Play interactive tour

Edit tour

Analysis Report Purchase Order_12052021.exe

Overview

General Information

Sample Name:	Purchase Order_12052021.exe
Analysis ID:	412749
MD5:	b7394ccc239f48eb4a041f1c0fb92d92
SHA1:	020ae73c138a97eb413e2289822e8bacb7e15515
SHA256:	41b785e6bf871959db57c7f41ca190343a4e0fb48c0f945f776dda09c93bd8c2
Tags:	exeMatiex
Infos:
Most interesting Screenshot:

Detection

AgentTesla Matiex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM3

Yara detected Matiex Keylogger

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

May check the online IP address of the machine

PE file has nameless sections

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file access)

Yara detected Beds Obfuscator

Antivirus or Machine Learning detection for unpacked file

Checks if the current process is being debugged

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

PE file contains strange resources

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Classification

Startup

System is w10x64

Purchase Order_12052021.exe (PID: 3560 cmdline: 'C:\Users\user\Desktop\Purchase Order_12052021.exe' MD5: B7394CCC239F48EB4A041F1C0FB92D92)

Purchase Order_12052021.exe (PID: 404 cmdline: C:\Users\user\Desktop\Purchase Order_12052021.exe MD5: B7394CCC239F48EB4A041F1C0FB92D92)

Purchase Order_12052021.exe (PID: 2792 cmdline: C:\Users\user\Desktop\Purchase Order_12052021.exe MD5: B7394CCC239F48EB4A041F1C0FB92D92)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 3560	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 3560	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 3560	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 2792	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 2792	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
Process Memory Space: Purchase Order_12052021.exe PID: 2792	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.Purchase Order_12052021.exe.3b46210.3.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.Purchase Order_12052021.exe.3b46210.3.unpack	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
0.2.Purchase Order_12052021.exe.3b46210.3.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
3.2.Purchase Order_12052021.exe.400000.0.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
3.2.Purchase Order_12052021.exe.400000.0.unpack	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
3.2.Purchase Order_12052021.exe.400000.0.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack	JoeSecurity_Matiex	Yara detected Matiex Keylogger	Joe Security
0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack	JoeSecurity_BedsObfuscator	Yara detected Beds Obfuscator	Joe Security
0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack	JoeSecurity_AgentTesla_2	Yara detected AgentTesla	Joe Security
Click to see the 9 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: Purchase Order_12052021.exe

ReversingLabs: Detection: 36%

Machine Learning detection for sample

Show sources

Source: Purchase Order_12052021.exe

Joe Sandbox ML: detected

Source: 3.2.Purchase Order_12052021.exe.400000.0.unpack

Avira: Label: TR/Redcap.jajcu

Source: Purchase Order_12052021.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: unknown

HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.3:49729 version: TLS 1.0

Source: Purchase Order_12052021.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_00B316D0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 4x nop then cmp dword ptr [ebp-20h], 00000000h	0_2_00B31655
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	0_2_04E97D7C

Networking:

May check the online IP address of the machine

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	DNS query: name: checkip.dyndns.org
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	DNS query: name: checkip.dyndns.org

Source: global traffic

TCP traffic: 192.168.2.3:49733 -> 193.32.232.10:587

Source: Joe Sandbox View	IP Address: 104.21.19.200 104.21.19.200
Source: Joe Sandbox View	IP Address: 216.146.43.71 216.146.43.71

Source: Joe Sandbox View

JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad

Source: global traffic

TCP traffic: 192.168.2.3:49733 -> 193.32.232.10:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown

HTTPS traffic detected: 104.21.19.200:443 -> 192.168.2.3:49729 version: TLS 1.0

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

Source: unknown

DNS traffic detected: queries for: checkip.dyndns.org

Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp	String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMi
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crt0
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: http://checkip.dyndns.org/HB
Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRo~II
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0F
Source: Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp	String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0
Source: Purchase Order_12052021.exe, 00000003.00000002.475689742.000000000681F000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/RapidSSLTLSDVRSAMix
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp	String found in binary or memory: http://kerekesfoto.com
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470154647.00000000011D2000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: Purchase Order_12052021.exe, 00000000.00000002.219818488.0000000002811000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/1
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/downloads/
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k=
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/index_ru.html
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlc
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name=
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/
Source: Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/84.17.52.78
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/
Source: Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	String found in binary or memory: https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26
Source: Purchase Order_12052021.exe, 00000003.00000002.471060800.0000000002E0B000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.471072262.0000000002E0F000.00000004.00000001.sdmp	String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.
Source: Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.coef
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.475689742.000000000681F000.00000004.00000001.sdmp	String found in binary or memory: https://www.digicert.com/rpa-ua0
Source: Purchase Order_12052021.exe, 00000003.00000002.471083879.0000000002E20000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=
Source: Purchase Order_12052021.exe, 00000003.00000002.473656695.0000000003132000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=3D84.17.52.78=0D=0A=0D=0ADat=
Source: Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	String found in binary or memory: https://www.geodatatool.com/en/?ip=84.17.52.78
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC
Source: Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC5http://servermana

Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729

Source: Purchase Order_12052021.exe, 00000000.00000002.219485544.0000000000B68000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary:

Initial sample is a PE file and has a suspicious name

Show sources

Source: initial sample

Static PE information: Filename: Purchase Order_12052021.exe

PE file has nameless sections

Show sources

Source: Purchase Order_12052021.exe

Static PE information: section name:

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B344A0	0_2_00B344A0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B318F0	0_2_00B318F0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B304E2	0_2_00B304E2
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B32420	0_2_00B32420
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B33528	0_2_00B33528
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3B558	0_2_00B3B558
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3BEC0	0_2_00B3BEC0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B32B98	0_2_00B32B98
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3A898	0_2_00B3A898
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B32411	0_2_00B32411
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3B870	0_2_00B3B870
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B36C58	0_2_00B36C58
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B36580	0_2_00B36580
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B377D2	0_2_00B377D2
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B36571	0_2_00B36571
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3AE90	0_2_00B3AE90
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B36A88	0_2_00B36A88
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B36A79	0_2_00B36A79
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3A240	0_2_00B3A240
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B323AE	0_2_00B323AE
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B3439B	0_2_00B3439B
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B377D2	0_2_00B377D2
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B367D8	0_2_00B367D8
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B367C9	0_2_00B367C9
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_04E96490	0_2_04E96490
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_04E98E70	0_2_04E98E70
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4148	0_2_054D4148
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D0040	0_2_054D0040
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8C68	0_2_054D8C68
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4137	0_2_054D4137
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8C59	0_2_054D8C59
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4458	0_2_054D4458
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D3C50	0_2_054D3C50
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4468	0_2_054D4468
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D3C60	0_2_054D3C60
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D0006	0_2_054D0006
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D68C0	0_2_054D68C0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D5CD9	0_2_054D5CD9
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D5CE8	0_2_054D5CE8
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D88A8	0_2_054D88A8
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D88A4	0_2_054D88A4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D68B3	0_2_054D68B3
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D3331	0_2_054D3331
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D3390	0_2_054D3390
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4BAF	0_2_054D4BAF
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8E5D	0_2_054D8E5D
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8E6B	0_2_054D8E6B
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8ED4	0_2_054D8ED4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8EFA	0_2_054D8EFA
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D8E84	0_2_054D8E84
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4AAF	0_2_054D4AAF
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D4AB0	0_2_054D4AB0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0117D0B0	3_2_0117D0B0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0117F0E0	3_2_0117F0E0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0117057F	3_2_0117057F
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0117D980	3_2_0117D980
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0117CD68	3_2_0117CD68
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_01171039	3_2_01171039
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_01171550	3_2_01171550
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0591DD88	3_2_0591DD88
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_059148B8	3_2_059148B8
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_05915020	3_2_05915020
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_059183D0	3_2_059183D0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_05911370	3_2_05911370
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_06928A38	3_2_06928A38
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_069239D8	3_2_069239D8
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694B780	3_2_0694B780
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_06947724	3_2_06947724
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694C050	3_2_0694C050
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_06945750	3_2_06945750
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_06945740	3_2_06945740
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694B187	3_2_0694B187
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694BFF0	3_2_0694BFF0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_06948C50	3_2_06948C50

Source: Purchase Order_12052021.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: Purchase Order_12052021.exe	Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.219818488.0000000002811000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameSimpleUI.dll( vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.219485544.0000000000B68000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000000.198987261.0000000000470000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.221824311.0000000002D20000.00000004.00000001.sdmp	Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameDSASignature.dll@ vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenamee.exe4 vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe	Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000002.00000000.216649315.00000000003D0000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe	Binary or memory string: OriginalFilename vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.468681860.0000000000BE5000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp	Binary or memory string: OriginalFilenamee.exe4 vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.468556035.0000000000A20000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe, 00000003.00000002.469960044.00000000011AA000.00000004.00000020.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs Purchase Order_12052021.exe
Source: Purchase Order_12052021.exe	Binary or memory string: OriginalFilenameContextAttribute.exe" vs Purchase Order_12052021.exe

Source: Purchase Order_12052021.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: Purchase Order_12052021.exe

Static PE information: Section: NLNe ZLIB complexity 1.00031777034

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@5/1@36/3

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order_12052021.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Select * from Clientes WHERE id=@id;;
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE id=@id;
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: Select * from SecurityLogonTypeErro ao listar Banco sql-SecurityLogonType,Select from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)

Source: Purchase Order_12052021.exe

ReversingLabs: Detection: 36%

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

File read: C:\Users\user\Desktop\Purchase Order_12052021.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe 'C:\Users\user\Desktop\Purchase Order_12052021.exe'
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Purchase Order_12052021.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Purchase Order_12052021.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp
Source:	Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: Purchase Order_12052021.exe, 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Unpacked PE file: 0.2.Purchase Order_12052021.exe.3b0000.0.unpack NLNe:EW;.text:ER;.rsrc:R;.reloc:R;Unknown_Section4:ER; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:R;Unknown_Section4:ER;

Yara detected Beds Obfuscator

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Source: Purchase Order_12052021.exe	Static PE information: section name: NLNe
Source: Purchase Order_12052021.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_0045FA71 push ss; retf	0_2_0045FA72
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B31453 pushfd ; retf	0_2_00B31454
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_00B31449 pushfd ; retf	0_2_00B3144A
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_04E9ACDC push 9C027EC3h; ret	0_2_04E9ACE1
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D831F push FFFFFFA2h; retf	0_2_054D8321
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 0_2_054D7E42 push ebx; iretd	0_2_054D7E50
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3622 push cs; retf	2_2_003D3632
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3670 push cs; retf	2_2_003D36A4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3658 push cs; retf	2_2_003D366E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3A5A push ss; retf	2_2_003D3A5E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3BB6 push ds; retf	2_2_003D3BBA
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3BA4 push ds; retf	2_2_003D3BB4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D36A6 push cs; retf	2_2_003D36B0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D3B92 push ds; retf	2_2_003D3B96
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D338E push cs; retf	2_2_003D3632
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 2_2_003D338E push cs; retf	2_2_003D363E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A236A6 push cs; retf	3_2_00A236B0
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23BA4 push ds; retf	3_2_00A23BB4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23BB6 push ds; retf	3_2_00A23BBA
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A2338E push cs; retf	3_2_00A23632
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A2338E push cs; retf	3_2_00A2363E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23B92 push ds; retf	3_2_00A23B96
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23622 push cs; retf	3_2_00A23632
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23670 push cs; retf	3_2_00A236A4
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23A5A push ss; retf	3_2_00A23A5E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_00A23658 push cs; retf	3_2_00A2366E
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694F687 push es; iretd	3_2_0694F688
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Code function: 3_2_0694C7F0 pushad ; retf	3_2_0694C84D

