8ebcb7998defeb5e67fd7cca9d046f5ca8349f2d400893cdb9a9
Instruction Fuzzy Hash: 1731B1B25097806FE7228F25DC45F66FFB8EF46310F08849AED858B193D234A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6ABD6, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00C6AC85

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 7baf393683ed80970bc9cc35c638e422e35a10d484494c85d9325c48b4e7c0e7
Instruction ID: b9f703a6525cf9ca1fb10b407744e1ee3d6604dc6d941d66c5e0821de1fad6b7
Opcode Fuzzy Hash: 7baf393683ed80970bc9cc35c638e422e35a10d484494c85d9325c48b4e7c0e7
Instruction Fuzzy Hash: A431D4725047806FE7228F25CC85FA7BFECEF05710F0888AAED819B152D265E909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B4D6, Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

LsaLookupSids.ADVAPI32(?,00000E2C), ref: 00C6B56A

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LookupSids
String ID:
API String ID: 2427636062-0
Opcode ID: 250b91e440303edaea22d9aab760f2a26b7691726dc73d3bc63639c811ea5419
Instruction ID: fa04614657a3e0adb54d07605f09f4a22b8490f8c02bfa92826899f22f8f6ad9
Opcode Fuzzy Hash: 250b91e440303edaea22d9aab760f2a26b7691726dc73d3bc63639c811ea5419
Instruction Fuzzy Hash: 4B218172500204AEEB21DF69DC84FAAFBECEF48710F14885AED85DB141D774EA448B71

Uniqueness

Uniqueness Score: -1.00%

Function 04B60C18, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60CB5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 0e80922c385f9d36075ba94289883cab094c1ccbd2bc5231b529fe4d4d279240
Instruction ID: 4898264d19b81f4c7c0fdb29325a93d84e427e475df8885b463caaf74b95f3cf
Opcode Fuzzy Hash: 0e80922c385f9d36075ba94289883cab094c1ccbd2bc5231b529fe4d4d279240
Instruction Fuzzy Hash: 8031E9725097806FDB12CF25DC45FA6BFB8EF46310F0884DAE985DB153D225A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6310E, Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

getnameinfo.WS2_32(?,00000E2C), ref: 04B631A5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getnameinfo
String ID:
API String ID: 1866240144-0
Opcode ID: dbf9380652b025f4a53206c1caf8d46cbeb5693872a1fa38d5a910e80aac6769
Instruction ID: 302afc94a466533b34e13fb9c46d153b070cfc987b862fe99c5a6cac410631a2
Opcode Fuzzy Hash: dbf9380652b025f4a53206c1caf8d46cbeb5693872a1fa38d5a910e80aac6769
Instruction Fuzzy Hash: 5C216172500204AEEB21DF69DC45FAAFBECEF04710F04896AEE46CA181D675E548CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B61109, Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 04B611AD

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: 1f77e0ca30b5b6fb44c14479d8e7e2b1adeafbc929da67294fb2dfa751a994ca
Instruction ID: 7725d92d70aa12226a73528ee677baf3d4fdacd16dfbf888d02dd86309379581
Opcode Fuzzy Hash: 1f77e0ca30b5b6fb44c14479d8e7e2b1adeafbc929da67294fb2dfa751a994ca
Instruction Fuzzy Hash: 96317071509784AFE712CF25DC45B56BFA8EF06314F0884DAE9849B293D275A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C6ACCD, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6AD88

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c89a3907f646206e99e09be412d21fccac736488a58948c251bf2998a3761290
Instruction ID: 9410184ad3bd4ab69c34eaf912830cc21ee3ead5dd96d52da2004113d91cacf8
Opcode Fuzzy Hash: c89a3907f646206e99e09be412d21fccac736488a58948c251bf2998a3761290
Instruction Fuzzy Hash: 9A31A2711093846FE722CF25CC84FA2BFE8EF06710F18849AE985DB552D264E948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B605CC, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 04B6067E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: b55870b5826fbdee173323d84917ed2f608c6ad34eb0248816e258bf1d7afb70
Instruction ID: 4b9a41c59696fbae5ce1ba7226afc86e7afc1cbe5d5bc9cc90c97c455a49fba3
Opcode Fuzzy Hash: b55870b5826fbdee173323d84917ed2f608c6ad34eb0248816e258bf1d7afb70
Instruction Fuzzy Hash: E231B572404784AFE722CF55DC45F56FFF8EF05310F08859EE9849B152D365A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04B64EE8, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B64F7E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 8133c3728ce45dba1f2856f2303b145f2b59e3219d6849edf79d89772ef015ef
Instruction ID: 2e53809cc856565dccafa57313898e337cba15bf9242008b8b4af7d4c29e5a02
Opcode Fuzzy Hash: 8133c3728ce45dba1f2856f2303b145f2b59e3219d6849edf79d89772ef015ef
Instruction Fuzzy Hash: BB21A0725097806FEB128F25DC45FA7BFE8EF46720F0884DAE985DF152D264A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B07F, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6B11C

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 4c4b3420300c4e26cfdb82d52f67d37b0d29d872665799411434c8eadb7ee4bc
Instruction ID: 75c2d1f9054887110fd988e463eeb7de0e2ebfda7aa7cfc4eb64fbba9d353ff9
Opcode Fuzzy Hash: 4c4b3420300c4e26cfdb82d52f67d37b0d29d872665799411434c8eadb7ee4bc
Instruction Fuzzy Hash: 233191715093806FE722CB25DC95F97BFB8EF06310F0884AFE985DB152D264A948C772

Uniqueness

Uniqueness Score: -1.00%

Function 04B60959, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 04B609F9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 7f4a5c8d93925662fdf6a766ebc51e350ab49c0738b65ce521bdddb2c3905e9b
Instruction ID: 84f7bbce29ecc224fc692b46f1cf7f3714069932a4016292c133048094bf5441
Opcode Fuzzy Hash: 7f4a5c8d93925662fdf6a766ebc51e350ab49c0738b65ce521bdddb2c3905e9b
Instruction Fuzzy Hash: 12318271509780AFE722DF65CC45B56FFE8EF05210F18849AE985CB292D375E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B3A3, Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 00C6B43F

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 486aabe9d367f182521cb877d6917122a20319a63113cdfc0d2bffc95d5dc0a7
Instruction ID: bd5ef3aa1cb9fec69aaaf227ee37dc107b27af4027b6e6b793b3d9bf4e25f968
Opcode Fuzzy Hash: 486aabe9d367f182521cb877d6917122a20319a63113cdfc0d2bffc95d5dc0a7
Instruction Fuzzy Hash: 3721CE72504280AFE721CF25DC84FA6BFA8EF45310F08889AED84DB142D234E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04B63C22, Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E2C), ref: 04B63CC7

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: e1c4dd49cb996b58bb2cf0fac6748fd17a323207601dcf4d09501020916da1ed
Instruction ID: 1f313f331c8a21f643ad4d7d8e882a8137e11aca6b3d95c1592492702e4fc58b
Opcode Fuzzy Hash: e1c4dd49cb996b58bb2cf0fac6748fd17a323207601dcf4d09501020916da1ed
Instruction Fuzzy Hash: 3D21D171100200AFEB31DF65DC85FA6FBECEF48710F14885AFE459A181D2B4A5098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 04B61204, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B612AA

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: a58576a10726083b31aae3840ddad5f0310b3c0e47b38fd16249a86436065e87
Instruction ID: 405395525748af6b72af307b9651beb33b93f6b5dce086ad3c4a649aaa42ffce
Opcode Fuzzy Hash: a58576a10726083b31aae3840ddad5f0310b3c0e47b38fd16249a86436065e87
Instruction Fuzzy Hash: BC21D3B24047446FEB12CF69DC44FA7BBACEF49720F0485AAF985DB152D274A909CB70

Uniqueness

Uniqueness Score: -1.00%

Function 04B6359C, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 04B63635

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: a0f6d8a908710222d2ac6b771c32cb79d3f7abb8e5893986aa7011b6d8cc92ef
Instruction ID: ec4abc84efcb800c513169f7a6b6af2daf325c9b68f29a2db77cbc9611028172
Opcode Fuzzy Hash: a0f6d8a908710222d2ac6b771c32cb79d3f7abb8e5893986aa7011b6d8cc92ef
Instruction Fuzzy Hash: FA21A0714093806FEB128B25DC45F66BFA8EF46714F0984EBED849F153D264A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64FDD, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B6506E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 6fe3988b1a8df92fef4dd507b35b142d2b6577a0ece64ec1defb12c3318b9da2
Instruction ID: a183f44fe7e7391e686fd3ffd98ba4d1a3bd40ce870f632fac7545ffd4ef5ca7
Opcode Fuzzy Hash: 6fe3988b1a8df92fef4dd507b35b142d2b6577a0ece64ec1defb12c3318b9da2
Instruction Fuzzy Hash: A721A671509380AFE722CF25DC44FA6BFA8EF45310F0884AEE985DB152D268E848CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A1D0, Relevance: 1.6, APIs: 1, Instructions: 82networkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32(?,00000E2C,?,?), ref: 00C6A26D

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: gethostname
String ID:
API String ID: 144339138-0
Opcode ID: e70d2ddeba8de7ae211a29e6d75ccf3a46b77110fcc53d2f9ae00b856bd2ea95
Instruction ID: fbae6f73ff424db21e7079a5fd8cd58c64699b131323dab5832cc838495cb63e
Opcode Fuzzy Hash: e70d2ddeba8de7ae211a29e6d75ccf3a46b77110fcc53d2f9ae00b856bd2ea95
Instruction Fuzzy Hash: 9421AD7140D3C06FD7138B758C55BA2BFB4EF87620F1985CBD8848F193D229A909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04B650D4, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 04B6517A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 4ac1fc35adc8aba9a415c25b39a3e9ccd9ee35b6bc590cfb199033023319d676
Instruction ID: e4ae77e3d1127f5b15a209af53e7963fe6b858a911fe29521fd39b6019f75804
Opcode Fuzzy Hash: 4ac1fc35adc8aba9a415c25b39a3e9ccd9ee35b6bc590cfb199033023319d676
Instruction Fuzzy Hash: EC21AD714093C06FD312CB65CC55F66BFB8EF87610F0984DBD8848B1A3D224A909CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04B613C1, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 04B6146E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 6cbbe09ffecd3a4dbced4ef3baf65fdf754dcda90c6f284dd8d36da8e61d56ef
Instruction ID: 468200587e22bad00ca15b2d2ae2bf593303df4385d45c81d555b11d0d51e280
Opcode Fuzzy Hash: 6cbbe09ffecd3a4dbced4ef3baf65fdf754dcda90c6f284dd8d36da8e61d56ef
Instruction Fuzzy Hash: 45218E725093C06FD3138B25DC55B62BFB8EF87610F0A81DBD8848B5A3D224A919C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00C6BD00, Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6BD95

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: ef862030538bbb60829a5e916b6c82cc02a3d31db7d99e611bfe54e6e3396c96
Instruction ID: 425912eade43496fb5bda0afd7c69cf6afe77c9e34318d3bf53893414b9ff454
Opcode Fuzzy Hash: ef862030538bbb60829a5e916b6c82cc02a3d31db7d99e611bfe54e6e3396c96
Instruction Fuzzy Hash: 6221F8754097806FE7138B25DC41BA2BFACEF46720F1884DAED848B193D2646949C771

Uniqueness

Uniqueness Score: -1.00%

Function 04B62EED, Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B62F85

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 1991f6a6d41b51624603f69e928916e6ef20006a6e6827b792752d7c884f6fa3
Instruction ID: 6a04516574ccefb0bb45fbd961ec291e28f6794fa170085056031ec83ef3a139
Opcode Fuzzy Hash: 1991f6a6d41b51624603f69e928916e6ef20006a6e6827b792752d7c884f6fa3
Instruction Fuzzy Hash: 7C2182714093806FE7128F25DC44FA6FFB8EF06310F0885DBE9858E1A2C265A809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6121B, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B612AA

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: ac0cacad6437b51e51eac2809b866862e092e235594ad4011a47f55f34bcb08c
Instruction ID: ade038818f71494a72ccf522161891d4dee35eab1d653e18422634ecc5c4b745
Opcode Fuzzy Hash: ac0cacad6437b51e51eac2809b866862e092e235594ad4011a47f55f34bcb08c
Instruction Fuzzy Hash: 222190724093846FDB12CB65DC84F96BFB8EF4A210F1884EBE985DB152D268A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B60006, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60091

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 8071c9b2a6a109195525e63af3e3589729ddbe123ca205ccd2199e87aa2c6c6b
Instruction ID: 5d7c643299461cf8bbf5b8525723630b2000a9aa7a4deccfa51a608fcd69af48
Opcode Fuzzy Hash: 8071c9b2a6a109195525e63af3e3589729ddbe123ca205ccd2199e87aa2c6c6b
Instruction Fuzzy Hash: 0621D672405344AFE7228F65DC40FA7BFE8EF46720F0484AAE945DB152D279A808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B62FED, Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetPerAdapterInfo.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63077

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdapterInfo
String ID:
API String ID: 3405139893-0
Opcode ID: e24c3e5c596c0294bd78bdc08f615597945b465b021bb587d033811b82b699ba
Instruction ID: 5e28a1df5c1dfa4f8a736d429700d680767f0d0246be2f0d4a13e049f92fac2a
Opcode Fuzzy Hash: e24c3e5c596c0294bd78bdc08f615597945b465b021bb587d033811b82b699ba
Instruction Fuzzy Hash: 3021B271409384AFD722CB25DC85F66BFB8EF46310F0885DAE9858B153D269A509C771

Uniqueness

Uniqueness Score: -1.00%

Function 04B636C2, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04B63741

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 10d126340f8a5d537096362fca6bd31ad4c659051bfa428ac0d899ca50569c20
Instruction ID: f6ad2afb09115e77e89aecbb3e21765bda4112017956626b5f90f4bd2eb887eb
Opcode Fuzzy Hash: 10d126340f8a5d537096362fca6bd31ad4c659051bfa428ac0d899ca50569c20
Instruction Fuzzy Hash: E92171B2500604AEE721DF65DC45FABFBECEF48710F14886AED45DB141D674E5088B71

Uniqueness

Uniqueness Score: -1.00%

Function 04B637AF, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63840

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 8b0b4e53c1d35b668a060b8e2143b35fef4adc59a3c3f918d070678abb29bcad
Instruction ID: a11daa63ca32e0504a21bfde553fbb6496208a06c789035e16fa8f9812b65c9d
Opcode Fuzzy Hash: 8b0b4e53c1d35b668a060b8e2143b35fef4adc59a3c3f918d070678abb29bcad
Instruction Fuzzy Hash: 89219C72409380AFD7228F65DC44F97FFF8EF09210F0888AAE9859B152D264A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B634C3, Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B6355F

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: be67072d0e5a4828dc9b0717d99ae42cf5f81c2b94070a7f17e74462a805f6b0
Instruction ID: 7a75de4d6b150a82472daef5807f53d138ab2fed9c08338d92ef93b5d616d090
Opcode Fuzzy Hash: be67072d0e5a4828dc9b0717d99ae42cf5f81c2b94070a7f17e74462a805f6b0
Instruction Fuzzy Hash: 75219C714097C46FE7228B25DC55FA2FFB8EF06314F0984DBE9898B193D268A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B8DE, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 00C6B96A

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: a8d2166cd351cb477f2a32de77fe637153fe51b6e7b57a8ff9c8d72aa0c928d4
Instruction ID: 5793e3c2fa3e1109159baf50c72597f8f02cb89ed5cbacdf292f7110ff59d3ea
Opcode Fuzzy Hash: a8d2166cd351cb477f2a32de77fe637153fe51b6e7b57a8ff9c8d72aa0c928d4
Instruction Fuzzy Hash: C821A071508380AFE722CF65DC48F56FFB8EF05310F08849EE9858B252D375A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C6BC2A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00C6BCA9

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ea55c7149add77fceb5be90477a7a9533ceffd4ebc8a72f7bf73ea535c72d8a3
Instruction ID: 481c02fcc11b3ad07eb553d7acd5b45982fb74ccf532e22ebb8b46130f2f3da3
Opcode Fuzzy Hash: ea55c7149add77fceb5be90477a7a9533ceffd4ebc8a72f7bf73ea535c72d8a3
Instruction Fuzzy Hash: E0216B71500640AFEB31DF66DD85B66FBE8EF08310F18846EE985CB252D771E9448A71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6024E, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B602E0

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1422b69cae932ffe22677de414cda8add688bf7c1faf49652643127ad95f11e0
Instruction ID: 09dcdc01ce15f4a4cfcd5417d1f1973accebf1c90638a045aa495ba01e2c88fa
Opcode Fuzzy Hash: 1422b69cae932ffe22677de414cda8add688bf7c1faf49652643127ad95f11e0
Instruction Fuzzy Hash: 17218C72505340AFD721CF56CC44F67BBE8EF09610F08849AE985DB252D268E448CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B9C3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 00C6BA40

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 60fb464af1cbfee1484fcf59bd8445d8bd946d11e1c6382fcbedac891a0f8794
Instruction ID: 919ee2b10226df5071c87bb888711e4299a5333f93e04a1f80836ba8a57c3a1a
Opcode Fuzzy Hash: 60fb464af1cbfee1484fcf59bd8445d8bd946d11e1c6382fcbedac891a0f8794
Instruction Fuzzy Hash: 33218B714093C0AFDB228F65DC45AA2BFB4EF07320F0984DAE9C48F163C2659949DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6443B, Relevance: 1.6, APIs: 1, Instructions: 74libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 04B644DB

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 24cfa286728bdd2559ff6f3304d55598bfcd5194ecd0da3cbd833f4ffaeb98fd
Instruction ID: c07ad18e44afe9c4ab6eb6b6f4bda767414d201e61784c89985f493e0aca65dd
Opcode Fuzzy Hash: 24cfa286728bdd2559ff6f3304d55598bfcd5194ecd0da3cbd833f4ffaeb98fd
Instruction Fuzzy Hash: 2A210A710497806FE712CB15CC45FA2FFA8EF06720F1880DAED859F193D2A8A948C7B5

Uniqueness

Uniqueness Score: -1.00%

Function 04B60F5D, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60FE3

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: 5f3dca99a593d5700619835fff63555d1bcaabcbb19ec035401b4609ca0fbd31
Instruction ID: 645ee7b69af6cd69febf0cf6190b498bb3951d59c3b70b6efe8ea18960c25e66
Opcode Fuzzy Hash: 5f3dca99a593d5700619835fff63555d1bcaabcbb19ec035401b4609ca0fbd31
Instruction Fuzzy Hash: 082180715093806FDB22CF65DC45F97FFA8EF49310F0884AAE985DB192D278A548CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6AC06, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00C6AC85

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 7fa83cfcc14e5b9665b5245043f3510cacd1569481134c0191f7da7cde969c18
Instruction ID: bd33ab82616646430de640adeac8e799991b13c475118282e4d6faab552b0159
Opcode Fuzzy Hash: 7fa83cfcc14e5b9665b5245043f3510cacd1569481134c0191f7da7cde969c18
Instruction Fuzzy Hash: 4F219272500604AFE7319F55DD84F6AFBECEF08710F14845AE9459B241D265E5048AB2

Uniqueness

Uniqueness Score: -1.00%

Function 04B638C2, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 04B63936

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: bec3beca344c8d477b50dca0a6f92bb98707a9e6a733b13294663997e6b1909c
Instruction ID: 5eed2bcb14c3db73df3f5b69a1c5b560b9165f2dfb86f3c190d5b4acfeb02f05
Opcode Fuzzy Hash: bec3beca344c8d477b50dca0a6f92bb98707a9e6a733b13294663997e6b1909c
Instruction Fuzzy Hash: E721A171500600AFEB209F65DC45F6BFBE8EF44720F14886AED869B681D274E5088A71

Uniqueness

Uniqueness Score: -1.00%

Function 04B60986, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 04B609F9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 5db994df59aaf5c1400d5dcf9880e029d26d78e2ccfa4615cf3f3a3099911bd9
Instruction ID: bffa0117c5cd44af138883d845ee4d95ebd6da13c38745bb8e081084a3a7649a
Opcode Fuzzy Hash: 5db994df59aaf5c1400d5dcf9880e029d26d78e2ccfa4615cf3f3a3099911bd9
Instruction Fuzzy Hash: 0C218071600244AFE720DF6ADD85B66FBD8EF04310F1884AAED899B281D275E805CA75

Uniqueness

Uniqueness Score: -1.00%

Function 04B633FE, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON

Download Yara Rule

APIs

WSAIoctl.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63479

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Ioctl
String ID:
API String ID: 3041054344-0
Opcode ID: 9909a2b67791fa3b4834f9015d45e38f69b5534a2d6a03e83a17ffe505c0192a
Instruction ID: 1a4e32b0935e81c3369c73b9918ba523363ed417fc43c6302ce0aa9ec13528c4
Opcode Fuzzy Hash: 9909a2b67791fa3b4834f9015d45e38f69b5534a2d6a03e83a17ffe505c0192a
Instruction Fuzzy Hash: B5218071500600AFEB21CF59DC84FA6FBE8EF08710F0484AAED868B251D378E449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B3CE, Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 00C6B43F

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: OpenPolicy
String ID:
API String ID: 2030686058-0
Opcode ID: 1fec2fdb402c00b8deb2e06d4c68723aaf063497f1e5cdf87ed7c5d70305df51
Instruction ID: fc0dad489403ba26fb6425e8f9dbf9993b9411d3e864b83dc49a8a6604173636
Opcode Fuzzy Hash: 1fec2fdb402c00b8deb2e06d4c68723aaf063497f1e5cdf87ed7c5d70305df51
Instruction Fuzzy Hash: 44219372500604AFEB20DF69DC85F7AFBA8EF44710F18886AED45DB242D774E9448B71

Uniqueness

Uniqueness Score: -1.00%

Function 04B61917, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000E2C,?,?), ref: 04B6199A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 49cd90baa2e9d7657ad8a555a031de8ca6a4c62d4b3ef0483db9b158ba053505
Instruction ID: f7fd287497a2d967f2fc054443dfbb0fa34d7a4989198dfe63636ee72e1a295a
Opcode Fuzzy Hash: 49cd90baa2e9d7657ad8a555a031de8ca6a4c62d4b3ef0483db9b158ba053505
Instruction Fuzzy Hash: 712105715493806FC312CF25DC41F66BFB8EF86620F0985ABEC848B642D234B915CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04B61041, Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B610BF

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 599b4f90fd3b1c1f0af226855d1d4f4236e3407baec5ef6a8c09eb19cea585b3
Instruction ID: b8db89f1d8ad9ab3757ef7ddb78c6acca7ac6d95c337705c07be6dbb339ba663
Opcode Fuzzy Hash: 599b4f90fd3b1c1f0af226855d1d4f4236e3407baec5ef6a8c09eb19cea585b3
Instruction Fuzzy Hash: F02181714093846FDB12CF65DC85FA6FFA8EF46311F0884AAE9899B152D274A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B659EC, Relevance: 1.6, APIs: 1, Instructions: 69fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B65A60

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 7dbf886a96218a6d89f6b1324b358279c335a8ce07d9ec073c1469710e813958
Instruction ID: 839c4dd774842a775c1432093087570d43497b6e64b5286f2e7884df4913c838
Opcode Fuzzy Hash: 7dbf886a96218a6d89f6b1324b358279c335a8ce07d9ec073c1469710e813958
Instruction Fuzzy Hash: 7E215E725093C05FDB12CB65DC95692BFA4EF47220F0D84EAD985CF253D268A849CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C6AD0E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6AD88

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 804c5fc7b8fe9300a214d1556438d859c15de0982ff9ae2221c4c71781b3629d
Instruction ID: 0fa52c5e50ab844d692469315779c52d6dcc404be8e2ff981497b81b7be8cff6
Opcode Fuzzy Hash: 804c5fc7b8fe9300a214d1556438d859c15de0982ff9ae2221c4c71781b3629d
Instruction Fuzzy Hash: 48215C75600604AFEB31CF16DC84FA6FBECEF08711F1884AAE945DB651D660E948CA72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B0B2, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6B11C

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: dc3ade5a252edaf6cc56f00690e74931dc6cb963e725a4f5fe0a71d71c65ca13
Instruction ID: 3140fb4ecd9f58408fb928cf1112b40e62f0ae4f4ce5eea5b7a157c1aaa62dc3
Opcode Fuzzy Hash: dc3ade5a252edaf6cc56f00690e74931dc6cb963e725a4f5fe0a71d71c65ca13
Instruction Fuzzy Hash: 8B118E71500204AFEB218F66DC85FAABBA8EF09720F14846AE945DA251D674A9448B71

Uniqueness

Uniqueness Score: -1.00%

Function 04B653F5, Relevance: 1.6, APIs: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 04B6546C