Source: initial sample

Static PE information: section name: NLNe entropy: 7.99974141279

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL

Yara detected Beds Obfuscator

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Window / User API: threadDelayed 2287			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Window / User API: threadDelayed 7556			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2428	Thread sleep time: -99453s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6128	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -15679732462653109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -200000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6060	Thread sleep count: 2287 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99844s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 6060	Thread sleep count: 7556 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99515s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -195750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97406s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97297s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97187s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -96969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -96859s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -99094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -98000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe TID: 2440	Thread sleep time: -97656s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99453	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99844	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99734	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99625	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99515	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99406	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99297	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99187	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99078	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98969	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98859	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98750	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98640	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98531	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98422	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98312	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98203	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98094	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97984	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97875	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97766	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97641	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97516	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97406	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97297	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97187	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97078	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 96969	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 96859	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99547	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99437	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99328	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99219	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 99094	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98984	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98875	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98766	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98656	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98547	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98437	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98328	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98219	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98109	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 98000	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Thread delayed: delay time: 97656	Jump to behavior

Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: VMWARE
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA II
Source: Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: Purchase Order_12052021.exe, 00000003.00000002.470467044.0000000001267000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Purchase Order_12052021.exe, 00000003.00000002.475390162.00000000061E0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Code function: 0_2_00B316D0 CheckRemoteDebuggerPresent,

0_2_00B316D0

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Code function: 3_2_0694B780 LdrInitializeThunk,

3_2_0694B780

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Memory written: C:\Users\user\Desktop\Purchase Order_12052021.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Process created: C:\Users\user\Desktop\Purchase Order_12052021.exe C:\Users\user\Desktop\Purchase Order_12052021.exe			Jump to behavior

Source: Purchase Order_12052021.exe, 00000003.00000002.470746185.0000000001810000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: Purchase Order_12052021.exe, 00000003.00000002.470746185.0000000001810000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Purchase Order_12052021.exe, 00000003.00000002.470746185.0000000001810000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Purchase Order_12052021.exe, 00000003.00000002.470746185.0000000001810000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Users\user\Desktop\Purchase Order_12052021.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Users\user\Desktop\Purchase Order_12052021.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\Purchase Order_12052021.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\Purchase Order_12052021.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match	File source: 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY

Remote Access Functionality:

Yara detected AgentTesla

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Yara detected Matiex Keylogger

Show sources

Source: Yara match	File source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 3560, type: MEMORY
Source: Yara match	File source: Process Memory Space: Purchase Order_12052021.exe PID: 2792, type: MEMORY
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.4224d4.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3b46210.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.Purchase Order_12052021.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Purchase Order_12052021.exe.3ac79f0.2.raw.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Path Interception	Process Injection112	Masquerading1	OS Credential Dumping1	Security Software Discovery221	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Disable or Modify Tools1	Input Capture1	Process Discovery2	Remote Desktop Protocol	Input Capture1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Virtualization/Sandbox Evasion41	Security Account Manager	Virtualization/Sandbox Evasion41	SMB/Windows Admin Shares	Archive Collected Data1	Automated Exfiltration	Ingress Tool Transfer1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Application Window Discovery1	Distributed Component Object Model	Data from Local System1	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Obfuscated Files or Information3	LSA Secrets	Remote System Discovery1	SSH	Clipboard Data1	Data Transfer Size Limits	Application Layer Protocol23	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Software Packing13	Cached Domain Credentials	System Network Configuration Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	System Information Discovery24	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Purchase Order_12052021.exe	36%	ReversingLabs	ByteCode-MSIL.Trojan.Wacatac
Purchase Order_12052021.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.2.Purchase Order_12052021.exe.3b0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File
3.2.Purchase Order_12052021.exe.400000.0.unpack	100%	Avira	TR/Redcap.jajcu		Download File

Domains

Source	Detection	Scanner	Link
kerekesfoto.com	5%	Virustotal	Browse
freegeoip.app	1%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://freegeoip.app/xml/	0%	URL Reputation	safe
https://www.digicert.coef	0%	Avira URL Cloud	safe
https://www.geodatatool.com/en/?ip=3D84.17.52.78=0D=0A=0D=0ADat=	0%	Avira URL Cloud	safe
https://freegeoip.app	0%	URL Reputation	safe
https://freegeoip.app	0%	URL Reputation	safe
https://freegeoip.app	0%	URL Reputation	safe
http://servermanager.miixit.org/index_ru.htmlc	0%	Avira URL Cloud	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
https://www.geodatatool.com/en/?ip=	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	Avira URL Cloud	safe
http://kerekesfoto.com	0%	Avira URL Cloud	safe
https://www.digicert.	0%	Avira URL Cloud	safe
http://checkip.dyndns.org/	0%	Avira URL Cloud	safe
http://servermanager.miixit.org/index_ru.html	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	0%	URL Reputation	safe
http://checkip.dyndns.org/HB	0%	Avira URL Cloud	safe
https://www.geodatatool.com/en/?ip=84.17.52.78	0%	Avira URL Cloud	safe
http://servermanager.miixit.org/report/reporter_index.php?name=	0%	Avira URL Cloud	safe
http://servermanager.miixit.org/1	0%	Avira URL Cloud	safe
http://servermanager.miixit.org/downloads/	0%	Avira URL Cloud	safe
http://servermanager.miixit.org/hits/hit_index.php?k=	0%	Avira URL Cloud	safe
https://freegeoip.app/xml/84.17.52.78	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.78	0%	URL Reputation	safe
https://freegeoip.app/xml/84.17.52.78	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
kerekesfoto.com	193.32.232.10	true	false	5%, Virustotal, Browse	unknown
freegeoip.app	104.21.19.200	true	false	1%, Virustotal, Browse	unknown
checkip.dyndns.com	216.146.43.71	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://checkip.dyndns.org/	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://freegeoip.app/xml/	Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.digicert.coef	Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.geodatatool.com/en/?ip=3D84.17.52.78=0D=0A=0D=0ADat=	Purchase Order_12052021.exe, 00000003.00000002.473656695.0000000003132000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app	Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://servermanager.miixit.org/index_ru.htmlc	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.geodatatool.com/en/?ip=	Purchase Order_12052021.exe, 00000003.00000002.471083879.0000000002E20000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://checkip.dyndns.org	Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://kerekesfoto.com	Purchase Order_12052021.exe, 00000003.00000002.471885488.0000000002F03000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css	Purchase Order_12052021.exe, 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp	false		high
https://www.digicert.	Purchase Order_12052021.exe, 00000003.00000002.475714622.0000000006840000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false		high
http://servermanager.miixit.org/index_ru.html	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/	Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://checkip.dyndns.org/HB	Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://www.geodatatool.com/en/?ip=84.17.52.78	Purchase Order_12052021.exe, 00000003.00000002.471482796.0000000002E9E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://servermanager.miixit.org/report/reporter_index.php?name=	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu	Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false		high
http://servermanager.miixit.org/1	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Purchase Order_12052021.exe, 00000000.00000002.219818488.0000000002811000.00000004.00000001.sdmp, Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false		high
https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26	Purchase Order_12052021.exe, 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp	false		high
https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC5http://servermana	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false		high
http://servermanager.miixit.org/downloads/	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://servermanager.miixit.org/hits/hit_index.php?k=	Purchase Order_12052021.exe, 00000000.00000003.213058949.0000000003115000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://freegeoip.app/xml/84.17.52.78	Purchase Order_12052021.exe, 00000003.00000002.471029009.0000000002DF4000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.19.200	freegeoip.app	United States	13335	CLOUDFLARENETUS	false
216.146.43.71	checkip.dyndns.com	United States	33517	DYNDNSUS	false
193.32.232.10	kerekesfoto.com	Hungary	62292	EZIT-ASHU	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	412749
Start date:	12.05.2021
Start time:	22:37:18
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 25s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	Purchase Order_12052021.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@5/1@36/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 1.4% (good quality ratio 1%) Quality average: 44.1% Quality standard deviation: 34.3%
HCA Information:	Successful, ratio: 96% Number of executed functions: 96 Number of non-executed functions: 30
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 40.88.32.150, 104.42.151.234, 20.50.102.62, 23.57.80.111, 92.122.213.247, 92.122.213.194, 205.185.216.42, 205.185.216.10, 20.54.26.129, 20.49.157.6, 20.82.209.183 Excluded domains from analysis (whitelisted): fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus15.cloudapp.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, blobcollector.events.data.trafficmanager.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolwus16.cloudapp.net Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
22:38:10	API Interceptor	889x Sleep call for process: Purchase Order_12052021.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
104.21.19.200	Statement of Account April-2021.exe	Get hash	malicious	Browse
	d0875029_by_Libranalysis.exe	Get hash	malicious	Browse
	SNAOUOKKOI.exe	Get hash	malicious	Browse
	ve #U00e7eki listesi ektedir Proforma.exe	Get hash	malicious	Browse
	Due Invoices.exe	Get hash	malicious	Browse
	Order-PO102.exe	Get hash	malicious	Browse
	IMG_0125_30_227_06.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.GenericKD.36873970.29336.exe	Get hash	malicious	Browse
	q3qhElKDnGNNjTi.exe	Get hash	malicious	Browse
	ORDEN SURA OC CVE6535 _TVOP-MIO.exe	Get hash	malicious	Browse
	f2b03f7e_by_Libranalysis.exe	Get hash	malicious	Browse
	be8928c5_by_Libranalysis.exe	Get hash	malicious	Browse
	PURCHASE_ORDER_0098_PDF.exe	Get hash	malicious	Browse
	TWI-SHA 202102.exe	Get hash	malicious	Browse
	Reconfirm invoice.exe	Get hash	malicious	Browse
	INQUIRY.exe	Get hash	malicious	Browse
	0908000000.exe	Get hash	malicious	Browse
	Nuovo ordine _WJO-001, pdf.exe	Get hash	malicious	Browse
	Tender Overview 10052021.doc	Get hash	malicious	Browse
	59932e6d_by_Libranalysis.exe	Get hash	malicious	Browse
216.146.43.71	Invoice...exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Statement of Account April-2021.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	eb57884e_by_Libranalysis.xlsx	Get hash	malicious	Browse	checkip.dyndns.org/
	79cc8c05_by_Libranalysis.xlsx	Get hash	malicious	Browse	checkip.dyndns.org/
	Tender Overview 10052021.doc	Get hash	malicious	Browse	checkip.dyndns.org/
	SOA.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	QUOTATION.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	INQUIRY.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Payment_Advice.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	SOA..exe	Get hash	malicious	Browse	checkip.dyndns.org/
	file.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Pre Shipment Doc..exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Purchase Order 883.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	39305.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	PI.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	Proforma adjunta N#U00ba 42037,pdf.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	swift copy.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	DHL 4677348255142.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	QEpa8OLm9Z.exe	Get hash	malicious	Browse	checkip.dyndns.org/
	c7b8f5dc_by_Libranalysis.exe	Get hash	malicious	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
checkip.dyndns.com	Invoice...exe	Get hash	malicious	Browse	216.146.43.71
	Statement of Account April-2021.exe	Get hash	malicious	Browse	216.146.43.71
	FACTURA COMERCIAL_________________________________________________________PDF__.exe	Get hash	malicious	Browse	162.88.193.70
	Technical data sheet.exe	Get hash	malicious	Browse	131.186.161.70
	d0875029_by_Libranalysis.exe	Get hash	malicious	Browse	162.88.193.70
	SNAOUOKKOI.exe	Get hash	malicious	Browse	216.146.43.70
	ve #U00e7eki listesi ektedir Proforma.exe	Get hash	malicious	Browse	162.88.193.70
	Purchase Order 12052021.exe	Get hash	malicious	Browse	131.186.161.70
	Purchase Order 11052021.exe	Get hash	malicious	Browse	131.186.161.70
	Quotation_05082021 pdf.exe	Get hash	malicious	Browse	131.186.161.70
	Due Invoices.exe	Get hash	malicious	Browse	131.186.113.70
	Order-PO102.exe	Get hash	malicious	Browse	162.88.193.70
	IMG_0125_30_227_06.exe	Get hash	malicious	Browse	131.186.113.70
	SOA,.exe	Get hash	malicious	Browse	216.146.43.70
	vy38Kw9qRh.exe	Get hash	malicious	Browse	162.88.193.70
	SecuriteInfo.com.Trojan.GenericKD.36873970.29336.exe	Get hash	malicious	Browse	131.186.161.70
	q3qhElKDnGNNjTi.exe	Get hash	malicious	Browse	131.186.113.70
	purchase order..exe	Get hash	malicious	Browse	216.146.43.70
	ORDEN SURA OC CVE6535 _TVOP-MIO.exe	Get hash	malicious	Browse	131.186.113.70
	Quotation 68094.exe	Get hash	malicious	Browse	131.186.113.70
freegeoip.app	Invoice...exe	Get hash	malicious	Browse	172.67.188.154
	Statement of Account April-2021.exe	Get hash	malicious	Browse	104.21.19.200
	FACTURA COMERCIAL_________________________________________________________PDF__.exe	Get hash	malicious	Browse	172.67.188.154
	Technical data sheet.exe	Get hash	malicious	Browse	172.67.188.154
	d0875029_by_Libranalysis.exe	Get hash	malicious	Browse	104.21.19.200
	SNAOUOKKOI.exe	Get hash	malicious	Browse	104.21.19.200
	ve #U00e7eki listesi ektedir Proforma.exe	Get hash	malicious	Browse	104.21.19.200
	Purchase Order 12052021.exe	Get hash	malicious	Browse	172.67.188.154
	Purchase Order 11052021.exe	Get hash	malicious	Browse	172.67.188.154
	Due Invoices.exe	Get hash	malicious	Browse	104.21.19.200
	Order-PO102.exe	Get hash	malicious	Browse	104.21.19.200
	IMG_0125_30_227_06.exe	Get hash	malicious	Browse	104.21.19.200
	SOA,.exe	Get hash	malicious	Browse	172.67.188.154
	vy38Kw9qRh.exe	Get hash	malicious	Browse	172.67.188.154
	SecuriteInfo.com.Trojan.GenericKD.36873970.29336.exe	Get hash	malicious	Browse	104.21.19.200
	q3qhElKDnGNNjTi.exe	Get hash	malicious	Browse	104.21.19.200
	purchase order..exe	Get hash	malicious	Browse	172.67.188.154
	ORDEN SURA OC CVE6535 _TVOP-MIO.exe	Get hash	malicious	Browse	104.21.19.200
	Quotation 68094.exe	Get hash	malicious	Browse	172.67.188.154
	DOCUMENTS AND CERTIFICATIONS.exe	Get hash	malicious	Browse	172.67.188.154
kerekesfoto.com	Purchase Order 12052021.exe	Get hash	malicious	Browse	193.32.232.10
	Purchase Order 11052021.exe	Get hash	malicious	Browse	193.32.232.10
	DHL Delivery Document.exe	Get hash	malicious	Browse	193.32.232.10
	DHL Delivery Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Shipping Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Shipping Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Overdue Payment_USD.106,375.exe	Get hash	malicious	Browse	193.32.232.10
	Shipment Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037 USD.78116.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037 For USD.78116.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037.exe	Get hash	malicious	Browse	193.32.232.10
	Payment Copy For Confirmation_img.exe	Get hash	malicious	Browse	193.32.232.10
	RFQ-22100021664,pdf.exe	Get hash	malicious	Browse	193.32.232.10
	Overdue_Invoice 26022021.exe	Get hash	malicious	Browse	193.32.232.10
	Overdue_Invoice 25022021.exe	Get hash	malicious	Browse	193.32.232.10
	RFQ-22100026655Q.pdf.exe	Get hash	malicious	Browse	193.32.232.10
	FORM-B Airwaybill 1738623041.exe	Get hash	malicious	Browse	193.32.232.10
	INQUIRY-2212020.jpg.exe	Get hash	malicious	Browse	193.32.232.10
	bee0053.exe	Get hash	malicious	Browse	193.32.232.10