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: c993fe7761dadbdf016996ee8ebd74dc73bac14e3dd9a074c67fe7ef24a9d8a3
Instruction ID: 4ec6def824121e2a2c9a893095e705350cae44bdfe1a2074b189e45d8137f853
Opcode Fuzzy Hash: c993fe7761dadbdf016996ee8ebd74dc73bac14e3dd9a074c67fe7ef24a9d8a3
Instruction Fuzzy Hash: CD21F676409380AFDB228F25DC40A52FFB4EF07310F0884DEED858F153D265A818DB61

Uniqueness

Uniqueness Score: -1.00%

Function 04B6050A, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 04B60575

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 87d3f9ec0ad8c3278f505be2109e010f22782c9c8b4acaeb38a913bc10bca488
Instruction ID: 3dc1d339bcda579a8384b1840d8b86c155093c799b1431f7db4004e74c82426e
Opcode Fuzzy Hash: 87d3f9ec0ad8c3278f505be2109e010f22782c9c8b4acaeb38a913bc10bca488
Instruction Fuzzy Hash: 2D216D71504240AFEB21DF6ADD85B66FBA8EF05320F1884AAED868B241E275A4448B75

Uniqueness

Uniqueness Score: -1.00%

Function 04B61142, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

accept.WS2_32(?,?), ref: 04B611AD

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: accept
String ID:
API String ID: 3005279540-0
Opcode ID: c9165c89678d84fd7d5c64dfcd00d252369979d96fc0cc1b5e2db0c74f30ec4f
Instruction ID: 367ebe5b011a47ab22d95b817d4e64b547f31827286413d0d12317fcf385e48e
Opcode Fuzzy Hash: c9165c89678d84fd7d5c64dfcd00d252369979d96fc0cc1b5e2db0c74f30ec4f
Instruction Fuzzy Hash: 0A219371504244AFE721DF69DD45F66FBE8EF04310F1484AAED898B242D375B904CE75

Uniqueness

Uniqueness Score: -1.00%

Function 04B6060A, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 04B6067E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: f1675cdc6e5084bb6ca5fa375dc137cc09b7a64d185cb13842f68284a10e469e
Instruction ID: b9b402a31a4cd7a0fcdd065694cd85b4e1658b45a28c92d4d36a7ab85a182236
Opcode Fuzzy Hash: f1675cdc6e5084bb6ca5fa375dc137cc09b7a64d185cb13842f68284a10e469e
Instruction Fuzzy Hash: C121C071500244AFEB21DF6ADD84FA6FBE8EF48320F14849EE9859B251D3B5B508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6500A, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32GetModuleInformation.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B6506E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: InformationModule
String ID:
API String ID: 3425974696-0
Opcode ID: 714f9f1201d9cebf110974f9c9a5e9c9a37fc0b37bd677debf2a46f5e62962e6
Instruction ID: df671756ba5b9bd9d180f8567b257ebc7e5a2553eb419274d564a49169581dbc
Opcode Fuzzy Hash: 714f9f1201d9cebf110974f9c9a5e9c9a37fc0b37bd677debf2a46f5e62962e6
Instruction Fuzzy Hash: 92119671500200AFEB20CF65EC85FA6FBE8EF44720F1484AAED45DB251D675E418CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04B63DD2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04B63E4E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 8a4168b48cdf1bfb2d2cc44a7b9225b0cdd4213b8c65b60d426c36e2f45eecac
Instruction ID: a5c177896da36d58fbae92b2e3a00c0bd58bd895b1974b83c6856cab75244378
Opcode Fuzzy Hash: 8a4168b48cdf1bfb2d2cc44a7b9225b0cdd4213b8c65b60d426c36e2f45eecac
Instruction Fuzzy Hash: 00215E71509384AFDB228F55DC44B62BFF4EF06210F0889DAED858B162D379A819DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B62D4A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B62DC8

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: b35733333a16635f1b0ac4f2b210157924a7b0fce676decd00c72331acde39bc
Instruction ID: 65d362d3d7dbf479996bc424e56251730a3cddf85da119c77ab795391cbf36f9
Opcode Fuzzy Hash: b35733333a16635f1b0ac4f2b210157924a7b0fce676decd00c72331acde39bc
Instruction Fuzzy Hash: F121B7714093846FE712CB15DC44FA6FFB8EF46310F08C4DBE9859B192C268A448C772

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B8FE, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 00C6B96A

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 95550a3ed32fcb73885e7b1b70189fbb922644519dffd7b85f23cba46c0bac29
Instruction ID: 281d738f60efe537acca85eea398268e41d1dbd16570627c3fbb416eca155120
Opcode Fuzzy Hash: 95550a3ed32fcb73885e7b1b70189fbb922644519dffd7b85f23cba46c0bac29
Instruction Fuzzy Hash: B421A171504240AFEB31DF65DD85B66FBE8EF08310F14886EEE858B651D375A848CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B635D2, Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenCurrentUser.KERNEL32(?,00000E2C), ref: 04B63635

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CurrentOpenUser
String ID:
API String ID: 1571386571-0
Opcode ID: 609352a874421ff503b02f0ae7f71f6d076a6b9b481d95257b9135c00a10f9b5
Instruction ID: 1b4542d7a9315deca937ea8b6a17bff0bcd3d91b79a058cab682e0b8258da1ca
Opcode Fuzzy Hash: 609352a874421ff503b02f0ae7f71f6d076a6b9b481d95257b9135c00a10f9b5
Instruction Fuzzy Hash: 1F11E671504204AFEB20DF25DC85F6AFBD8EF44720F1488AAED45DB241D278A5058A71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6026E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B602E0

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 31782636a37f675c7e58852978eab0c7ff223caf9e6800f213de7a618e87f136
Instruction ID: 81bcb06452adeb61d38e0d5261fa1ed3fe7864735fb1ae0e5bdda3257ef17ec4
Opcode Fuzzy Hash: 31782636a37f675c7e58852978eab0c7ff223caf9e6800f213de7a618e87f136
Instruction Fuzzy Hash: BF117F72500604AFEB20DF5ADC85F67FBE8EF08710F0884AAE9469B251D364E448CA71

Uniqueness

Uniqueness Score: -1.00%

Function 04B61A6D, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 04B61AE9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 71009568c3b09387c5584a3b86f2998fa425dfe0141eca0ccae86969288be108
Instruction ID: 7356e48b555417e06c8ee24fbcc7822fa433bf658e12e912b48f68a500c9477d
Opcode Fuzzy Hash: 71009568c3b09387c5584a3b86f2998fa425dfe0141eca0ccae86969288be108
Instruction Fuzzy Hash: 662181715093845FD7228E15DC85B62BFE8EF46610F0C80DAED858B252D265E809C771

Uniqueness

Uniqueness Score: -1.00%

Function 04B637D6, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegNotifyChangeKeyValue.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63840

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ChangeNotifyValue
String ID:
API String ID: 3933585183-0
Opcode ID: 43ad0f42eb4dd22f0689059372603f9e36b40de578dddfa62262859df5da6249
Instruction ID: e21917e69bd50718bcc0d15e9bcb81656abd84074f88f4e31478643adf8b9ce3
Opcode Fuzzy Hash: 43ad0f42eb4dd22f0689059372603f9e36b40de578dddfa62262859df5da6249
Instruction Fuzzy Hash: 9E119371500204AFEB21CF56DC44FAAFBECEF08720F1484AAED499B251D274E509CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A112, Relevance: 1.6, APIs: 1, Instructions: 65networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 00C6A185

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: ddecd49f9c2fc1d2a497525a56023e62674fe31e10a52b09385173f80b4f0cf8
Instruction ID: 0947d1be36e38386e17c0eea36caab607ac094a46fc5b07e10588c67cba5d875
Opcode Fuzzy Hash: ddecd49f9c2fc1d2a497525a56023e62674fe31e10a52b09385173f80b4f0cf8
Instruction Fuzzy Hash: BF2158724093C0AFDB228B65DC44A92BFB4EF17314F0984DAED848F163D275A908DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B60C56, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60CB5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 408c0e74e32609239d133b932c1d915aa9f2bf60ad5df36b3e1c3a996c715c84
Instruction ID: b28f685abe845bbe9c2b8bee139a98a045d0a33c3f5af7afd765fe0f95c6238b
Opcode Fuzzy Hash: 408c0e74e32609239d133b932c1d915aa9f2bf60ad5df36b3e1c3a996c715c84
Instruction Fuzzy Hash: 2511B272500200AFEB21DF5ADC45FAAFBE8EF48720F1484AAED4ADB251D275A405DB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B61246, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON

Download Yara Rule

APIs

WSAEventSelect.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B612AA

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: EventSelect
String ID:
API String ID: 31538577-0
Opcode ID: 59f33c1e29094e20819eeffe6f2932affc00a541eb3fa63d88c9e5730b30f07c
Instruction ID: 5747ba0e7ce03196a417ff00e3dba34ec9485990fed9bf59eead10bb9008f1a3
Opcode Fuzzy Hash: 59f33c1e29094e20819eeffe6f2932affc00a541eb3fa63d88c9e5730b30f07c
Instruction Fuzzy Hash: 0311B272500244AFEB21CF5ADC84FA6FBDCEF48320F1484AAED45DB241D674A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64F22, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

K32EnumProcessModules.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B64F7E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: EnumModulesProcess
String ID:
API String ID: 1082081703-0
Opcode ID: 87a772a402bb398a1d559b53ebbe805d9aafaa29cbc1cac10e76f278c777d310
Instruction ID: 0ac2bc3f7e411bdd9107e376a4488871b46518c63380589f28adb22006120def
Opcode Fuzzy Hash: 87a772a402bb398a1d559b53ebbe805d9aafaa29cbc1cac10e76f278c777d310
Instruction Fuzzy Hash: 18119071500600AFEB218F59EC85BABFBE8EF44720F1484AEED499B241D274B4048B75

Uniqueness

Uniqueness Score: -1.00%

Function 04B601AA, Relevance: 1.6, APIs: 1, Instructions: 62comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?,00000E2C,?,?), ref: 04B60221

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: d0ee5922113ca2663a1e9e790bc219510be943de159a9a3a492a5595afbbe949
Instruction ID: 21dcb43d2a55521a169107d4204d60846e3d9825a732573a1ddc8cc70c9d1fbb
Opcode Fuzzy Hash: d0ee5922113ca2663a1e9e790bc219510be943de159a9a3a492a5595afbbe949
Instruction Fuzzy Hash: 6D11B671505380AFD3128B16DC41F36BFB8EFC6620F19819AEC448B642D225B915CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 04B60F82, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

getsockname.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60FE3

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: getsockname
String ID:
API String ID: 3358416759-0
Opcode ID: cff6817fdc8721ecb74ea47224c45b5bc394cd0006d8304e80ee29a2316f8724
Instruction ID: 4978265e82c5113a108368417cfbf24f076da57b8c14b0445d73bf92587c6cfa
Opcode Fuzzy Hash: cff6817fdc8721ecb74ea47224c45b5bc394cd0006d8304e80ee29a2316f8724
Instruction Fuzzy Hash: C9118271500240AFEB21DF5ADC85FA6FBD8EF48720F14C4AAED49DB241D678A448CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A70A, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 00C6A77C

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: aec773b1232722ed0aa9821118afd35de48a4fc3d521bfc41f1fbd24304fea00
Instruction ID: e7060609cdbaec94621ba6e46e4edbb4db8973f3fa54f2a82226d40d2b2391d9
Opcode Fuzzy Hash: aec773b1232722ed0aa9821118afd35de48a4fc3d521bfc41f1fbd24304fea00
Instruction Fuzzy Hash: D02136714093C46FDB138B259C94A62BFB49F07624F0984DBED858B2A3D2A95908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04B64996, Relevance: 1.6, APIs: 1, Instructions: 61registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B64A00

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c1ecebee5d700cfe0089296a049f50af5ce6aaa8f2e45f4fad4b957eb1210ac3
Instruction ID: ef59a9f86252f2f06c668f3abaf6445456c3df69b587180f4ced4032e30dc248
Opcode Fuzzy Hash: c1ecebee5d700cfe0089296a049f50af5ce6aaa8f2e45f4fad4b957eb1210ac3
Instruction Fuzzy Hash: 1511BF72500600AFEB31CF56DC41FA7FBE8EF08720F0884AAED869A251D274E409CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A65F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C6A6CA

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 32e879f4fb236a87b3b502175e220f8be2bbbf7c7a0855b746a9da9db87231f3
Instruction ID: 2e38fe0dd3a5755d6a7445e526f20e57c441538ec0268dfe91b598dcb13ce9ee
Opcode Fuzzy Hash: 32e879f4fb236a87b3b502175e220f8be2bbbf7c7a0855b746a9da9db87231f3
Instruction Fuzzy Hash: 4F118172409380AFDB228F55DC44E62FFF4EF4A310F0884DAED858B562D275A918DB72

Uniqueness

Uniqueness Score: -1.00%

Function 04B60032, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B60091

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: b9df13e5219873121e23b4f4ff788d095e5b9dcb25836d3ff39bed8a4bd8c572
Instruction ID: 613c2d6d13ada840ad4c27382e4486055e27b170760184159483272bcd2826c8
Opcode Fuzzy Hash: b9df13e5219873121e23b4f4ff788d095e5b9dcb25836d3ff39bed8a4bd8c572
Instruction Fuzzy Hash: 4811E771500304AFEB21DF66DC44FA6FBE8EF08724F1484AAED459B241D275A404CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64A52, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B64AB3

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e25b3bf966d0b3aa46da10589715dd325a3616d77c2121111ae95976b74eed80
Instruction ID: 75d8d72ba6ea1d64bf49b9c11172c16bfe0583ce41846b3142f1da1a9a937cf7
Opcode Fuzzy Hash: e25b3bf966d0b3aa46da10589715dd325a3616d77c2121111ae95976b74eed80
Instruction Fuzzy Hash: 87119371508380AFD711CF65DC85B96BFE8EF46220F0884EAED85CB252D278E849CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B65348, Relevance: 1.6, APIs: 1, Instructions: 60windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04B653B5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: ada90f975a85995a4cac57c9ec2e15b229805c574f94263aeb58851826886bbd
Instruction ID: 1f0e14c183615e1a35474a1707e3900362ab3daf3eb1d76fd694f87a1aebe9d6
Opcode Fuzzy Hash: ada90f975a85995a4cac57c9ec2e15b229805c574f94263aeb58851826886bbd
Instruction Fuzzy Hash: C111A2755093C09FD7228B25DC84A52BFB4EF06220F0D84DFED858F563D265A858CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B652AC, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B6530C

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 1c1919ecfe07d66f38a98286c2b67a65171caece1d51d1bf217b7e34783a49f6
Instruction ID: 10afebc834770965486eed28715bc3ec65c5b0de99d6b4bdbb9e91e6b00b39e8
Opcode Fuzzy Hash: 1c1919ecfe07d66f38a98286c2b67a65171caece1d51d1bf217b7e34783a49f6
Instruction Fuzzy Hash: 9B11B2725093C09FD7128F25DC94A92BFB4EF07610F0880EADC868F253D265A818CB72

Uniqueness

Uniqueness Score: -1.00%

Function 04B61066, Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B610BF

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 0fee0760ddd70350416c83da89c483b972868eb6821615e02b30a0e1ce15bfcf
Instruction ID: 0635d219e1831d88fb64be0cbae218d485e7808a1a52340df6c957a0bf91654c
Opcode Fuzzy Hash: 0fee0760ddd70350416c83da89c483b972868eb6821615e02b30a0e1ce15bfcf
Instruction Fuzzy Hash: 2811C671504240AFEB21CF69DC85FA6FBE8EF44721F18C4AAED499B241D275A405CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B65561, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 04B655CC

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 3b09966543a1f71f280bccc90a964591f8c2e5ae6a489111d6192ddf7a3e89f3
Instruction ID: 13d0baf5728522359d6c56885079e47a982f2816afed5b3e7e3c5f03e4603b43
Opcode Fuzzy Hash: 3b09966543a1f71f280bccc90a964591f8c2e5ae6a489111d6192ddf7a3e89f3
Instruction Fuzzy Hash: 36114C754093C0AFD7128B25DC44B62BFB4EF47624F0984DAED858F263D269A848CB72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A386, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 00C6A3DC

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 7952a0d94d2e2c7a50386e29703adb429cf5604bfb7ac395f6f0c0bc4b2e39ab
Instruction ID: ad0fb27704e89c06dbe17586fcbbac5e13a61779bf6a6a9ebf99b250a90362e1
Opcode Fuzzy Hash: 7952a0d94d2e2c7a50386e29703adb429cf5604bfb7ac395f6f0c0bc4b2e39ab
Instruction Fuzzy Hash: C01194715093C09FD7128F25DC94BA6BFA4DF46220F0884EBED858F652D275A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B64472, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E2C), ref: 04B644DB

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 348ad3893284cf7dac1bac1a1fb926ffa34c6c620e5ab92cc7c1b2bbbddb98d4
Instruction ID: 696fa7cb6237323a1ffb019a61d1ee56e82e0408460045a868bee6468e6e111f
Opcode Fuzzy Hash: 348ad3893284cf7dac1bac1a1fb926ffa34c6c620e5ab92cc7c1b2bbbddb98d4
Instruction Fuzzy Hash: 1911E531500600AFE720DF19DC45FA6FB98DF04720F14849AED455B281D6B8B544CA75

Uniqueness

Uniqueness Score: -1.00%

Function 04B62F26, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetAdaptersAddresses.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B62F85

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdaptersAddresses
String ID:
API String ID: 2506852604-0
Opcode ID: 7d7d85cc7a17d5ee897ee94e62e7c2527e735e779028819d48f20677e7ba5e35
Instruction ID: 8f0d377ef8d56e598d0c41386ca595077d7058b873b078cc8b134be955954a07
Opcode Fuzzy Hash: 7d7d85cc7a17d5ee897ee94e62e7c2527e735e779028819d48f20677e7ba5e35
Instruction Fuzzy Hash: 4911C271500700AFEB219F16DC85FA6FBA8EF08721F14849EED869B251D275A409CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 04B614A4, Relevance: 1.6, APIs: 1, Instructions: 54fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B61504

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 0f43ecb1dd7fff5383a400c06541bdd45878e16d4321ad2bc15c8625fffdda5f
Instruction ID: 4368fb8e071259e10df6ea742dd0aa72918602aac20ca4a1805f993d1a2cfa12
Opcode Fuzzy Hash: 0f43ecb1dd7fff5383a400c06541bdd45878e16d4321ad2bc15c8625fffdda5f
Instruction Fuzzy Hash: 28116071409380AFDB22CF55DC44A56FFB4EF45220F0988AEED868B562D379A419CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04B6301E, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

GetPerAdapterInfo.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B63077

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AdapterInfo
String ID:
API String ID: 3405139893-0
Opcode ID: a4b156d7c2930a20d1d704e76da58910dd8f0aba9d3b9e6c789906389a08d704
Instruction ID: 8859416ff0957e1021d89faa792d4ad8cb5e00465e1129bd5dbed69dc53ddf7b
Opcode Fuzzy Hash: a4b156d7c2930a20d1d704e76da58910dd8f0aba9d3b9e6c789906389a08d704
Instruction Fuzzy Hash: 8811C871504304AFEB208F15DC45F66FBE8EF44720F1484AAED459B241D275A449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B63506, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RasConnectionNotificationW.RASAPI32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B6355F

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ConnectionNotification
String ID:
API String ID: 1402429939-0
Opcode ID: a4b156d7c2930a20d1d704e76da58910dd8f0aba9d3b9e6c789906389a08d704
Instruction ID: 8e0ba15626ad8ba1ee1e22b79966e9ba92fec939f8e81d7d1e161897300ed418
Opcode Fuzzy Hash: a4b156d7c2930a20d1d704e76da58910dd8f0aba9d3b9e6c789906389a08d704
Instruction Fuzzy Hash: 3611C871500304AFEB20CF16DC45F66FBE8EF08721F1884AAED459B251D274B545CA71

Uniqueness

Uniqueness Score: -1.00%

Function 04B62847, Relevance: 1.6, APIs: 1, Instructions: 53windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 04B628A9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 81938059d6b76c08f4fdb3c121456aaa3e853eddb465698624f81e2d2bd8f910
Instruction ID: 0fa44d3af67b4e615f6181d4c553d9a08c4842dbd165d6ddfda822a00ee6988d
Opcode Fuzzy Hash: 81938059d6b76c08f4fdb3c121456aaa3e853eddb465698624f81e2d2bd8f910
Instruction Fuzzy Hash: 431191714093C0AFDB228F15DC44A52FFB4EF0A220F0884DEED854B663D379A818DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B62D72, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON

Download Yara Rule

APIs

GetNetworkParams.IPHLPAPI(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 04B62DC8

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: NetworkParams
String ID:
API String ID: 2134775280-0
Opcode ID: 8d921c78387a32f7fee10c3b18b38d705d0cdb8701cbb6f80751b830b67fd84f
Instruction ID: 891e196cfa033cff7548c2af81639c6112e4f05010ea44b39bdbdbccd25128c4
Opcode Fuzzy Hash: 8d921c78387a32f7fee10c3b18b38d705d0cdb8701cbb6f80751b830b67fd84f
Instruction Fuzzy Hash: 8B01C471500604AFEB20DF1ADC85FA6FB98EF08720F1484EAED499B281D678A4459B75

Uniqueness

Uniqueness Score: -1.00%

Function 00C6BD42, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E2C,15A45DAD,00000000,00000000,00000000,00000000), ref: 00C6BD95

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 274cd207e31e3f5daa909d9e31478dcc3e1bdaec14c6ebe440d5f7d7de1d5bc4
Instruction ID: c0048e2b3bd41aaad2ec1a2a4380c0249741f2c1f102af47411ed3dd9e1d785b
Opcode Fuzzy Hash: 274cd207e31e3f5daa909d9e31478dcc3e1bdaec14c6ebe440d5f7d7de1d5bc4
Instruction Fuzzy Hash: 2E01D271500200AFE720CB1ADC85FA6FB9CEF08721F1884AAED459F245D7B4A9448AB1

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A078, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,?), ref: 00C6A0D2

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: 788fd1801e66299d4cb5b0b131b6be11c79efea46b8225d0b8961a394d400bca
Instruction ID: df6aa6c125200a4b3d23e32e990b0acf88fad8b65ea406f55d787f4f6d8ae3e0
Opcode Fuzzy Hash: 788fd1801e66299d4cb5b0b131b6be11c79efea46b8225d0b8961a394d400bca
Instruction Fuzzy Hash: A21191714093849FDB21CF55DC89B56FFB4EF46320F0884AAED458F252D375A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B63E02, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04B63E4E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 5dfbcafec1910c0bcdc808116cfe8cdfaf3a291545566f33ed952569385710c9
Instruction ID: e75c03cb1e529e3892eff4cc39021f75833d544f01a2f240e6bd3297c1ed81d0
Opcode Fuzzy Hash: 5dfbcafec1910c0bcdc808116cfe8cdfaf3a291545566f33ed952569385710c9
Instruction Fuzzy Hash: 74115E729007449FDB21CF55D884B66FBE4EF08720F0888AADD868B612D375E459DF71

Uniqueness

Uniqueness Score: -1.00%

Function 04B64A76, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNEL32(?,?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B64AB3

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 430ea92c5f848e9f85c26fc5425967759eaf7d8dc3168e7efc8ed4cdb4156a87
Instruction ID: af763bc62b52d93a15511a6055fb327ff1c82fcca20a9c3ab7a19bac6a284650
Opcode Fuzzy Hash: 430ea92c5f848e9f85c26fc5425967759eaf7d8dc3168e7efc8ed4cdb4156a87
Instruction Fuzzy Hash: E70192716046409FDB50CF2AE885766FBD8EF04320F0884AADD4ACB641E278E449CB75

Uniqueness

Uniqueness Score: -1.00%

Function 00C6AAA0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00C6AAFA

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: fd9bb39b5398376c8af7c486d0433d5a897668bab6c4f067951aa4a6d5dd57d0
Instruction ID: 97126170b787fecd0b1805a89a29e69aad90da92577ef73e2d7b9c9d41ae736e
Opcode Fuzzy Hash: fd9bb39b5398376c8af7c486d0433d5a897668bab6c4f067951aa4a6d5dd57d0
Instruction Fuzzy Hash: ED118E31409784AFD7228F55DC85A52FFB4EF46320F08C4DAED854B262D375A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B65A26, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B65A60

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 8ebe577ea913be7f559016f850399d2145b79a473464d06991687d2eca8e69bb
Instruction ID: 2625b5b9ac80a1f6ee44c444840dcf34169bed981cbe8c64dc0f7a36e4f1733e
Opcode Fuzzy Hash: 8ebe577ea913be7f559016f850399d2145b79a473464d06991687d2eca8e69bb
Instruction Fuzzy Hash: A501B5716012409FDB20CF69E885766FB98EF44320F08C4AADD46CF241D278E415CB71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6141E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE(?,00000E2C,?,?), ref: 04B6146E