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DYNDNSUS	Invoice...exe	Get hash	malicious	Browse	216.146.43.71
	Statement of Account April-2021.exe	Get hash	malicious	Browse	216.146.43.71
	FACTURA COMERCIAL_________________________________________________________PDF__.exe	Get hash	malicious	Browse	162.88.193.70
	Technical data sheet.exe	Get hash	malicious	Browse	131.186.161.70
	d0875029_by_Libranalysis.exe	Get hash	malicious	Browse	162.88.193.70
	SNAOUOKKOI.exe	Get hash	malicious	Browse	216.146.43.70
	ve #U00e7eki listesi ektedir Proforma.exe	Get hash	malicious	Browse	162.88.193.70
	Purchase Order 12052021.exe	Get hash	malicious	Browse	131.186.161.70
	Purchase Order 11052021.exe	Get hash	malicious	Browse	131.186.161.70
	Quotation_05082021 pdf.exe	Get hash	malicious	Browse	131.186.161.70
	Due Invoices.exe	Get hash	malicious	Browse	131.186.113.70
	Order-PO102.exe	Get hash	malicious	Browse	162.88.193.70
	IMG_0125_30_227_06.exe	Get hash	malicious	Browse	131.186.113.70
	SOA,.exe	Get hash	malicious	Browse	216.146.43.70
	vy38Kw9qRh.exe	Get hash	malicious	Browse	162.88.193.70
	SecuriteInfo.com.Trojan.GenericKD.36873970.29336.exe	Get hash	malicious	Browse	131.186.161.70
	q3qhElKDnGNNjTi.exe	Get hash	malicious	Browse	131.186.113.70
	purchase order..exe	Get hash	malicious	Browse	216.146.43.70
	ORDEN SURA OC CVE6535 _TVOP-MIO.exe	Get hash	malicious	Browse	131.186.113.70
	Quotation 68094.exe	Get hash	malicious	Browse	131.186.113.70
CLOUDFLARENETUS	5781525.html	Get hash	malicious	Browse	172.67.150.89
	50eba5e3_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	6f61bc36_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.185.68
	50eba5e3_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	5781525.html	Get hash	malicious	Browse	172.67.150.89
	6f61bc36_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	7e718f4b_by_Libranalysis.exe	Get hash	malicious	Browse	172.67.145.48
	1ChCpaSGY7.dll	Get hash	malicious	Browse	104.20.184.68
	1cec9342_by_Libranalysis.exe	Get hash	malicious	Browse	23.227.38.74
	M7LEWK86J8.exe	Get hash	malicious	Browse	104.21.13.168
	Product specification.xlsx	Get hash	malicious	Browse	172.67.171.184
	595e3339_by_Libranalysis.dll	Get hash	malicious	Browse	172.67.156.7
	7+ Taskbar Tweaker.exe	Get hash	malicious	Browse	172.67.151.27
	7+ Taskbar Tweaker.exe	Get hash	malicious	Browse	104.21.0.149
	GmCEpa2M7R.dll	Get hash	malicious	Browse	104.20.185.68
	350969bc_by_Libranalysis.exe	Get hash	malicious	Browse	23.227.38.74
	7bYDInO.rtf	Get hash	malicious	Browse	104.16.18.94
	Invoice...exe	Get hash	malicious	Browse	172.67.188.154
	Tek_multiloader_5.exe	Get hash	malicious	Browse	162.159.133.233
	PO 367628usa.exe	Get hash	malicious	Browse	66.235.200.147
EZIT-ASHU	Purchase Order 12052021.exe	Get hash	malicious	Browse	193.32.232.10
	Purchase Order 11052021.exe	Get hash	malicious	Browse	193.32.232.10
	DHL Delivery Document.exe	Get hash	malicious	Browse	193.32.232.10
	DHL Delivery Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Shipping Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Shipping Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Overdue Payment_USD.106,375.exe	Get hash	malicious	Browse	193.32.232.10
	Shipment Documents.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037 USD.78116.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037 For USD.78116.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037.exe	Get hash	malicious	Browse	193.32.232.10
	Proforma Invoice No.42037.exe	Get hash	malicious	Browse	193.32.232.10
	Payment Copy For Confirmation_img.exe	Get hash	malicious	Browse	193.32.232.10
	RFQ-22100021664,pdf.exe	Get hash	malicious	Browse	193.32.232.10
	Overdue_Invoice 25022021.exe	Get hash	malicious	Browse	193.32.232.10
	RFQ-22100026655Q.pdf.exe	Get hash	malicious	Browse	193.32.232.10
	FORM-B Airwaybill 1738623041.exe	Get hash	malicious	Browse	193.32.232.10
	INQUIRY-2212020.jpg.exe	Get hash	malicious	Browse	193.32.232.10
	bee0053.exe	Get hash	malicious	Browse	193.32.232.10
	New Bank Details..doc	Get hash	malicious	Browse	213.181.192.180

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Invoice...exe	Get hash	malicious	Browse	104.21.19.200
	Statement of Account April-2021.exe	Get hash	malicious	Browse	104.21.19.200
	2070121SN-WS for Woosim i250MSR.pif.exe	Get hash	malicious	Browse	104.21.19.200
	FACTURA COMERCIAL_________________________________________________________PDF__.exe	Get hash	malicious	Browse	104.21.19.200
	Quotation.exe	Get hash	malicious	Browse	104.21.19.200
	Technical data sheet.exe	Get hash	malicious	Browse	104.21.19.200
	d0875029_by_Libranalysis.exe	Get hash	malicious	Browse	104.21.19.200
	Account Ledger for 2020-APRIL 2021.exe	Get hash	malicious	Browse	104.21.19.200
	New purchase order.exe	Get hash	malicious	Browse	104.21.19.200
	PO202104-543_ Inox Doan - Trading Co., Ltd,pdf.exe	Get hash	malicious	Browse	104.21.19.200
	POI9090009.exe	Get hash	malicious	Browse	104.21.19.200
	SNAOUOKKOI.exe	Get hash	malicious	Browse	104.21.19.200
	ve #U00e7eki listesi ektedir Proforma.exe	Get hash	malicious	Browse	104.21.19.200
	A6FAm1ae1j.exe	Get hash	malicious	Browse	104.21.19.200
	Purchase Order 12052021.exe	Get hash	malicious	Browse	104.21.19.200
	Purchase Order 11052021.exe	Get hash	malicious	Browse	104.21.19.200
	1578D1E95037312FDBB8E0F46F086316E68BAD3B9C8CD.exe	Get hash	malicious	Browse	104.21.19.200
	Due Invoices.exe	Get hash	malicious	Browse	104.21.19.200
	Order-PO102.exe	Get hash	malicious	Browse	104.21.19.200
	IMG_0125_30_227_06.exe	Get hash	malicious	Browse	104.21.19.200