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CreateFileMapping
String ID:
API String ID: 524692379-0
Opcode ID: 86d8e5984f4caf38e3a6a914ef374e3c2e7944ae2876644e0fcfcf24f7653596
Instruction ID: c0b194ec71d26d2038d4e86cab0cbd8cb73005cf807249efadfc4c04a65d51c8
Opcode Fuzzy Hash: 86d8e5984f4caf38e3a6a914ef374e3c2e7944ae2876644e0fcfcf24f7653596
Instruction Fuzzy Hash: B4017171500200ABD710DF26DC86B66FBA8FF88B20F14856AED099B641E275F915CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 04B6327E, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 04B632CE

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FormatMessage
String ID:
API String ID: 1306739567-0
Opcode ID: f94a480caba344d4e2f54acca8ac7fc4d5e8ab7f4b827a9af394876622404ae6
Instruction ID: 7f544de9d0251ed911a3a9a3f2d82e639b0205bce0f42ef901c2aca6ba2ccac7
Opcode Fuzzy Hash: f94a480caba344d4e2f54acca8ac7fc4d5e8ab7f4b827a9af394876622404ae6
Instruction Fuzzy Hash: 1601B171500200ABD310DF26DC86B26FBA8FF88B20F14852AED089B641E271F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 04B6512A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 04B6517A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: e5cf7961bfce459c90895e0f2025496a19be9371238819d52be60a317cffea9a
Instruction ID: aa4c55e1dce47614d552de26cd4d662341c326c88a5fbb0e7a3454856d075a20
Opcode Fuzzy Hash: e5cf7961bfce459c90895e0f2025496a19be9371238819d52be60a317cffea9a
Instruction Fuzzy Hash: AE017171500200ABD710DF26DC86F66FBA8FF88B20F14856AED089B641E275F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04B6194A, Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

SetWindowsHookExA.USER32(?,00000E2C,?,?), ref: 04B6199A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: HookWindows
String ID:
API String ID: 2559412058-0
Opcode ID: 31915ceb66c624f2f916154aed9b5658aa092a421d18b0849ef3172f9be587ee
Instruction ID: 14bfbd419b9805ff76d76571e9c3e1f614b049a419f7f7d92c756befff6ed194
Opcode Fuzzy Hash: 31915ceb66c624f2f916154aed9b5658aa092a421d18b0849ef3172f9be587ee
Instruction Fuzzy Hash: 14017171500200ABD750DF26DC86B66FBA8FF88B20F14856AED089B641E275F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A222, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32(?,00000E2C,?,?), ref: 00C6A26D

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: gethostname
String ID:
API String ID: 144339138-0
Opcode ID: a435a5d8374c4ae4139c7dad5bc33c6fa2e91d34624a1d9d34df262457ef7221
Instruction ID: 7b8428b03a203b40512f0a159af28e809b01e9e51a2cdd78c0a59fe089a6c814
Opcode Fuzzy Hash: a435a5d8374c4ae4139c7dad5bc33c6fa2e91d34624a1d9d34df262457ef7221
Instruction Fuzzy Hash: 49017171500200ABD710DF26DC86B66FBA8FF88A20F14856AED089B641E275F915CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 04B61A9E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 04B61AE9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 2a3e2b4b06dba098a60da168cf6dbd132a1c2c36325dbcf0cb130e0ba6b0ad70
Instruction ID: 11d977b8b947cd94d6af623943b2c7bd757406228f72fda84e9a6ea8312cebc9
Opcode Fuzzy Hash: 2a3e2b4b06dba098a60da168cf6dbd132a1c2c36325dbcf0cb130e0ba6b0ad70
Instruction Fuzzy Hash: DA0180716006009FDB20CF1AD885B66FBE8EF04720F0C8599DD8A8B251E275F405DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A686, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00C6A6CA

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 2a0f0e14c5a7508e6a55f9977ddd5752610adf107909388069fae8a7297cacc5
Instruction ID: fb407c465a3a11365a44ba720cb28dc5724fa7cf634d169f0889a3498aa30f74
Opcode Fuzzy Hash: 2a0f0e14c5a7508e6a55f9977ddd5752610adf107909388069fae8a7297cacc5
Instruction Fuzzy Hash: 57015B318046409FDB218F55E884B56FBE0EF08720F1888AAEE8A9A651D275E419DF62

Uniqueness

Uniqueness Score: -1.00%

Function 04B614C6, Relevance: 1.5, APIs: 1, Instructions: 43fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32(?,?,?,?,?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B61504

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 0622620594ef4578c6728beb164c43b67a23239b3d0bbb012dd3e78a50da26d1
Instruction ID: ac86271a36bdf9986b2351dc51ccfd13bf9cf5ab752d4b046cc3f6ebf8f26555
Opcode Fuzzy Hash: 0622620594ef4578c6728beb164c43b67a23239b3d0bbb012dd3e78a50da26d1
Instruction Fuzzy Hash: 100152315043409FDB21CF59E944B56FBA4EF44720F08C4AADD868B651E375E419DF71

Uniqueness

Uniqueness Score: -1.00%

Function 04B6542E, Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,?,?,?,?), ref: 04B6546C

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessagePeek
String ID:
API String ID: 2222842502-0
Opcode ID: 7147b41c6a81968e4f340f4957c2bc434690591c7dd1b3cf20667b36d677442c
Instruction ID: bd85221d687cfb6f63001f9c1b84ec16eadf3261ebee248c8a557546fdc89103
Opcode Fuzzy Hash: 7147b41c6a81968e4f340f4957c2bc434690591c7dd1b3cf20667b36d677442c
Instruction Fuzzy Hash: 4E019E31500600AFDB308F59E884B66FBA4EF08321F08C4AADD864A655D3B5E428DB62

Uniqueness

Uniqueness Score: -1.00%

Function 04B601D6, Relevance: 1.5, APIs: 1, Instructions: 43comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?,00000E2C,?,?), ref: 04B60221

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: f4e467af59656504f08628351383f04d33ff41d21f35fb0dcda79370c435ef44
Instruction ID: a111137251cc6b6252f52edfd60d9ea2ce6fdbeea8ac9aefad098c676e8b302a
Opcode Fuzzy Hash: f4e467af59656504f08628351383f04d33ff41d21f35fb0dcda79370c435ef44
Instruction Fuzzy Hash: 4601A271500200ABD210DF1ADC86B26FBA8FF88B20F14815AED084B741E271F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 04B6210A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

RasEnumConnectionsW.RASAPI32(?,00000E2C,?,?), ref: 04B6215A

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: ConnectionsEnum
String ID:
API String ID: 3832085198-0
Opcode ID: 85c31ab57f8b37cf38a7c172a4b9b863223ebfa4e28a29dcbbd0af24d0fa24d2
Instruction ID: ee72acb58d0ce6851fdb09088b8b6cf25c07052dea565c2d5ec1f18a62c446a1
Opcode Fuzzy Hash: 85c31ab57f8b37cf38a7c172a4b9b863223ebfa4e28a29dcbbd0af24d0fa24d2
Instruction Fuzzy Hash: 83016275540600ABD250DF1ADC86F26FBA8FF88B20F14C15AED085B741E271F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00C6B862, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 00C6B8B2

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ed62e33e58abf459b46897c84c7887c68ff549e2c9aaa164dd8bd7de503d7582
Instruction ID: 0cc4fb4fa49eb0526e2ac7f4e763004f25da92d997e888fa9de98b23f1751bab
Opcode Fuzzy Hash: ed62e33e58abf459b46897c84c7887c68ff549e2c9aaa164dd8bd7de503d7582
Instruction Fuzzy Hash: 1B01A271500200ABD210DF1ADC86F26FBA8FF88B20F14C11AED084B741E271F915CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00C6BA02, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 00C6BA40

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: a62680b32bcae1cc03591e0519dd5835565e15fb11e5aed1960458a5577ade32
Instruction ID: 0490d960013a2a99af2b5f8d38b5bce2d4f07b8f4ce4ae6239727221dc2274d0
Opcode Fuzzy Hash: a62680b32bcae1cc03591e0519dd5835565e15fb11e5aed1960458a5577ade32
Instruction Fuzzy Hash: 56019E31404340DFDB30CF95E984B66FBA0EF08320F1884AADD898B612D375A958DFB2

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A3AA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 00C6A3DC

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: afa4e1686261262f9c26ca7b852c09f4dbe8575d1d969d7c73558b4e608c66fe
Instruction ID: 1a8a71c21b07bb9a2e68061948bf180e1e330e51047ce630cb591682b3e2deab
Opcode Fuzzy Hash: afa4e1686261262f9c26ca7b852c09f4dbe8575d1d969d7c73558b4e608c66fe
Instruction Fuzzy Hash: E5018F759043409FDB20CF1AEC897A6FB94EF04320F18C4BADD499B652D6B5E848DE72

Uniqueness

Uniqueness Score: -1.00%

Function 04B6537A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 04B653B5

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: e12bcc3b2449c20cc087e6f4edb17f8d4915391f52121c24bdaec4bb9d2935a9
Instruction ID: 6af0c5d6418b7a0f0b0bbf416e8ffdab73b0b31cb59d07c0e06fdacbfe79a78b
Opcode Fuzzy Hash: e12bcc3b2449c20cc087e6f4edb17f8d4915391f52121c24bdaec4bb9d2935a9
Instruction Fuzzy Hash: 47017135504740DFDB208F59E884B66FBA4EF04720F08C4AEDD874B651D2B5E458DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A09A, Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(?,?,?), ref: 00C6A0D2

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LongNamePath
String ID:
API String ID: 82841172-0
Opcode ID: e4256855ecfc5ca2a663c157296f9320f39b23ff1ca810d8c4ac6ef41565a1ae
Instruction ID: 6561c36dbc3777aea11fc7e2d09e3b9e426342e0c27887894518d30a7aec74ce
Opcode Fuzzy Hash: e4256855ecfc5ca2a663c157296f9320f39b23ff1ca810d8c4ac6ef41565a1ae
Instruction Fuzzy Hash: 9C018F71804240DFDB20CF56E884B66FBA4EF09320F18C4AADD499B252D2B5A408DF72

Uniqueness

Uniqueness Score: -1.00%

Function 04B652DA, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 04B6530C

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 888891b7350532c3af5c4764c68327e0e173ae8d6ac76c007976b3744257fa50
Instruction ID: 35de50961e05f702cfac85da0d56c35ca6a591abc8989ce51cbb4e28d194d8a9
Opcode Fuzzy Hash: 888891b7350532c3af5c4764c68327e0e173ae8d6ac76c007976b3744257fa50
Instruction Fuzzy Hash: B70186356047409FDB20CF19E885756FB94EF04A20F08C0AADD478B755D2B5F458DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A95E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?), ref: 00C6A990

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: e9a639eae7e03c313eceaab376255329fa0832851e590a4d47903758377257e3
Instruction ID: 31cd46e9287d33126ec3bca0d045a91a01fd0695e34d319bcbc4ac61d8ac1755
Opcode Fuzzy Hash: e9a639eae7e03c313eceaab376255329fa0832851e590a4d47903758377257e3
Instruction Fuzzy Hash: 8501D6708043409FDB20CF56E884766FB94EF04320F28C4AADD499F242D275A404CF72

Uniqueness

Uniqueness Score: -1.00%

Function 04B6286E, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 04B628A9

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 2ec12e6dd2ae647a011058c81a366f9080ae5a4f5aca4be652225a0485598edb
Instruction ID: 3340aa27c5a98a818e69b1df50a4658a3a4c3e290826183f45cfc2f2d903c2e4
Opcode Fuzzy Hash: 2ec12e6dd2ae647a011058c81a366f9080ae5a4f5aca4be652225a0485598edb
Instruction Fuzzy Hash: 04017835900340DFEB209F45EC84B66FBA0EF08320F0884DADD8A4A656D3B9A458DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6AAC2, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 00C6AAFA

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 25f3089b3bb073ff23e0ad330ea3968607901bcb96918409d8b88bc798f683ef
Instruction ID: dc8f484b81f7f8fbeb738287aecccc84f88707159cd4a92dbb3f4c5eb1ef5684
Opcode Fuzzy Hash: 25f3089b3bb073ff23e0ad330ea3968607901bcb96918409d8b88bc798f683ef
Instruction Fuzzy Hash: 2101AD315042409FDB308F46E984B62FBA0EF48720F18C4AADD864B652D2B5A848DF72

Uniqueness

Uniqueness Score: -1.00%

Function 04B6559A, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 04B655CC

Memory Dump Source

Source File: 00000006.00000002.390514975.0000000004B60000.00000040.00000001.sdmp, Offset: 04B60000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 7d0fb48e34e3b6fd99b3416c0e9bc5b2b5947f35987fdd82564a3953246265ae
Instruction ID: a46a42d406834afa212008fa9f103d20aaee1c8cdfdb3358ecafcd5c401067df
Opcode Fuzzy Hash: 7d0fb48e34e3b6fd99b3416c0e9bc5b2b5947f35987fdd82564a3953246265ae
Instruction Fuzzy Hash: BFF0A475504340AFDB20DF05E888761FB91EF04720F18C0DADD4A4B252D2B9A454CE72

Uniqueness

Uniqueness Score: -1.00%

Function 00C6A74A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,15A45DAD,00000000,?,?,?,?,?,?,?,?,723F3C38), ref: 00C6A77C

Memory Dump Source

Source File: 00000006.00000002.385672074.0000000000C6A000.00000040.00000001.sdmp, Offset: 00C6A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: baa452d995def9490637deb8827d7c9784c09d169b48a99b341199b21a4beecc
Instruction ID: ebbff46a7d1713d2805853bc15ad7ec3e6425a2d440b9e67eee93ddf631e696f
Opcode Fuzzy Hash: baa452d995def9490637deb8827d7c9784c09d169b48a99b341199b21a4beecc
Instruction Fuzzy Hash: 4EF0AF349042409FDB20CF0AE884B65FBA0EF04720F18C4AADD895B256D2B5A908CEB2

Uniqueness

Uniqueness Score: -1.00%

Function 00C62477, Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.385638212.0000000000C62000.00000040.00000001.sdmp, Offset: 00C62000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 683f98f5bb0277d885b1961b4d3335551787935831cccb200a819d6cd390d294
Instruction ID: 981f185ab1f5a7034f3efb64518858a3e540d81407b453a778b0cecc9fdbbc33
Opcode Fuzzy Hash: 683f98f5bb0277d885b1961b4d3335551787935831cccb200a819d6cd390d294
Instruction Fuzzy Hash: E8B1AEB154EBD24ECB338B249CE46A47F619B23325B5940EBD4C5CF1E3DA19880BC766

Uniqueness

Uniqueness Score: -1.00%

Function 070513BE, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9b3a6735d87c0f4c9fc70a86de00c49c99d891f6eac1566366756da8fbb9941
Instruction ID: cecfbcd97224d47004a4e92498456fc93b7b982b15c66ce58e63d6bff7d19c53
Opcode Fuzzy Hash: b9b3a6735d87c0f4c9fc70a86de00c49c99d891f6eac1566366756da8fbb9941
Instruction Fuzzy Hash: 5F21E5B5508341AFD340CF19D880A5BFBE4FF89660F04896EF888D7311E274E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 07051E30, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7b4dc345b74bbba087002468f17c7b91fd6babfa0c803ae3623a1639630477b
Instruction ID: df6b203ee76eb90d2408ae8e79ca77743a68f523885a05a796f78dddfcc87f5a
Opcode Fuzzy Hash: f7b4dc345b74bbba087002468f17c7b91fd6babfa0c803ae3623a1639630477b
Instruction Fuzzy Hash: 4B11FCB5548301AFD350CF19D880A5BFBE4FB8C664F04896EF898D7311D231E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0258075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386151231.0000000002580000.00000040.00000040.sdmp, Offset: 02580000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9543f9edf3203b3a7f76c243b6730b8a06614d59141633e75b5ba2b7d374ed48
Instruction ID: a1e938cbd87e43d7374333ec179938e986185e3e067fbc60cd3c2634142475f7
Opcode Fuzzy Hash: 9543f9edf3203b3a7f76c243b6730b8a06614d59141633e75b5ba2b7d374ed48
Instruction Fuzzy Hash: B5110634204244DFD715DB14D980B26BB95FF88B18F28C9ADE8496B683C7BBD807CE55

Uniqueness

Uniqueness Score: -1.00%

Function 025847FC, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386173285.0000000002584000.00000040.00000040.sdmp, Offset: 02584000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5633e30f06cc012a9a551def77ff57091408c5910f13fdf99d416b87b046698
Instruction ID: 1becb7b3a4a1f9ea7f0c872880c59e555dbbc2328bece8dc2ed8159f46be4e2a
Opcode Fuzzy Hash: f5633e30f06cc012a9a551def77ff57091408c5910f13fdf99d416b87b046698
Instruction Fuzzy Hash: 3F11D3302042C1DFD715DB14D584B26BB95FB84728F28CAADEC496B642C7BBC803CA55

Uniqueness

Uniqueness Score: -1.00%

Function 07051CD4, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea005340b74f444512062aeab7344fe6736003fcb4bd022a76ae042db4babd95
Instruction ID: 0f5d6a5e976b37398a249ba7917798a35490d912f7b84a0904a79a0b8eb78177
Opcode Fuzzy Hash: ea005340b74f444512062aeab7344fe6736003fcb4bd022a76ae042db4babd95
Instruction Fuzzy Hash: FA11E8B5548301AFD350CF09DC81E5BFBE8EB88660F14892EFD9997311D271E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00C7AF78, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.385713309.0000000000C72000.00000040.00000001.sdmp, Offset: 00C72000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff3ab30dc77ac5e8148edebb4e269fadf53db50114d6a85075a81548322bcc8a
Instruction ID: f76d7ff94d7a3d9fb8dc0acdf67f877176430834001ea7983a98b25d1cfebf24
Opcode Fuzzy Hash: ff3ab30dc77ac5e8148edebb4e269fadf53db50114d6a85075a81548322bcc8a
Instruction Fuzzy Hash: 7411E8B5548301AFD350CF09DC80E5BFBE8EB88660F14892EFD9997311D271E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 02580750, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386151231.0000000002580000.00000040.00000040.sdmp, Offset: 02580000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd46a6be5a91204fe20c63cc12393b86d7f85f65de0c2e79dc9fd1e8f314afec
Instruction ID: 6d96200afdbfc5bd9e0368b6aa7145aabe5273f4fb6603ffd93c7351f7e1a170
Opcode Fuzzy Hash: cd46a6be5a91204fe20c63cc12393b86d7f85f65de0c2e79dc9fd1e8f314afec
Instruction Fuzzy Hash: 6F118235108384DFC706CB10C540B15BFA1FF4A714F28C6EED8885B692C3769816CF41

Uniqueness

Uniqueness Score: -1.00%

Function 025847F0, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386173285.0000000002584000.00000040.00000040.sdmp, Offset: 02584000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bba261e21b865252dc57c4190f8b7e592a4c17f97ef2a19272bd286760764a05
Instruction ID: 9fda96d7c510359d9497a47f75ef75a9100b9e553d88ddf862a672a2ad874f5e
Opcode Fuzzy Hash: bba261e21b865252dc57c4190f8b7e592a4c17f97ef2a19272bd286760764a05
Instruction Fuzzy Hash: 461161352487C1DFC716CB14D550B25BFA1FF8A718F28C6EED8885B662C37A9812CB51

Uniqueness

Uniqueness Score: -1.00%

Function 025805DC, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386151231.0000000002580000.00000040.00000040.sdmp, Offset: 02580000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c51606e52a9feb25a43a105ec023b2db81f4f333b066f8b134eb2ff6f0ec5f0
Instruction ID: 4c09fb7d5f43cb628f9ceee07f6071f0087a97ffd9e5bdc14cd5961fbff1b709
Opcode Fuzzy Hash: 7c51606e52a9feb25a43a105ec023b2db81f4f333b066f8b134eb2ff6f0ec5f0
Instruction Fuzzy Hash: 77F0AF765487806FC711CB0AEC40893FFA8EE8623070884ABEC898B611D165B909CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 02580818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386151231.0000000002580000.00000040.00000040.sdmp, Offset: 02580000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
Instruction ID: 2c36fb9a32eb2dd2aa02c4330dabde4f7e2ac7b887c92ec0b4a59ac7beefa5ea
Opcode Fuzzy Hash: c3f6f7c96804cda76668e35a3bbcf86681c06fe62140db942cdcb6afdd34f29c
Instruction Fuzzy Hash: C7F0FB35204644DFC206DF40D940B26FBA6FB89718F24C6A9E9491B652C3779813DE85

Uniqueness

Uniqueness Score: -1.00%

Function 025848B4, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386173285.0000000002584000.00000040.00000040.sdmp, Offset: 02584000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7851bb2751afbe5f86f3dce078a06456443b9b366c15b1b08baf2e24cdeebe3
Instruction ID: c2dd2c6fd42ccf087e16d03aafa9ef54ea087fd6e39032db2a17c9024a255a02
Opcode Fuzzy Hash: a7851bb2751afbe5f86f3dce078a06456443b9b366c15b1b08baf2e24cdeebe3
Instruction Fuzzy Hash: BFF01935248685DFC206DF00D540B25FBA6FB89718F24C6ADE9481BB52C37B9812CA81

Uniqueness

Uniqueness Score: -1.00%

Function 025805F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.386151231.0000000002580000.00000040.00000040.sdmp, Offset: 02580000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7523c36eabb14982c3d46e0273bc47664bf9ea215c8815a4bd737ecc14b399bf
Instruction ID: 587d7bf1ed7123db0524b9681e7f4ff9af5ed9891174c33f500566afabb8f110
Opcode Fuzzy Hash: 7523c36eabb14982c3d46e0273bc47664bf9ea215c8815a4bd737ecc14b399bf
Instruction Fuzzy Hash: ABE06D766406005B9750DF0AEC45856F798EB88630718C47FDC0D8B700E175B5058EA5

Uniqueness

Uniqueness Score: -1.00%

Function 07051D23, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b8a8acd011a2aef7cd8ef8f6579df3ff81d6b553ad57e043e72206eb2ac6ed4
Instruction ID: 97bf4c4593fed5e611a73a74fedbe293522507e62ced363c52d3ca3be5ba1c3d
Opcode Fuzzy Hash: 6b8a8acd011a2aef7cd8ef8f6579df3ff81d6b553ad57e043e72206eb2ac6ed4
Instruction Fuzzy Hash: 22E0D8725402046BD2609E06EC86F53FB98EB44A30F58C467ED091B702E1B6B5048AF1

Uniqueness

Uniqueness Score: -1.00%

Function 07051433, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ff9cfa070e1c1a70b7aac461d180713bf9da788c1ce849475b950bc0aa97500
Instruction ID: af10704a5e68869e457fbd9ae751feff22618f2e667a1f33ce3a69126832a229
Opcode Fuzzy Hash: 5ff9cfa070e1c1a70b7aac461d180713bf9da788c1ce849475b950bc0aa97500
Instruction Fuzzy Hash: CEE0D8729402006BD2609F06EC46F53FB58EB44A30F18C467ED081B702E0B5B5148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 07051747, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4376935c2947e84c5808a0f5acd7d0c0e7bf05afd7e3fc16bf518b9d1cd19066
Instruction ID: 3fac709af58cf2b2851e271a8efb2e7786d6d656eb01e79f247ca4e652d9ff76
Opcode Fuzzy Hash: 4376935c2947e84c5808a0f5acd7d0c0e7bf05afd7e3fc16bf518b9d1cd19066
Instruction Fuzzy Hash: ACE0D8725402006BD260DE06EC46F53FB98EB44A30F18C467ED091B701E0B6B514CAF1

Uniqueness

Uniqueness Score: -1.00%

Function 07051E9B, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.397953998.0000000007050000.00000040.00000001.sdmp, Offset: 07050000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc58527cf88cd6495d2d620af021f165a3ff89df160fcb44b3e25c56939769e4
Instruction ID: 4f6477c7d1a0254ca0aea92a68c6457d38d2fffbcf7fd6eadca4bcef9c6b099f
Opcode Fuzzy Hash: bc58527cf88cd6495d2d620af021f165a3ff89df160fcb44b3e25c56939769e4
Instruction Fuzzy Hash: 48E0D8B25802006BD2609E06EC46F53FB98EB44A30F18C567ED091B701E0B5B5148AF1

Uniqueness

Uniqueness Score: -1.00%

Function 00C7AFC7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.385713309.0000000000C72000.00000040.00000001.sdmp, Offset: 00C72000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 959dca40b3ba2cd0b4b2d45240c38f402b6ac75277dfcc64a1023a38465e9867
Instruction ID: ff99acae0fb4eb5dd475f42f56ad165bd6e2437a8aaec75ac6d8a0e7fb55e69b
Opcode Fuzzy Hash: 959dca40b3ba2cd0b4b2d45240c38f402b6ac75277dfcc64a1023a38465e9867
Instruction Fuzzy Hash: 1FE0D8B25802046BD2609E06EC45F53FB58EB44A30F18C567ED095B701E1B5B5048AF1