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Purchase Order_12052021.exe.log Download File
Process:	C:\Users\user\Desktop\Purchase Order_12052021.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1314
Entropy (8bit):	5.350128552078965
Encrypted:	false
SSDEEP:	24:ML9E4Ks2f84jE4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MxHKXfvjHKx1qHiYHKhQnoPtHoxHhAHR
MD5:	8198C64CE0786EABD4C792E7E6FC30E5
SHA1:	71E1676126F4616B18C751A0A775B2D64944A15A
SHA-256:	C58018934011086A883D1D56B21F6C1916B1CD83206ADD1865C9BDD29DADCBC4
SHA-512:	EE293C0F88A12AB10041F66DDFAE89BC11AB3B3AAD8604F1A418ABE43DF0980245C3B7F8FEB709AEE8E9474841A280E073EC063045EA39948E853AA6B4EC0FB0
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.706444670572532
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 50.01% Win32 Executable (generic) a (10002005/4) 49.96% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	Purchase Order_12052021.exe
File size:	1000448
MD5:	b7394ccc239f48eb4a041f1c0fb92d92
SHA1:	020ae73c138a97eb413e2289822e8bacb7e15515
SHA256:	41b785e6bf871959db57c7f41ca190343a4e0fb48c0f945f776dda09c93bd8c2
SHA512:	5a6308403d41166bad0359706190d91f8b9c7a5eed7cb4a610b70767a56ec0615dd63d5f670130fd8f40a0f9047fc1a75decd3a7601f44eb88138d13f6b59403
SSDEEP:	24576:gxL+fNW9+EZ1uX+97dmn28Zv/alw+418coUy:7W9Ndmn3Zv/D3V
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`..............P......~............... ....@.. ....................................@................................

File Icon


Icon Hash:	90828c8c8c8a9010

Static PE Info

General
Entrypoint:	0x4fa00a
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x609B8AFC [Wed May 12 07:59:56 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v4.0.30319
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [004FA000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc08dc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xcc000	0x2ab28	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xf8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xfa000	0x8
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0xc0000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
NLNe	0x2000	0xbcfe8	0xbd000	False	1.00031777034	data	7.99974141279	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.text	0xc0000	0xbe88	0xc000	False	0.443725585938	data	5.99098442222	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xcc000	0x2ab28	0x2ac00	False	0.141778600146	data	4.57824829919	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xf8000	0xc	0x200	False	0.044921875	data	0.0980041756627	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
	0xfa000	0x10	0x200	False	0.044921875	dBase III DBT, version number 0, next free block index 788752	0.142635768149	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0xcc2e0	0x2270	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
RT_ICON	0xce550	0x10828	dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0
RT_ICON	0xded78	0x94a8	data
RT_ICON	0xe8220	0x5488	data
RT_ICON	0xed6a8	0x4228	dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967055
RT_ICON	0xf18d0	0x25a8	data
RT_ICON	0xf3e78	0x10a8	data
RT_ICON	0xf4f20	0x988	data
RT_ICON	0xf58a8	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0xf5d10	0x84	data
RT_GROUP_ICON	0xf5d94	0x14	data
RT_VERSION	0xf5da8	0x314	data
RT_MANIFEST	0xf60bc	0xa65	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright
Assembly Version	36.27.47.25
InternalName	ContextAttribute.exe
FileVersion	82.99.17.85
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion	82.99.17.85
FileDescription
OriginalFilename	ContextAttribute.exe

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 22:38:16.958307981 CEST	49726	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.018596888 CEST	80	49726	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.019165993 CEST	49726	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.019448996 CEST	49726	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.079544067 CEST	80	49726	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.079794884 CEST	80	49726	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.079826117 CEST	80	49726	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.080029964 CEST	49726	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.080986977 CEST	49726	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.141161919 CEST	80	49726	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.395709991 CEST	49727	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.456341982 CEST	80	49727	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.456507921 CEST	49727	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.457448006 CEST	49727	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.517885923 CEST	80	49727	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.517930984 CEST	80	49727	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.517957926 CEST	80	49727	216.146.43.71	192.168.2.3
May 12, 2021 22:38:17.518040895 CEST	49727	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.519391060 CEST	49727	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:17.580168962 CEST	80	49727	216.146.43.71	192.168.2.3
May 12, 2021 22:38:20.387667894 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.430658102 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.432112932 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.468041897 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.509073019 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.511553049 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.511599064 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.511950016 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.519567966 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.560606956 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.560806990 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.611787081 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.830530882 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:20.873151064 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.887747049 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:20.939893007 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:21.739523888 CEST	49730	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:21.800215006 CEST	80	49730	216.146.43.71	192.168.2.3
May 12, 2021 22:38:21.800298929 CEST	49730	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:21.800576925 CEST	49730	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:21.869107962 CEST	80	49730	216.146.43.71	192.168.2.3
May 12, 2021 22:38:21.869155884 CEST	80	49730	216.146.43.71	192.168.2.3
May 12, 2021 22:38:21.869188070 CEST	80	49730	216.146.43.71	192.168.2.3
May 12, 2021 22:38:21.869293928 CEST	49730	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:21.869544029 CEST	49730	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:21.870023012 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:21.929929018 CEST	80	49730	216.146.43.71	192.168.2.3
May 12, 2021 22:38:21.939834118 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:21.987425089 CEST	49731	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.048624992 CEST	80	49731	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.048805952 CEST	49731	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.049122095 CEST	49731	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.096214056 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:22.109622002 CEST	80	49731	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.109713078 CEST	80	49731	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.109755993 CEST	80	49731	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.109821081 CEST	49731	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.110146999 CEST	49731	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.110704899 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:22.170557976 CEST	80	49731	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.170661926 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:38:22.226885080 CEST	49732	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.287388086 CEST	80	49732	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.287503004 CEST	49732	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.287869930 CEST	49732	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.348252058 CEST	80	49732	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.348305941 CEST	80	49732	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.348346949 CEST	80	49732	216.146.43.71	192.168.2.3
May 12, 2021 22:38:22.348437071 CEST	49732	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.348776102 CEST	49732	80	192.168.2.3	216.146.43.71
May 12, 2021 22:38:22.394833088 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:38:22.408984900 CEST	80	49732	216.146.43.71	192.168.2.3
May 12, 2021 22:38:25.681958914 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:25.734335899 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:25.734426975 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:25.888634920 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:25.888964891 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:25.940056086 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:25.940434933 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:25.994430065 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:25.995282888 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.055994987 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.056063890 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.056093931 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.056401014 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.061367989 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.113342047 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.145499945 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.197482109 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.202594995 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.254532099 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.259999990 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.318891048 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.323026896 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.374403954 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.376019001 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.448369026 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.452624083 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.504405022 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.507388115 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.507428885 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.507725954 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.507741928 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.508011103 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.508029938 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.508203030 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.508304119 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:26.560614109 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560658932 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560677052 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560693026 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560847044 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560884953 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560913086 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:26.560936928 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:28.711977959 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:28.752990007 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:28.814870119 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:28.867530107 CEST	587	49733	193.32.232.10	192.168.2.3
May 12, 2021 22:38:28.867646933 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:28.878993034 CEST	49733	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:28.984658957 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.035552979 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.035690069 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.132107973 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.132386923 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.183377028 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.183686018 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.236675978 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.237344980 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.297800064 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.297868967 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.297897100 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.298027992 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.300491095 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.353265047 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.354887962 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.406215906 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.406939030 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.458412886 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.459233999 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.525794029 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.526320934 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.578366041 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.579283953 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.641750097 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.642441988 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.693464041 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.694211960 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694268942 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694376945 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694489002 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694608927 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694710970 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694801092 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.694895983 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:29.747361898 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747415066 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747440100 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747472048 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747507095 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747539043 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747570038 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:29.747678041 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:31.885067940 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:31.888516903 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:31.940589905 CEST	587	49734	193.32.232.10	192.168.2.3
May 12, 2021 22:38:31.941333055 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:31.941869020 CEST	49734	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.030937910 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.081832886 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.082011938 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.197485924 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.197793961 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.251027107 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.251337051 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.305463076 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.307117939 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.374735117 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.374785900 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.374816895 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.374995947 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.377419949 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.430149078 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.432602882 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.483788013 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.487761021 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.539242983 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.543828964 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.603933096 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.604625940 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.657174110 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.657665014 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.750041008 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.792150021 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.792807102 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.843920946 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.844626904 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.844693899 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.844789982 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.844898939 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.845016003 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.845101118 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.845194101 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.845278978 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:32.895912886 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.895975113 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.895994902 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.896011114 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.896039963 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.896064997 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.896090984 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:32.896119118 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.068593025 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.073040962 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.125044107 CEST	587	49738	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.127474070 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.127980947 CEST	49738	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.225200891 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.276242971 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.277282000 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.409621954 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.410235882 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.461461067 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.465526104 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.519682884 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.520210028 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.586591005 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.586775064 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.586816072 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.586879015 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.589168072 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.640742064 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.642203093 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.693360090 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.694042921 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.745786905 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.746475935 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.802239895 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.802851915 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.854125023 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.854674101 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:35.944988966 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.972681046 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:35.973237038 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.024338007 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.024940968 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025049925 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025151014 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025255919 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025363922 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025459051 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025547981 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.025636911 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:36.076123953 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076163054 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076189995 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076252937 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076611042 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076643944 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076667070 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:36.076690912 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:38.548459053 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:38.552911997 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:38.604902029 CEST	587	49741	193.32.232.10	192.168.2.3
May 12, 2021 22:38:38.604993105 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:38.605617046 CEST	49741	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:38.768426895 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:38.819396973 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:38.819664955 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:38.952658892 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.019541025 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.633022070 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.684560061 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.695327044 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.749614954 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.754657030 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.822510004 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.822535038 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.822546005 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.822634935 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.825161934 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.878391981 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.880080938 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.931309938 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.931874037 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:39.983282089 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:39.983990908 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.045242071 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.045854092 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.099029064 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.099529982 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.177947044 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.178467989 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.229439020 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.230062962 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230175972 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230298996 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230422974 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230537891 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230629921 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230725050 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.230829954 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:40.281148911 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281163931 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281210899 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281330109 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281434059 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281445980 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281490088 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:40.281611919 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.324274063 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.327987909 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.380091906 CEST	587	49743	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.380167961 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.381009102 CEST	49743	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.479542971 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.530442953 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.534387112 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.651684999 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.653548002 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.704747915 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.704968929 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.758624077 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.761137962 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.827686071 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.827708960 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.827724934 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.827783108 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.830593109 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.882150888 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.883579016 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.934699059 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.935396910 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:43.986711025 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:43.987377882 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.043692112 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.044222116 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.095314980 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.096551895 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.183687925 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.188119888 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.240967035 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.242865086 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.242974043 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243144035 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243283033 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243439913 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243552923 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243664026 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.243779898 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:44.293966055 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294023991 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294053078 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294131994 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294200897 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294229031 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294354916 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:44.294480085 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.474421024 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.475307941 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.527422905 CEST	587	49744	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.527510881 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.528103113 CEST	49744	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.622184038 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.673120022 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.673218012 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.768477917 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.768723965 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.819967031 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.820465088 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.874376059 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.874778986 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.938508987 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.938535929 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.938565016 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.938617945 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.941323042 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:46.993103027 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:46.994680882 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.047709942 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.048218012 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.099793911 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.100749016 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.160258055 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.160897970 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.211895943 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.212650061 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.305012941 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.311312914 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.311909914 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.362940073 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.363543034 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.363631964 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.363759995 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.363847971 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.364085913 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.364172935 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.364242077 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.364324093 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:47.414405107 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.414431095 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.414618969 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.414642096 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.414856911 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.414875984 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.415123940 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:47.415178061 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.538292885 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.539208889 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.590965033 CEST	587	49746	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.591078043 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.591649055 CEST	49746	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.680979967 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.731914043 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.732215881 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.828669071 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.828953981 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.880079985 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.880336046 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:49.934228897 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:49.934669971 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.001250982 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.001282930 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.001296043 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.001403093 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.003726006 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.055243969 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.056762934 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.107728958 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.115962029 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.167154074 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.169040918 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.230896950 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.231893063 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.285444021 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.286149025 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.369200945 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.371174097 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.422049999 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.422687054 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.422779083 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.422883987 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.422987938 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.423098087 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.423181057 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.423268080 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.423362017 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:50.473438025 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473462105 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473469019 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473480940 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473642111 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473685026 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473759890 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:50.473840952 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:52.737868071 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:52.739044905 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:52.791202068 CEST	587	49747	193.32.232.10	192.168.2.3
May 12, 2021 22:38:52.791425943 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:52.791935921 CEST	49747	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:52.871912956 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:52.922501087 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:52.922619104 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.038117886 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.038378000 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.089189053 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.089417934 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.143671989 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.144170046 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.210467100 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.210505962 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.210532904 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.210555077 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.212838888 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.263945103 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.268218994 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.319848061 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.320386887 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.371537924 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.372232914 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.431885958 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.432380915 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.483314037 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.483953953 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.561604977 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.562062025 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.612848997 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.613513947 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.613725901 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.613871098 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.613975048 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.614104986 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.614373922 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.614568949 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.614731073 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:53.664227009 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664264917 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664501905 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664530039 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664572001 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664731026 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.664941072 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:53.665158987 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:55.809225082 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:55.810302973 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:55.862520933 CEST	587	49748	193.32.232.10	192.168.2.3
May 12, 2021 22:38:55.862634897 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:55.863291979 CEST	49748	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:55.956129074 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.007077932 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.007200003 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.103802919 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.104031086 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.154942989 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.155219078 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.207966089 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.208374977 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.271578074 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.271600008 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.271614075 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.271680117 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.626746893 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.677856922 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.693289995 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.745616913 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.746129036 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.798055887 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.798712969 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.859529972 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.861665010 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:56.912698984 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:56.913692951 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.000395060 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.003132105 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.053848028 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.171452045 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171508074 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171613932 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171700001 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171802998 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171880007 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.171955109 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.172039032 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:57.222305059 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222332954 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222353935 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222366095 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222378016 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222388029 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222399950 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:57.222600937 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.297837019 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.298743963 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.350941896 CEST	587	49750	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.351156950 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.351701975 CEST	49750	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.459093094 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.509897947 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.510008097 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.609776020 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.610115051 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.662581921 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.662812948 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.719470024 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.720029116 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.778034925 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.778099060 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.778140068 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.778153896 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.780548096 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.832067966 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.834109068 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.884928942 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.885617971 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.936883926 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.937558889 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:38:59.995728016 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:38:59.996583939 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.047504902 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.048194885 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.138807058 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.142215967 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.143485069 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.196753025 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.197422981 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.197554111 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.197673082 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.197808027 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.197926998 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.198075056 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.198216915 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.198307991 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:00.248339891 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248378038 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248394012 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248419046 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248549938 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248586893 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.248950958 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:00.249067068 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.362824917 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.365459919 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.417673111 CEST	587	49752	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.417814016 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.419236898 CEST	49752	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.509001017 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.560605049 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.561384916 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.657814980 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.658160925 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.710290909 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.714019060 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.766189098 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.766902924 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.824822903 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.824882030 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.824917078 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.825007915 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.830976009 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.882190943 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.885399103 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.936609030 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.937971115 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:02.990757942 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:02.992430925 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.049514055 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.050853968 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.101752996 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.102924109 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.190463066 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.191056013 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.242002964 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.243547916 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.243771076 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.244079113 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.244384050 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.244694948 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.244954109 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.245198965 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.245461941 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:03.294544935 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.294594049 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.294670105 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.294944048 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.295255899 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.295543909 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.295739889 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:03.295980930 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.337203026 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.338064909 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.392214060 CEST	587	49753	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.392338991 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.392940998 CEST	49753	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.491188049 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.543838024 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.544014931 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.641846895 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.642152071 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.695974112 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.696294069 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.751768112 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.752243996 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.819554090 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.819610119 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.819643974 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.819731951 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.823894024 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.875153065 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.877401114 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.928268909 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.928818941 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:05.983043909 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:05.983728886 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.042732000 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.043318033 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.094419003 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.094993114 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.156054974 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.156589985 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.207449913 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.208085060 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208190918 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208319902 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208436966 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208559990 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208688021 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208779097 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.208874941 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:06.258924007 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.258980989 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259016991 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259042025 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259068966 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259258032 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259371996 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:06.259397984 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.344922066 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.345896006 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.399148941 CEST	587	49754	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.399359941 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.399899960 CEST	49754	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.490240097 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.541203976 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.541371107 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.637576103 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.637857914 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.689131021 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.689454079 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.742544889 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.742957115 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.802294970 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.802362919 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.802397013 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.802449942 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.804821968 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.856313944 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.857867002 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.909631014 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.911922932 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:08.964724064 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:08.965444088 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.025970936 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.026544094 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.077703953 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.078208923 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.164591074 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.165100098 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.218178034 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.218790054 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.218887091 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.218990088 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.219089031 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.219197035 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.219283104 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.219360113 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.219436884 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:09.269956112 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.269999027 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270026922 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270054102 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270080090 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270106077 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270198107 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:09.270227909 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.412234068 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.414545059 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.466850996 CEST	587	49758	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.466965914 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.468159914 CEST	49758	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.589235067 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.640247107 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.640376091 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.723929882 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.724150896 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.777328968 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.777564049 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.831804991 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.832403898 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.900439024 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.900504112 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.900537014 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.900593996 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.903187037 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:11.954736948 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:11.956234932 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.007600069 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.008243084 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.059879065 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.060858965 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.121320963 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.122406960 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.173609018 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.174104929 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.258802891 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.262419939 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.313580990 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.314177990 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314308882 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314438105 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314560890 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314702034 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314805984 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314908028 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.314991951 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:12.365534067 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365585089 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365611076 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365639925 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365876913 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365906000 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365928888 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:12.365955114 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.612221956 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.615652084 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.668510914 CEST	587	49764	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.668813944 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.669884920 CEST	49764	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.766115904 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.817156076 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.817358017 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.937293053 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.937505007 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:14.989166975 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:14.989521027 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.043912888 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.044405937 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.110758066 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.110831976 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.110882044 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.111011982 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.113615990 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.166615009 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.168292999 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.219459057 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.220103979 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.271625042 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.272459030 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.333167076 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.333832979 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.386485100 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.387073040 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.458559990 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.460041046 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.512572050 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.513211966 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513314962 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513428926 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513535023 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513670921 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513744116 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513832092 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.513916016 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:15.565613985 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.565658092 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.565691948 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.565727949 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.566293001 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.566335917 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.566368103 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.566409111 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:15.618689060 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:39:15.660063982 CEST	443	49729	104.21.19.200	192.168.2.3
May 12, 2021 22:39:15.661963940 CEST	49729	443	192.168.2.3	104.21.19.200
May 12, 2021 22:39:17.820894003 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:17.823079109 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:17.877007008 CEST	587	49765	193.32.232.10	192.168.2.3
May 12, 2021 22:39:17.877499104 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:17.878370047 CEST	49765	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:17.986792088 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.037760019 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.038280010 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.134459972 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.134676933 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.185771942 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.186606884 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.241451025 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.242065907 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.306639910 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.306677103 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.306689024 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.306803942 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.309442997 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.360730886 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.364788055 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.416805983 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.417992115 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.471752882 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.473876953 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.530731916 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.531430006 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.583563089 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.584350109 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.677980900 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.680460930 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.681190968 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.732215881 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.733728886 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.734030962 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.734375954 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.734641075 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.734957933 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.735198975 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.735440016 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.735656977 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:18.786093950 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786140919 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786453009 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786489964 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786519051 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786544085 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786569118 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:18.786595106 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:20.937531948 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:20.940431118 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:20.992866039 CEST	587	49766	193.32.232.10	192.168.2.3
May 12, 2021 22:39:20.993005991 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:20.994467974 CEST	49766	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.086289883 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.137831926 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.137981892 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.235661030 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.235918999 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.286895037 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.287137985 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.342760086 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.343281984 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.407234907 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.407286882 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.407324076 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.407454967 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.410825968 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.462258101 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.464314938 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.517991066 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.519382954 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.570899963 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.572614908 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.630280972 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.631696939 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.683471918 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.684782028 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.769051075 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.770386934 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.821655035 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.825345993 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.825490952 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.825613976 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.825769901 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.825934887 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.826055050 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.826169014 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.826265097 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:21.878408909 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878458023 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878487110 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878679037 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878704071 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878729105 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878760099 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:21.878787041 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:23.971508026 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:23.974008083 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.028031111 CEST	587	49767	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.028259993 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.028810978 CEST	49767	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.114895105 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.165949106 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.166070938 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.248783112 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.249223948 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.300992012 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.301321030 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.355427980 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.356218100 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.423026085 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.423108101 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.423146963 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.423227072 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.429524899 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.481569052 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.484952927 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.536148071 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.537504911 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.589423895 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.590955973 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.648823023 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.649776936 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.700886965 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.702114105 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.771738052 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.772986889 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.824179888 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.825591087 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.825858116 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.826199055 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.826462984 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.826788902 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.827013969 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.827249050 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.827461004 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:24.876615047 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.876660109 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.876935959 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.877355099 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.877521038 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.877715111 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.877887011 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:24.878118038 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:26.996092081 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:26.998673916 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.051568031 CEST	587	49768	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.051882029 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.052522898 CEST	49768	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.172420979 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.223711967 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.223956108 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.319574118 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.320009947 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.371115923 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.371406078 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.424992085 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.425538063 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.487472057 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.487529993 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.487564087 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.487703085 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.506582022 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.558078051 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.561589003 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.613339901 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.614223003 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.665641069 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.672600031 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.730142117 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.730896950 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.782002926 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.783147097 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.855361938 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.856729984 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.907803059 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.908444881 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.908567905 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.908684015 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.908796072 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.908926010 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.909034014 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.909122944 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.909220934 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:27.959945917 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.959995985 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960011959 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960037947 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960063934 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960088015 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960113049 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:27.960138083 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.041994095 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.044289112 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.096376896 CEST	587	49769	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.097795010 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.098566055 CEST	49769	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.201694012 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.253789902 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.253978014 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.373985052 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.374295950 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.425327063 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.425825119 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.480844021 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.481626034 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.544362068 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.544418097 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.544451952 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.544637918 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.550735950 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.603133917 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.605695009 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.659554005 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.660604000 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.711967945 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.713705063 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.770792007 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.772193909 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.824872017 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.826236963 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.909060001 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.910235882 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.961277008 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:30.962775946 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.962968111 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.963300943 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.963610888 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.963931084 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.964186907 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.964412928 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:30.964664936 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:31.013787985 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.013829947 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.013999939 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.014241934 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.016218901 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.016247988 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.016594887 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:31.016621113 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.120481014 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.122446060 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.177088976 CEST	587	49770	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.177377939 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.178746939 CEST	49770	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.282207966 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.333148003 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.333297968 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.429408073 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.429811001 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.480855942 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.481534958 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.535408974 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.536475897 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.605463982 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.605504036 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.605523109 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.605747938 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.611893892 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.663276911 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.666783094 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.717829943 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.721692085 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.774025917 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.775180101 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.834836006 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.836153030 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.887310982 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.888667107 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:33.968096972 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:33.972740889 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.025183916 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.026474953 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.026582003 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.026798010 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.027019024 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.027245998 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.027445078 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.027621984 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.027801037 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:34.077657938 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.077702045 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.077721119 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.077836037 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.077862978 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.078035116 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.078226089 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:34.078429937 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.094163895 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.096771002 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.148468018 CEST	587	49771	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.149241924 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.149266958 CEST	49771	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.246745110 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.297668934 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.297883034 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.366501093 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.367079973 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.420277119 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.420774937 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.474345922 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.475127935 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.535171032 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.535229921 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.535265923 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.535422087 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.541766882 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.592998981 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.596580029 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.647758007 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.648458004 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.699794054 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.701771975 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.763159990 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.764430046 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.815532923 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.816828012 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.890924931 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.892200947 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.943681002 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.945118904 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.945365906 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.945688963 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.946002960 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.946393967 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.946680069 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.946921110 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.947179079 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:36.996462107 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.996517897 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.996562004 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.996591091 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.997016907 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.997221947 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.997498989 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:36.997771025 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.073065996 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.075136900 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.127132893 CEST	587	49772	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.127458096 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.128736973 CEST	49772	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.220865011 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.273216963 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.273396015 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.355858088 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.356250048 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.407392979 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.407771111 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.460494041 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.461282969 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.521792889 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.521871090 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.521917105 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.522079945 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.528712988 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.580024958 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.583268881 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.636337996 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.637531996 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.690841913 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.692543030 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.748191118 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.749277115 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.800425053 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.801543951 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.886485100 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.887643099 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.938754082 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.940304041 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.940711975 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.940943003 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.941174030 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.941437960 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.941638947 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.941860914 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.942070961 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:39.991420984 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.991465092 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.991569042 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.991832972 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.992214918 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.992317915 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.992433071 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:39.992672920 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.045969009 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.046865940 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.098593950 CEST	587	49773	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.098717928 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.099278927 CEST	49773	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.176055908 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.226957083 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.227158070 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.323086977 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.323323011 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.374231100 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.374475002 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.428234100 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.428590059 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.486757040 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.486814022 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.486862898 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.486898899 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.492882013 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.544205904 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.545485020 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.596407890 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.597156048 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.648397923 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.649199963 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.708868027 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.709392071 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.761733055 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.762238026 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.852873087 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.944027901 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.944665909 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.997839928 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:42.998539925 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.998678923 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.998800039 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.998909950 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.999034882 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.999123096 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.999231100 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:42.999330997 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:43.051461935 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051493883 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051517010 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051784039 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051877975 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051907063 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051930904 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:43.051956892 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.145446062 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.146852016 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.199130058 CEST	587	49775	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.199242115 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.199986935 CEST	49775	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.287230015 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.340167046 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.340293884 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.408426046 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.462578058 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.478759050 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:45.529841900 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:45.571949005 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.301451921 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.354165077 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.354585886 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.422960043 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.423021078 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.423053026 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.423090935 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.433002949 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.484714031 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.513490915 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.565469027 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.565968037 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.617470980 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.618161917 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.677411079 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.677897930 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.730190992 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.730711937 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.809268951 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.809834003 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.860958099 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.861620903 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.861746073 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.861854076 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.862062931 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.862164974 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.862248898 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.862329960 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.862431049 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:46.912679911 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912720919 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912740946 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912791014 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912897110 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912925005 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.912941933 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:46.913126945 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:48.945111990 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:48.947211027 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:48.998960018 CEST	587	49777	193.32.232.10	192.168.2.3
May 12, 2021 22:39:48.999131918 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.000543118 CEST	49777	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.091204882 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.141948938 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.142126083 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.210824966 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.211108923 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.263716936 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.263982058 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.317442894 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.317831039 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.382819891 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.382844925 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.382858992 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.382910967 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.385353088 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.436438084 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.438456059 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.490379095 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.491283894 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.542427063 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.543302059 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.603598118 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.604485035 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.656879902 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.657408953 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.719521999 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.723944902 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.775027990 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.775815964 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.775974989 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776092052 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776200056 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776309013 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776390076 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776467085 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.776552916 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:49.828505993 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828558922 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828820944 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828860044 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828891039 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828916073 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828942060 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:49.828968048 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:51.933262110 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:51.934206963 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:51.986439943 CEST	587	49778	193.32.232.10	192.168.2.3
May 12, 2021 22:39:51.986557961 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:51.987149000 CEST	49778	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.067801952 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.118556023 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.118736029 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.201212883 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.201488018 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.252479076 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.252757072 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.306229115 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.306785107 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.373933077 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.373996973 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.374030113 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.374090910 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.376847982 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.428185940 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.430008888 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.481003046 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.481663942 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.532856941 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.534423113 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.596388102 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.597404003 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.648232937 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.649471045 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.739875078 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.892400026 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.893002033 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.943763018 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.945211887 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.945487022 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.945772886 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.946326017 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.946604967 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.946882963 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.947087049 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.947343111 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:52.995930910 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.995975971 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.996304035 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.997445107 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.997474909 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.997862101 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.997931004 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:52.998096943 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.006798983 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.008318901 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.059894085 CEST	587	49779	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.060012102 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.061041117 CEST	49779	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.143033028 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.193784952 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.193914890 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.288948059 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.289232969 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.340248108 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.340534925 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.393441916 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.394186020 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.461008072 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.461061954 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.461095095 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.461209059 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.464138985 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.515408039 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.518538952 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.569648027 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.570945024 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.622268915 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.623807907 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.678011894 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.679004908 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.730031013 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.731106997 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.814512014 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.815752029 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.866734028 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.868436098 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.868799925 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.869309902 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.869613886 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.870165110 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.870446920 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.870721102 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.870959044 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:55.919297934 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.919406891 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.920018911 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.920417070 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.920823097 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.921268940 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.921371937 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:55.921564102 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.001188040 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.003693104 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.055650949 CEST	587	49780	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.055977106 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.063311100 CEST	49780	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.140178919 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.191118002 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.191276073 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.274290085 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.274861097 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.325934887 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.326565027 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.382201910 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.382669926 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.444700003 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.444745064 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.444776058 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.444906950 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.451431990 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.502813101 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.505415916 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.556518078 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.557801008 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.609121084 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.610606909 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.670273066 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.671366930 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.722359896 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.723304033 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.799598932 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.800898075 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.853008032 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.854417086 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.854837894 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.855294943 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.855953932 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.856251955 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.856491089 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.856709957 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.856921911 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:39:58.905335903 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.905546904 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.905987024 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.906661034 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.907028913 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.907181025 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.907376051 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:39:58.907656908 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:40:00.987339973 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:40:00.989510059 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.041482925 CEST	587	49781	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.042418957 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.043229103 CEST	49781	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.133249998 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.184300900 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.184444904 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.266908884 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.267385006 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.318660975 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.319211960 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.373903990 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.374752998 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.440182924 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.440239906 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.440274000 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.440402031 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.446594000 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.498056889 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.501216888 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.552151918 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.553349018 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.605248928 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.608263969 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.669775009 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.670905113 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.721797943 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.723818064 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.797974110 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.799144030 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.850120068 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.851541996 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.852052927 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.852396965 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.852705002 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.853022099 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.853295088 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.853542089 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.853811979 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:01.902582884 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.902626038 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.902954102 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.903367996 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.903630972 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.903836966 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.904115915 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:01.904551029 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.287494898 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.289596081 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.341739893 CEST	587	49782	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.341823101 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.343017101 CEST	49782	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.449810028 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.501023054 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.501174927 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.583982944 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.584485054 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.636044025 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.636786938 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.691268921 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.691972971 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.767226934 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.767287016 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.767322063 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.767502069 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.773694992 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.825303078 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.828949928 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.880224943 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.881582022 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.933286905 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.934390068 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:04.992137909 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:04.993638992 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.045010090 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.046340942 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.121845007 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.142030001 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.193094015 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.194690943 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.195049047 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.195343971 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.195652962 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.195991993 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.196249962 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.196480989 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.196736097 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:05.245894909 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.245944023 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.246252060 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.246438026 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.246846914 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.247097969 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.247277975 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:05.247561932 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.280035019 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.282205105 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.334101915 CEST	587	49783	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.334297895 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.337018013 CEST	49783	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.436748981 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.487565041 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.487740040 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.555665970 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.556175947 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.607218981 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.610018015 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.664122105 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.664887905 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.733078957 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.733102083 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.733115911 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.733303070 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.739521027 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.791577101 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.795181990 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.846302986 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.847651958 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.899080038 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.900976896 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:07.961285114 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:07.962637901 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.013704062 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.015075922 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.090245962 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.091454029 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.142395973 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.144359112 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.144752979 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.145380974 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.146430969 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.147121906 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.147587061 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.147886038 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.148159981 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:08.197222948 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.197269917 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.197936058 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.198393106 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.199429989 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.199459076 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.199486971 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:08.200550079 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.244981050 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.245860100 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.299257040 CEST	587	49784	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.299375057 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.299657106 CEST	49784	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.299885988 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.352797985 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.352915049 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.449016094 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.449266911 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.500260115 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.500489950 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.554462910 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.554807901 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.623584032 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.623625994 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.623663902 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.623733997 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.626565933 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.677982092 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.678880930 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.729867935 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.730127096 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.782174110 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.782603979 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.842328072 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.842571020 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.893534899 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.893832922 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:10.979760885 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:10.980012894 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.030908108 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.031418085 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031493902 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031542063 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031625986 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031707048 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031728029 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031781912 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.031799078 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:11.082323074 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082345963 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082362890 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082376003 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082387924 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082398891 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082411051 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:11.082418919 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.175390005 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.176084042 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.228626966 CEST	587	49785	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.228738070 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.229286909 CEST	49785	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.230531931 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.281558037 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.281887054 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.378196001 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.378406048 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.429666996 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.429955006 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.483539104 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.483944893 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.552380085 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.552424908 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.552448988 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.552577019 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.555805922 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.607258081 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.608671904 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.659672022 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.660041094 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.712965012 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.713413000 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.771347046 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.771903038 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.822851896 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.823229074 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.898042917 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.898412943 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.949301958 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:13.949901104 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950037956 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950237036 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950254917 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950397968 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950412035 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950472116 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:13.950479984 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:14.000853062 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.000900984 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.000926971 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.000952005 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.001020908 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.001051903 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.001077890 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:14.001104116 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.117039919 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.118725061 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.171397924 CEST	587	49786	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.171492100 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.171863079 CEST	49786	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.172334909 CEST	49787	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.223299026 CEST	587	49787	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.223594904 CEST	49787	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.292247057 CEST	587	49787	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.292386055 CEST	49787	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.343879938 CEST	587	49787	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.345164061 CEST	49787	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.399250031 CEST	587	49787	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.399638891 CEST	49787	587	192.168.2.3	193.32.232.10
May 12, 2021 22:40:16.468764067 CEST	587	49787	193.32.232.10	192.168.2.3
May 12, 2021 22:40:16.468811035 CEST	587	49787	193.32.232.10	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 22:37:58.213320971 CEST	55984	53	192.168.2.3	8.8.8.8
May 12, 2021 22:37:58.273494959 CEST	53	55984	8.8.8.8	192.168.2.3
May 12, 2021 22:37:58.413022041 CEST	64185	53	192.168.2.3	8.8.8.8
May 12, 2021 22:37:58.471400976 CEST	53	64185	8.8.8.8	192.168.2.3
May 12, 2021 22:37:59.252942085 CEST	65110	53	192.168.2.3	8.8.8.8
May 12, 2021 22:37:59.304204941 CEST	53	65110	8.8.8.8	192.168.2.3
May 12, 2021 22:38:00.336466074 CEST	58361	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:00.397910118 CEST	53	58361	8.8.8.8	192.168.2.3
May 12, 2021 22:38:01.446651936 CEST	63492	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:01.495640039 CEST	53	63492	8.8.8.8	192.168.2.3
May 12, 2021 22:38:02.757764101 CEST	60831	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:02.809500933 CEST	53	60831	8.8.8.8	192.168.2.3
May 12, 2021 22:38:04.137573004 CEST	60100	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:04.194076061 CEST	53	60100	8.8.8.8	192.168.2.3
May 12, 2021 22:38:04.949498892 CEST	53195	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:05.002468109 CEST	53	53195	8.8.8.8	192.168.2.3
May 12, 2021 22:38:06.051246881 CEST	50141	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:06.131366968 CEST	53	50141	8.8.8.8	192.168.2.3
May 12, 2021 22:38:06.949109077 CEST	53023	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:07.002259016 CEST	53	53023	8.8.8.8	192.168.2.3
May 12, 2021 22:38:08.083487034 CEST	49563	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:08.141014099 CEST	53	49563	8.8.8.8	192.168.2.3
May 12, 2021 22:38:09.442200899 CEST	51352	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:09.491264105 CEST	53	51352	8.8.8.8	192.168.2.3
May 12, 2021 22:38:11.372591019 CEST	59349	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:11.421771049 CEST	53	59349	8.8.8.8	192.168.2.3
May 12, 2021 22:38:12.450375080 CEST	57084	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:12.499358892 CEST	53	57084	8.8.8.8	192.168.2.3
May 12, 2021 22:38:13.403558969 CEST	58823	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:13.455456972 CEST	53	58823	8.8.8.8	192.168.2.3
May 12, 2021 22:38:14.520730019 CEST	57568	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:14.578058958 CEST	53	57568	8.8.8.8	192.168.2.3
May 12, 2021 22:38:15.329224110 CEST	50540	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:15.378103018 CEST	53	50540	8.8.8.8	192.168.2.3
May 12, 2021 22:38:16.629599094 CEST	54366	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:16.681246042 CEST	53	54366	8.8.8.8	192.168.2.3
May 12, 2021 22:38:16.815216064 CEST	53034	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:16.865921021 CEST	53	53034	8.8.8.8	192.168.2.3
May 12, 2021 22:38:16.884315968 CEST	57762	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:16.933489084 CEST	53	57762	8.8.8.8	192.168.2.3
May 12, 2021 22:38:17.445800066 CEST	55435	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:17.494831085 CEST	53	55435	8.8.8.8	192.168.2.3
May 12, 2021 22:38:20.313523054 CEST	50713	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:20.373222113 CEST	53	50713	8.8.8.8	192.168.2.3
May 12, 2021 22:38:25.605627060 CEST	56132	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:25.680619001 CEST	53	56132	8.8.8.8	192.168.2.3
May 12, 2021 22:38:28.907752991 CEST	58987	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:28.982994080 CEST	53	58987	8.8.8.8	192.168.2.3
May 12, 2021 22:38:31.068948030 CEST	56579	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:31.128180981 CEST	53	56579	8.8.8.8	192.168.2.3
May 12, 2021 22:38:31.971414089 CEST	60633	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:32.028805017 CEST	53	60633	8.8.8.8	192.168.2.3
May 12, 2021 22:38:35.166553020 CEST	61292	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:35.224009037 CEST	53	61292	8.8.8.8	192.168.2.3
May 12, 2021 22:38:35.247884035 CEST	63619	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:35.324811935 CEST	53	63619	8.8.8.8	192.168.2.3
May 12, 2021 22:38:38.640727997 CEST	64938	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:38.697876930 CEST	53	64938	8.8.8.8	192.168.2.3
May 12, 2021 22:38:43.419976950 CEST	61946	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:43.477114916 CEST	53	61946	8.8.8.8	192.168.2.3
May 12, 2021 22:38:44.685746908 CEST	64910	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:44.749908924 CEST	53	64910	8.8.8.8	192.168.2.3
May 12, 2021 22:38:46.559391975 CEST	52123	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:46.621087074 CEST	53	52123	8.8.8.8	192.168.2.3
May 12, 2021 22:38:49.622297049 CEST	56130	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:49.679780006 CEST	53	56130	8.8.8.8	192.168.2.3
May 12, 2021 22:38:52.820677996 CEST	56338	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:52.870800972 CEST	53	56338	8.8.8.8	192.168.2.3
May 12, 2021 22:38:54.448149920 CEST	59420	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:54.497184992 CEST	53	59420	8.8.8.8	192.168.2.3
May 12, 2021 22:38:55.897001028 CEST	58784	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:55.954440117 CEST	53	58784	8.8.8.8	192.168.2.3
May 12, 2021 22:38:59.266124964 CEST	63978	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:59.338529110 CEST	53	63978	8.8.8.8	192.168.2.3
May 12, 2021 22:38:59.398322105 CEST	62938	53	192.168.2.3	8.8.8.8
May 12, 2021 22:38:59.457496881 CEST	53	62938	8.8.8.8	192.168.2.3
May 12, 2021 22:39:02.457098007 CEST	55708	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:02.507409096 CEST	53	55708	8.8.8.8	192.168.2.3
May 12, 2021 22:39:05.432210922 CEST	56803	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:05.489253998 CEST	53	56803	8.8.8.8	192.168.2.3
May 12, 2021 22:39:06.898775101 CEST	57145	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:06.964095116 CEST	53	57145	8.8.8.8	192.168.2.3
May 12, 2021 22:39:08.430386066 CEST	55359	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:08.488847017 CEST	53	55359	8.8.8.8	192.168.2.3
May 12, 2021 22:39:10.884529114 CEST	58306	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:10.946517944 CEST	53	58306	8.8.8.8	192.168.2.3
May 12, 2021 22:39:11.530456066 CEST	64124	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:11.588121891 CEST	53	64124	8.8.8.8	192.168.2.3
May 12, 2021 22:39:14.703941107 CEST	49361	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:14.762492895 CEST	53	49361	8.8.8.8	192.168.2.3
May 12, 2021 22:39:17.914963007 CEST	63150	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:17.974919081 CEST	53	63150	8.8.8.8	192.168.2.3
May 12, 2021 22:39:21.034949064 CEST	53279	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:21.083796024 CEST	53	53279	8.8.8.8	192.168.2.3
May 12, 2021 22:39:24.059741020 CEST	56881	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:24.112306118 CEST	53	56881	8.8.8.8	192.168.2.3
May 12, 2021 22:39:27.093197107 CEST	53642	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:27.169698954 CEST	53	53642	8.8.8.8	192.168.2.3
May 12, 2021 22:39:30.150273085 CEST	55667	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:30.199141979 CEST	53	55667	8.8.8.8	192.168.2.3
May 12, 2021 22:39:33.218732119 CEST	54833	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:33.278842926 CEST	53	54833	8.8.8.8	192.168.2.3
May 12, 2021 22:39:36.183789968 CEST	62476	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:36.244046926 CEST	53	62476	8.8.8.8	192.168.2.3
May 12, 2021 22:39:39.161453009 CEST	49705	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:39.218348026 CEST	53	49705	8.8.8.8	192.168.2.3
May 12, 2021 22:39:41.990964890 CEST	61477	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:42.058876038 CEST	53	61477	8.8.8.8	192.168.2.3
May 12, 2021 22:39:42.126431942 CEST	61633	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:42.174977064 CEST	53	61633	8.8.8.8	192.168.2.3
May 12, 2021 22:39:43.538593054 CEST	55949	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:43.597984076 CEST	53	55949	8.8.8.8	192.168.2.3
May 12, 2021 22:39:45.227268934 CEST	57601	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:45.284483910 CEST	53	57601	8.8.8.8	192.168.2.3
May 12, 2021 22:39:49.036335945 CEST	49342	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:49.087858915 CEST	53	49342	8.8.8.8	192.168.2.3
May 12, 2021 22:39:52.017132998 CEST	56253	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:52.066236019 CEST	53	56253	8.8.8.8	192.168.2.3
May 12, 2021 22:39:55.092850924 CEST	49667	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:55.141856909 CEST	53	49667	8.8.8.8	192.168.2.3
May 12, 2021 22:39:58.089673042 CEST	55439	53	192.168.2.3	8.8.8.8
May 12, 2021 22:39:58.138381958 CEST	53	55439	8.8.8.8	192.168.2.3
May 12, 2021 22:40:01.081578016 CEST	57069	53	192.168.2.3	8.8.8.8
May 12, 2021 22:40:01.130450010 CEST	53	57069	8.8.8.8	192.168.2.3
May 12, 2021 22:40:04.389478922 CEST	57659	53	192.168.2.3	8.8.8.8
May 12, 2021 22:40:04.446754932 CEST	53	57659	8.8.8.8	192.168.2.3
May 12, 2021 22:40:07.376486063 CEST	54717	53	192.168.2.3	8.8.8.8
May 12, 2021 22:40:07.433969975 CEST	53	54717	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 12, 2021 22:38:16.815216064 CEST	192.168.2.3	8.8.8.8	0x5d66	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.884315968 CEST	192.168.2.3	8.8.8.8	0x1a54	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)
May 12, 2021 22:38:20.313523054 CEST	192.168.2.3	8.8.8.8	0x826c	Standard query (0)	freegeoip.app	A (IP address)	IN (0x0001)
May 12, 2021 22:38:25.605627060 CEST	192.168.2.3	8.8.8.8	0xbc4f	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:28.907752991 CEST	192.168.2.3	8.8.8.8	0x121a	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:31.971414089 CEST	192.168.2.3	8.8.8.8	0x6249	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:35.166553020 CEST	192.168.2.3	8.8.8.8	0xf492	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:38.640727997 CEST	192.168.2.3	8.8.8.8	0xbcbb	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:43.419976950 CEST	192.168.2.3	8.8.8.8	0xc95c	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:46.559391975 CEST	192.168.2.3	8.8.8.8	0xf58d	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:49.622297049 CEST	192.168.2.3	8.8.8.8	0x842a	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:52.820677996 CEST	192.168.2.3	8.8.8.8	0x9bb5	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:55.897001028 CEST	192.168.2.3	8.8.8.8	0x9437	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:38:59.398322105 CEST	192.168.2.3	8.8.8.8	0xdefd	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:02.457098007 CEST	192.168.2.3	8.8.8.8	0xfbde	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:05.432210922 CEST	192.168.2.3	8.8.8.8	0x9b57	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:08.430386066 CEST	192.168.2.3	8.8.8.8	0xdac0	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:11.530456066 CEST	192.168.2.3	8.8.8.8	0x3eed	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:14.703941107 CEST	192.168.2.3	8.8.8.8	0xb8e2	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:17.914963007 CEST	192.168.2.3	8.8.8.8	0x6f9	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:21.034949064 CEST	192.168.2.3	8.8.8.8	0xec0c	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:24.059741020 CEST	192.168.2.3	8.8.8.8	0xc16c	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:27.093197107 CEST	192.168.2.3	8.8.8.8	0xfb52	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:30.150273085 CEST	192.168.2.3	8.8.8.8	0x4c0d	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:33.218732119 CEST	192.168.2.3	8.8.8.8	0x5b88	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:36.183789968 CEST	192.168.2.3	8.8.8.8	0x1d14	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:39.161453009 CEST	192.168.2.3	8.8.8.8	0x1aa4	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:42.126431942 CEST	192.168.2.3	8.8.8.8	0xb033	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:45.227268934 CEST	192.168.2.3	8.8.8.8	0x941b	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:49.036335945 CEST	192.168.2.3	8.8.8.8	0x31d7	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:52.017132998 CEST	192.168.2.3	8.8.8.8	0x1f18	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:55.092850924 CEST	192.168.2.3	8.8.8.8	0xceb3	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:39:58.089673042 CEST	192.168.2.3	8.8.8.8	0x388c	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:40:01.081578016 CEST	192.168.2.3	8.8.8.8	0x6513	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:40:04.389478922 CEST	192.168.2.3	8.8.8.8	0xdd97	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)
May 12, 2021 22:40:07.376486063 CEST	192.168.2.3	8.8.8.8	0x17b1	Standard query (0)	kerekesfoto.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.865921021 CEST	8.8.8.8	192.168.2.3	0x5d66	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.com		216.146.43.71	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.com		131.186.113.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.com		162.88.193.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.com		131.186.161.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:16.933489084 CEST	8.8.8.8	192.168.2.3	0x1a54	No error (0)	checkip.dyndns.com		216.146.43.70	A (IP address)	IN (0x0001)
May 12, 2021 22:38:20.373222113 CEST	8.8.8.8	192.168.2.3	0x826c	No error (0)	freegeoip.app		104.21.19.200	A (IP address)	IN (0x0001)
May 12, 2021 22:38:20.373222113 CEST	8.8.8.8	192.168.2.3	0x826c	No error (0)	freegeoip.app		172.67.188.154	A (IP address)	IN (0x0001)
May 12, 2021 22:38:25.680619001 CEST	8.8.8.8	192.168.2.3	0xbc4f	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:28.982994080 CEST	8.8.8.8	192.168.2.3	0x121a	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:32.028805017 CEST	8.8.8.8	192.168.2.3	0x6249	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:35.224009037 CEST	8.8.8.8	192.168.2.3	0xf492	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:38.697876930 CEST	8.8.8.8	192.168.2.3	0xbcbb	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:43.477114916 CEST	8.8.8.8	192.168.2.3	0xc95c	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:46.621087074 CEST	8.8.8.8	192.168.2.3	0xf58d	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:49.679780006 CEST	8.8.8.8	192.168.2.3	0x842a	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:52.870800972 CEST	8.8.8.8	192.168.2.3	0x9bb5	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:55.954440117 CEST	8.8.8.8	192.168.2.3	0x9437	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:38:59.457496881 CEST	8.8.8.8	192.168.2.3	0xdefd	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:02.507409096 CEST	8.8.8.8	192.168.2.3	0xfbde	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:05.489253998 CEST	8.8.8.8	192.168.2.3	0x9b57	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:08.488847017 CEST	8.8.8.8	192.168.2.3	0xdac0	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:11.588121891 CEST	8.8.8.8	192.168.2.3	0x3eed	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:14.762492895 CEST	8.8.8.8	192.168.2.3	0xb8e2	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:17.974919081 CEST	8.8.8.8	192.168.2.3	0x6f9	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:21.083796024 CEST	8.8.8.8	192.168.2.3	0xec0c	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:24.112306118 CEST	8.8.8.8	192.168.2.3	0xc16c	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:27.169698954 CEST	8.8.8.8	192.168.2.3	0xfb52	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:30.199141979 CEST	8.8.8.8	192.168.2.3	0x4c0d	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:33.278842926 CEST	8.8.8.8	192.168.2.3	0x5b88	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:36.244046926 CEST	8.8.8.8	192.168.2.3	0x1d14	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:39.218348026 CEST	8.8.8.8	192.168.2.3	0x1aa4	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:42.174977064 CEST	8.8.8.8	192.168.2.3	0xb033	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:45.284483910 CEST	8.8.8.8	192.168.2.3	0x941b	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:49.087858915 CEST	8.8.8.8	192.168.2.3	0x31d7	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:52.066236019 CEST	8.8.8.8	192.168.2.3	0x1f18	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:55.141856909 CEST	8.8.8.8	192.168.2.3	0xceb3	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:39:58.138381958 CEST	8.8.8.8	192.168.2.3	0x388c	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:40:01.130450010 CEST	8.8.8.8	192.168.2.3	0x6513	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:40:04.446754932 CEST	8.8.8.8	192.168.2.3	0xdd97	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)
May 12, 2021 22:40:07.433969975 CEST	8.8.8.8	192.168.2.3	0x17b1	No error (0)	kerekesfoto.com		193.32.232.10	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49726	216.146.43.71	80	C:\Users\user\Desktop\Purchase Order_12052021.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 22:38:17.019448996 CEST	1295	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
May 12, 2021 22:38:17.079794884 CEST	1298	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.78</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49727	216.146.43.71	80	C:\Users\user\Desktop\Purchase Order_12052021.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 22:38:17.457448006 CEST	1303	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 12, 2021 22:38:17.517930984 CEST	1304	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.78</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49730	216.146.43.71	80	C:\Users\user\Desktop\Purchase Order_12052021.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 22:38:21.800576925 CEST	1322	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 12, 2021 22:38:21.869155884 CEST	1323	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.78</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49731	216.146.43.71	80	C:\Users\user\Desktop\Purchase Order_12052021.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 22:38:22.049122095 CEST	1325	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 12, 2021 22:38:22.109713078 CEST	1325	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.78</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49732	216.146.43.71	80	C:\Users\user\Desktop\Purchase Order_12052021.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 22:38:22.287869930 CEST	1327	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
May 12, 2021 22:38:22.348305941 CEST	1328	IN	HTTP/1.1 200 OK Content-Type: text/html Server: DynDNS-CheckIP/1.0.1 Connection: close Cache-Control: no-cache Pragma: no-cache Content-Length: 103 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 37 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.78</body></html>

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 12, 2021 22:38:20.511599064 CEST	104.21.19.200	443	192.168.2.3	49729	CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Aug 10 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020	Tue Aug 10 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025	769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0	54328bd36c14bd82ddaa0c04b25ed9ad
May 12, 2021 22:38:20.511599064 CEST	104.21.19.200	443	192.168.2.3	49729	CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Mon Jan 27 13:48:08 CET 2020	Wed Jan 01 00:59:59 CET 2025		54328bd36c14bd82ddaa0c04b25ed9ad

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
May 12, 2021 22:38:25.888634920 CEST	587	49733	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:25 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:25.888964891 CEST	49733	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:25.940056086 CEST	587	49733	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:25.940434933 CEST	49733	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:25.994430065 CEST	587	49733	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:29.132107973 CEST	587	49734	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:29 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:29.132386923 CEST	49734	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:29.183377028 CEST	587	49734	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:29.183686018 CEST	49734	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:29.236675978 CEST	587	49734	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:32.197485924 CEST	587	49738	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:32 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:32.197793961 CEST	49738	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:32.251027107 CEST	587	49738	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:32.251337051 CEST	49738	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:32.305463076 CEST	587	49738	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:35.409621954 CEST	587	49741	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:35 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:35.410235882 CEST	49741	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:35.461461067 CEST	587	49741	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:35.465526104 CEST	49741	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:35.519682884 CEST	587	49741	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:38.952658892 CEST	587	49743	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:38 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:39.633022070 CEST	49743	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:39.684560061 CEST	587	49743	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:39.695327044 CEST	49743	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:39.749614954 CEST	587	49743	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:43.651684999 CEST	587	49744	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:43 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:43.653548002 CEST	49744	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:43.704747915 CEST	587	49744	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:43.704968929 CEST	49744	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:43.758624077 CEST	587	49744	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:46.768477917 CEST	587	49746	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:46 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:46.768723965 CEST	49746	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:46.819967031 CEST	587	49746	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:46.820465088 CEST	49746	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:46.874376059 CEST	587	49746	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:49.828669071 CEST	587	49747	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:49 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:49.828953981 CEST	49747	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:49.880079985 CEST	587	49747	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:49.880336046 CEST	49747	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:49.934228897 CEST	587	49747	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:53.038117886 CEST	587	49748	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:53 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:53.038378000 CEST	49748	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:53.089189053 CEST	587	49748	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:53.089417934 CEST	49748	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:53.143671989 CEST	587	49748	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:56.103802919 CEST	587	49750	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:56 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:56.104031086 CEST	49750	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:56.154942989 CEST	587	49750	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:56.155219078 CEST	49750	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:56.207966089 CEST	587	49750	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:38:59.609776020 CEST	587	49752	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:38:59 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:38:59.610115051 CEST	49752	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:38:59.662581921 CEST	587	49752	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:38:59.662812948 CEST	49752	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:38:59.719470024 CEST	587	49752	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:02.657814980 CEST	587	49753	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:02 