Uniqueness

Uniqueness Score: -1.00%

Function 00C623F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.385638212.0000000000C62000.00000040.00000001.sdmp, Offset: 00C62000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecdf124c772b8fd4e43a3f631a136059f144bee079315ca059f2628eace25ed7
Instruction ID: 4addcb3f1d5dac639f4f18971906359c6ca65c7c78b8fb0994b0df1fa9cd6edf
Opcode Fuzzy Hash: ecdf124c772b8fd4e43a3f631a136059f144bee079315ca059f2628eace25ed7
Instruction Fuzzy Hash: 85D05E79205A814FD3268A1CD1ACBA53B94AF52B04F4644FDE8008B663CB68DA81E600

Uniqueness

Uniqueness Score: -1.00%

Function 00C623BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.385638212.0000000000C62000.00000040.00000001.sdmp, Offset: 00C62000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff18d6a75d78c33f8cd20ad462d3e3aedf8b870225b9b4662953261a42ae858
Instruction ID: 7e4dc78408eabc31bf604ce617ae8aa54ffcb7530dd828f96448aae9e8c9a08f
Opcode Fuzzy Hash: aff18d6a75d78c33f8cd20ad462d3e3aedf8b870225b9b4662953261a42ae858
Instruction Fuzzy Hash: 23D05E342006814BC725DB0CC1D4F5937D8AB81B00F0644FDAC108B372C7A8DDC1C600

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04B319A0, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc42158edf0bbdfe2891f17cb19140aee0a5833f2f745207925296d9c1f38a5c
Instruction ID: 9760c7024aad801b3fbdd408a6f4d56febb39b86625fd4f317a6fb5fcd2c6c0e
Opcode Fuzzy Hash: cc42158edf0bbdfe2891f17cb19140aee0a5833f2f745207925296d9c1f38a5c
Instruction Fuzzy Hash: 7E21E67090120ADFCB04DFA8C544BEDBBB2FF45302F2485A9D415AB291DB345E86DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04B319B0, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b84eaa5b3e5759f8f6d156e447cf52c5b55a95e2bd2f94703b6c35aac8832c
Instruction ID: 3c747c14cae95705f6140a21ba1b50565f12e8713cdc25456235a46a0a6d485e
Opcode Fuzzy Hash: 37b84eaa5b3e5759f8f6d156e447cf52c5b55a95e2bd2f94703b6c35aac8832c
Instruction Fuzzy Hash: 4421F370900209DFCB04EFA8C484BEDBBB2AB45302F1085A9940467391DB30AA85DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04B34830, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dddeb8e627756ab7a3e9f5ab7477d3696e21f5519dd595d35db7937d8e7b252
Instruction ID: 66b39385637d1971eff77e44c844323320fad8c3e77115e2bce65483cae9fc12
Opcode Fuzzy Hash: 0dddeb8e627756ab7a3e9f5ab7477d3696e21f5519dd595d35db7937d8e7b252
Instruction Fuzzy Hash: AD214474E05209DFCB04DFA4C954BFEBBF0EB0A301F1495AAC404A7291D3785A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 04B36711, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17778aa367e6d2d5de043f50e024ad79c9b4e1a051304c207890b74ada862da2
Instruction ID: 3da0291fbea83ee574d7eac75d75e8a5a155d02d3742def97aa4e78abfe42f25
Opcode Fuzzy Hash: 17778aa367e6d2d5de043f50e024ad79c9b4e1a051304c207890b74ada862da2
Instruction Fuzzy Hash: 01D05B39E05218CACB60DF94E8541FDF3B4EB5B225F1071D6C068B3111DF319EC58A44

Uniqueness

Uniqueness Score: -1.00%

Function 04B35CCE, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1118ac9eb460fa0e93736496a3ccca0621745bd93eab55d51e36916786e6c764
Instruction ID: 71f4d8bfb5c698b795de9896ee58f6495aaf9170e6bdf906b58cf3585f5fbf54
Opcode Fuzzy Hash: 1118ac9eb460fa0e93736496a3ccca0621745bd93eab55d51e36916786e6c764
Instruction Fuzzy Hash: F9D05E39E06118DBCB20DFE8EA912FCF3B4EB5A325F0070E7C219B3101E6319A859B54

Uniqueness

Uniqueness Score: -1.00%

Function 04B3A03E, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7e17e34d685871bc4e0c09757fe2ed49d15b5f3dd0b0be1b6d12f77f82e74f5
Instruction ID: 032594ebd6e6f85ab638fbf74d9e9a5aade2df6be1969985a08dcc073f1601ec
Opcode Fuzzy Hash: a7e17e34d685871bc4e0c09757fe2ed49d15b5f3dd0b0be1b6d12f77f82e74f5
Instruction Fuzzy Hash: DCD0E239E1B0188BCBA0DFA5A8501FCF3B8EB5A225F10B4A6C01CA7100E631AA858A45

Uniqueness

Uniqueness Score: -1.00%

Function 04B3A937, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b57fee8d1a70b8e4a40ea54bcedaa0e54e206f99816e1d4d08dc1cd03f0a82a
Instruction ID: 31561c23467237d3ad6588935cfd2c22260c872553697b904a24289788c213d8
Opcode Fuzzy Hash: 8b57fee8d1a70b8e4a40ea54bcedaa0e54e206f99816e1d4d08dc1cd03f0a82a
Instruction Fuzzy Hash: 09D01235E451188ACB50DFD4AC542FCF374EB5A225F10B0D7C01CB3100DB3299898B54

Uniqueness

Uniqueness Score: -1.00%

Function 04B39F54, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3e57eef3d7c98f3c23f477ced6fd1c73a0a896d1cce6026a66e8379ec9bd5e
Instruction ID: 2701e53b9e4d5f55255ccf5811ce78afd5cd0cdff9f68368f985f3ce2bf3411b
Opcode Fuzzy Hash: 5a3e57eef3d7c98f3c23f477ced6fd1c73a0a896d1cce6026a66e8379ec9bd5e
Instruction Fuzzy Hash: B5D01739E09518CBCB24DF94EC501FCF378FB5A326F0075E6E019A3120E732AA858A44

Uniqueness

Uniqueness Score: -1.00%

Function 04B314C0, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: e8ccd2a65027d05c56f26582f7383787bb37ede7f82d6e6482406d1db4e3cd01
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: DDB09236E040089ADB008EC9B4413FCF774E78222AF14A1A3C219B3501923592685A89

Uniqueness

Uniqueness Score: -1.00%

Function 04B317F8, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: 4ec1387dd855bbee23d62d4eef9e5fdd573b7345c22214543337fd71ae5f0e3d
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: 2BB0927AE04008DADB008EC9B4413FCF7B8E78222AF1420A3C218B350092319268569A

Uniqueness

Uniqueness Score: -1.00%

Function 04B30728, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.390409686.0000000004B30000.00000040.00000001.sdmp, Offset: 04B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction ID: 1b1ef8bbd8ce1fc29c41a8f4cdcdcd4a54a43b4ca85b19b8024ce6785ed16c34
Opcode Fuzzy Hash: 6f05c8a2bf2ccfa7098e7791fe1597f8093cffcd8f9d1c0d20381294cb12e732
Instruction Fuzzy Hash: 04B09236E04008DADB009EC5B4423FCF770EB8222AF1020A3C218B3540923192685A89

Uniqueness

Uniqueness Score: -1.00%

Function 002FB1E6, Relevance: 60.3, Strings: 48, Instructions: 282COMMON

Download Yara Rule

Strings

), xrefs: 002FB5B7
q, xrefs: 002FB4BC
}, xrefs: 002FB2EF
u, xrefs: 002FB3EB
&, xrefs: 002FB319
n, xrefs: 002FB59B
O, xrefs: 002FB36D
@, xrefs: 002FB540
n, xrefs: 002FB55C
\, xrefs: 002FB51D
u, xrefs: 002FB45A
#, xrefs: 002FB5DA
X, xrefs: 002FB612
0, xrefs: 002FB41B
S, xrefs: 002FB4DE
H, xrefs: 002FB2E8
F, xrefs: 002FB3B3
t, xrefs: 002FB604
K, xrefs: 002FB547
!, xrefs: 002FB532
g, xrefs: 002FB327
^, xrefs: 002FB60B
t, xrefs: 002FB539
/, xrefs: 002FB4EC
>, xrefs: 002FB2E1
y, xrefs: 002FB476
w, xrefs: 002FB4E5
`, xrefs: 002FB4AE
{, xrefs: 002FB390
L, xrefs: 002FB5F6
H, xrefs: 002FB2DA
z, xrefs: 002FB56A
~, xrefs: 002FB586
&, xrefs: 002FB5D3
I, xrefs: 002FB400
h, xrefs: 002FB4CA
>, xrefs: 002FB2F6
8, xrefs: 002FB4A7
=, xrefs: 002FB52B
2, xrefs: 002FB58D
K, xrefs: 002FB3AC
A, xrefs: 002FB37B
', xrefs: 002FB3E4
y, xrefs: 002FB35F
a, xrefs: 002FB4FA
$, xrefs: 002FB5A9
b, xrefs: 002FB304
t, xrefs: 002FB627

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: !$#$$$&$&$'$)$/$0$2$8$=$>$>$@$A$F$H$H$I$K$K$L$O$S$X$\$^$`$a$b$g$h$n$n$q$t$t$t$u$u$w$y$y$z${$}$~
API String ID: 0-140969752
Opcode ID: dbe111918d2f51ba58f9ce5963b6dd4814b8b031a5b691b88f874b4955952eea
Instruction ID: 0f0888d4e1deb9ff62c730fba30b4587d2c8be3fe3517e266b18eb1761dc1900
Opcode Fuzzy Hash: dbe111918d2f51ba58f9ce5963b6dd4814b8b031a5b691b88f874b4955952eea
Instruction Fuzzy Hash: 3DF1FE209087E9C9DB32C7788C497DEBE645B23324F0843D9D1E87A2D2D7B54BC58B66

Uniqueness

Uniqueness Score: -1.00%

Function 0035E67A, Relevance: 57.8, Strings: 46, Instructions: 307COMMON

Download Yara Rule

Strings

`@A, xrefs: 0035E7CB
?A, xrefs: 0035E735
@AA, xrefs: 0035E8E3
x?A, xrefs: 0035E69A
(AA, xrefs: 0035E8C5
h?A, xrefs: 0035E685
t?A, xrefs: 0035E693
(@A, xrefs: 0035E785
`BA, xrefs: 0035EA46
p@A, xrefs: 0035E7DF
@BA, xrefs: 0035EA2A
@A, xrefs: 0035E77B
AA, xrefs: 0035E9C2
@@A, xrefs: 0035E7A3
@A, xrefs: 0035E86B
8AA, xrefs: 0035E8D9
PAA, xrefs: 0035E8F7
(BA, xrefs: 0035EA12
XAA, xrefs: 0035E901
p?A, xrefs: 0035E68C
hAA, xrefs: 0035E915
PBA, xrefs: 0035EA38
`AA, xrefs: 0035E90B
AA, xrefs: 0035E9B8
8BA, xrefs: 0035EA23
AA, xrefs: 0035E8BB
0@A, xrefs: 0035E78F
pAA, xrefs: 0035E91F
8@A, xrefs: 0035E799
xBA, xrefs: 0035EA5B
pBA, xrefs: 0035EA54
0AA, xrefs: 0035E8CF
X@A, xrefs: 0035E7C1
0BA, xrefs: 0035EA1C
HAA, xrefs: 0035E8ED
xAA, xrefs: 0035E929
x@A, xrefs: 0035E7E9
XBA, xrefs: 0035EA3F
P@A, xrefs: 0035E7B7
HBA, xrefs: 0035EA31
h@A, xrefs: 0035E7D5
@A, xrefs: 0035E875
BA, xrefs: 0035EA08
H@A, xrefs: 0035E7AD
?A, xrefs: 0035E72B
hBA, xrefs: 0035EA4D

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @A$ AA$ BA$(@A$(AA$(BA$0@A$0AA$0BA$8@A$8AA$8BA$@@A$@AA$@BA$H@A$HAA$HBA$P@A$PAA$PBA$X@A$XAA$XBA$`@A$`AA$`BA$h?A$h@A$hAA$hBA$p?A$p@A$pAA$pBA$t?A$x?A$x@A$xAA$xBA$?A$?A$@A$@A$AA$AA
API String ID: 0-2473593039
Opcode ID: 7a86c8557865365371fd70ba80b9ec5cf29cee4bf688fcc2242cc569f7caec83
Instruction ID: e2f4e68af50918c787d88488cfcb5f085d2d2fff7c5622b1c62d5b741141f913
Opcode Fuzzy Hash: 7a86c8557865365371fd70ba80b9ec5cf29cee4bf688fcc2242cc569f7caec83
Instruction Fuzzy Hash: F9F17EB0804258DEDB25CF95D8487DEBFB0AB96309F5181CAD9493B251C3B94BC9CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00351478, Relevance: 10.1, Strings: 8, Instructions: 127COMMON

Download Yara Rule

Strings

H&A, xrefs: 003514A9
d&A, xrefs: 003514B7
<&A, xrefs: 003514A2
&A, xrefs: 003514F6
,&A, xrefs: 0035149B
4'A, xrefs: 0035150B
p&A, xrefs: 003514BE
T&A, xrefs: 003514B0

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ,&A$4'A$<&A$H&A$T&A$d&A$p&A$&A
API String ID: 0-3237638986
Opcode ID: 88ed99f36386e7362777411d84ae5ff3a990d4990d307b203149d78fed32b556
Instruction ID: 7aea96eaeb2b29bbe34bbc41c98ef14625abc75e7f7ab882294e1066672c5028
Opcode Fuzzy Hash: 88ed99f36386e7362777411d84ae5ff3a990d4990d307b203149d78fed32b556
Instruction Fuzzy Hash: 82418FB290021DABDB21DF90CE85EDE7BA8EF14304F104526FD18DB191D7B89A98CF94

Uniqueness

Uniqueness Score: -1.00%

Function 003560BE, Relevance: 8.9, Strings: 7, Instructions: 143COMMON

Download Yara Rule

Strings

i, xrefs: 003560E6
5, xrefs: 00356102
O, xrefs: 0035610A
b, xrefs: 003560EE
H, xrefs: 00356116
}, xrefs: 00356112
}, xrefs: 00356106

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: 5$H$O$b$i$}$}
API String ID: 0-3760989150
Opcode ID: 43b2ec5c8048ec64a89d0eaefec6abc2179865d68597a24ed28c74e05bf594a1
Instruction ID: d5eefec3881cd5b49fcd416bb2abeb698649bd6d7a46bf6a9c4f8ec956f8e707
Opcode Fuzzy Hash: 43b2ec5c8048ec64a89d0eaefec6abc2179865d68597a24ed28c74e05bf594a1
Instruction Fuzzy Hash: 9E51D97180025DAEDB11CBA8CC41EEEBBBCEF49314F1482A9E555EB191D3349B44CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00351642, Relevance: 8.9, Strings: 7, Instructions: 118COMMON

Download Yara Rule

Strings

4(A, xrefs: 003516D5
H&A, xrefs: 0035168F
t'A, xrefs: 00351650
'A, xrefs: 00351696
<&A, xrefs: 00351688
(A, xrefs: 003516CE
d&A, xrefs: 0035169D

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: (A$4(A$<&A$H&A$d&A$t'A$'A
API String ID: 0-2857912252
Opcode ID: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
Instruction ID: dd457e8f8d664b1afeb2993e3aa072640ecb193ad661d72ff9f652e7fcf2ec33
Opcode Fuzzy Hash: 1dd3c48cf87e824894ac796b353b11c003e09e2c1ffeee2d2140970bcd4911b6
Instruction Fuzzy Hash: 99514CB190025D9BDF25DF60CD45ADE3BB8FF04308F10806AFD28AA161D3B599A9CF94

Uniqueness

Uniqueness Score: -1.00%

Function 00352E88, Relevance: 6.3, Strings: 5, Instructions: 69COMMON

Download Yara Rule

Strings

,/A, xrefs: 00352F8A
0/A, xrefs: 00352F94
$/A, xrefs: 00352F80
X7A, xrefs: 00352ED7
`7A, xrefs: 00352F76

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: $/A$,/A$0/A$X7A$`7A
API String ID: 0-851144607
Opcode ID: 06cd360b17a7fa1d8a41615e50dbe9baf6717b8d01dc48d354ffd45ab050797b
Instruction ID: ae97d427ec84ca192f0cbdd63e971530c732865d59b825c11d13d3b2e011a201
Opcode Fuzzy Hash: 06cd360b17a7fa1d8a41615e50dbe9baf6717b8d01dc48d354ffd45ab050797b
Instruction Fuzzy Hash: 244182B0655642EFC3098F2AC584AC1FBE0BB09315F95C2AFC46C9B221C7B4A565CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00353021, Relevance: 6.3, Strings: 5, Instructions: 27COMMON

Download Yara Rule

Strings

4/A, xrefs: 00353069
,/A, xrefs: 00353055
$/A, xrefs: 0035304B
0/A, xrefs: 0035305F
`7A, xrefs: 00353041

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: $/A$,/A$0/A$4/A$`7A
API String ID: 0-2435369464
Opcode ID: 7df15b69b8a44822169a20d552448d7de219ebddf6a06acfaefecb02cba57f2e
Instruction ID: e904b2329a0796c9f772f43c173a2f0c5b52e2ffffa2f530976f96ed10abbff5
Opcode Fuzzy Hash: 7df15b69b8a44822169a20d552448d7de219ebddf6a06acfaefecb02cba57f2e
Instruction Fuzzy Hash: 30011DB4000B45CAC722EF60C180AC6BBF0FB45305F10C90FE4EA4B214DBB4A29ADF59

Uniqueness

Uniqueness Score: -1.00%

Function 00319829, Relevance: 5.2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

Strings

^, xrefs: 00319890
^1A, xrefs: 0031995A
b, xrefs: 00319A0C
^1A, xrefs: 003199DE

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ^$^1A$^1A$b
API String ID: 0-1727528133
Opcode ID: d589e5707e4d6ea81bb9d68796acfbad06745d6c061f5ce9fd65735b0fa530f5
Instruction ID: 7f10fcc771089571132954f32df386196a34727887a7423c695eca44dfa3046d
Opcode Fuzzy Hash: d589e5707e4d6ea81bb9d68796acfbad06745d6c061f5ce9fd65735b0fa530f5
Instruction Fuzzy Hash: 5B61B431A00205EFDF1ECF68C8A17ED7BB5EF49310F25815AE815AB291D735AE90DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0035FCFC, Relevance: 5.1, Strings: 4, Instructions: 84COMMON

Download Yara Rule

Strings

>, xrefs: 0035FD2F
>, xrefs: 0035FD6A
>, xrefs: 0035FD44
s&5, xrefs: 0035FD03

Memory Dump Source

Source File: 00000006.00000002.383895800.00000000002F2000.00000002.00020000.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000006.00000002.383869352.00000000002F0000.00000002.00020000.sdmp Download File
Associated: 00000006.00000002.384050593.0000000000372000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: >$>$>$s&5
API String ID: 0-3946599917
Opcode ID: 63af057b9fe0049d645aef51361d4680daff9370bba2b9f986e1d9a123f48411
Instruction ID: db1ce0b6c030b2366c962ac3f0674ffb5529832d6f1093a0eae86ea1af57b4e2
Opcode Fuzzy Hash: 63af057b9fe0049d645aef51361d4680daff9370bba2b9f986e1d9a123f48411
Instruction Fuzzy Hash: FE31F5118092C99EC7138B688046BEFFFF44F22305F1886F9C8E05B69BC264A54EC391

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: origigoods40.exe PID: 6172 Parent PID: 4888 origigoods40.exeCOMMON

Executed Functions

Function 01516940, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 015169A0
GetCurrentThread.KERNEL32 ref: 015169DD
GetCurrentProcess.KERNEL32 ref: 01516A1A
GetCurrentThreadId.KERNEL32 ref: 01516A73

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: a5435521c1603a071f85b1dca08b6c6fcb520f7be7b2f056c181a908f9f2b244
Instruction ID: b70df8d553af1c01fcb557532efa307494a41a65701a1e8aec2a0baa6e4fe52a
Opcode Fuzzy Hash: a5435521c1603a071f85b1dca08b6c6fcb520f7be7b2f056c181a908f9f2b244
Instruction Fuzzy Hash: 875134B1A042498FEB14CFAAC948BEEFBF1BF88314F208459E519A7250D7B46944CF61

Uniqueness

Uniqueness Score: -1.00%

Function 01515084, Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 015151A2

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: d3a4e6bb79509b45bfb514933acc2b0a8de8e060cdb38fa54783e8506c4bc492
Instruction ID: df8fe78808117884bd473008269dbdd9393a556a0734ae631d1c097d0e7ab258
Opcode Fuzzy Hash: d3a4e6bb79509b45bfb514933acc2b0a8de8e060cdb38fa54783e8506c4bc492
Instruction Fuzzy Hash: 6351E1B1D103489FEB15CFA9C884ADEBBB1BF88314F24852AE819AB214D7749845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 01515090, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 015151A2

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: b3acb10faf24ef9fac10ae3bd50a4233008708680de11850dea983b7435d4a83
Instruction ID: fd347f3ed58f216d9f28d06030ae63b8e661e9a2e5dfdd21b6463e4ec2d7ff38
Opcode Fuzzy Hash: b3acb10faf24ef9fac10ae3bd50a4233008708680de11850dea983b7435d4a83
Instruction Fuzzy Hash: 2441F2B1D103089FEF15CF99C884ADEBBB5FF88314F24852AE819AB214D7749845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0151779C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 01517F09

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 1764cda2f4a2c5e5ccd5077c1bfea894a882ed872d1895b3fa5521d6cc94824b
Instruction ID: 974fcd01dcdde55134925d35f9a3065edb92e392d27f4c963b600d3d3c2d2f36
Opcode Fuzzy Hash: 1764cda2f4a2c5e5ccd5077c1bfea894a882ed872d1895b3fa5521d6cc94824b
Instruction Fuzzy Hash: 594149B5A003058FDB05CF99C488AABBBF5FB8C314F258858E519AB311C334A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01516B61, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01516BEF

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b1f7aaa4b05bc4ff243ced8065a39f06a9246bf3fa35881a1c2501611e99d7be
Instruction ID: ed48b2d56b9518e4a0e8d1ac35760a1956cc5ef93ac3a83d839ee68d601b9975
Opcode Fuzzy Hash: b1f7aaa4b05bc4ff243ced8065a39f06a9246bf3fa35881a1c2501611e99d7be
Instruction Fuzzy Hash: 42210EB5D002499FDB10CFA9D984AEEBBF4FB48324F14842AE954A7210D378A941CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 01516B68, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01516BEF

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 061ddcb9cdeb356801db6e6eb1e5f35c308a06c6583b9ebfceed20289ad8209c
Instruction ID: be37ec6279e4cf1865825b0abeddb08a4d6e6def1d9a501a145a3abd1cb38a6d
Opcode Fuzzy Hash: 061ddcb9cdeb356801db6e6eb1e5f35c308a06c6583b9ebfceed20289ad8209c
Instruction Fuzzy Hash: E521F5B5D002499FDB10CF99D984AEEFBF4FB48324F14842AE914A7310D378A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0151BE88, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 0151BF12

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 51e0dcf49f6bd8010b9f9f4b605fb628f5591cd44e847d1f95e665887cb4c57f
Instruction ID: aa22dd4eae8354b3fe31a2b485a03dde3af257196957c2233a43e45da4b47407
Opcode Fuzzy Hash: 51e0dcf49f6bd8010b9f9f4b605fb628f5591cd44e847d1f95e665887cb4c57f
Instruction Fuzzy Hash: 1E217771D043858FEB12CFA8C9487AABFF0FB4A314F14886AD449A7645C7396545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0151BE98, Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 0151BF12

Memory Dump Source

Source File: 00000007.00000002.452870910.0000000001510000.00000040.00000001.sdmp, Offset: 01510000, based on PE: false

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 641913e85843907768e953dbff49ce9e702fdf451938e2fca396c9dccb876559
Instruction ID: 757ec4069899f66911d2a4290d9808554d1036e4b4ec5f1eade5294158a28aa8
Opcode Fuzzy Hash: 641913e85843907768e953dbff49ce9e702fdf451938e2fca396c9dccb876559
Instruction Fuzzy Hash: 28116771D003498FEB11DFA9C9487AEBBF4FB49314F14882AD419E7644CB39A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Data loss prevention, File monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	DLL monitoring, File monitoring, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use startup items automatically executed at boot initialization to establish persistence. Startup items execute during the final phase of the boot process and contain shell scripts or other executable files along with configuration information used by the system to determine the execution order for all startup items.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process monitoring
Platforms:	macOS
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report PO_Invoices_pdf.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: HawkEye

Threatname: Agenttesla

Yara Overview

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre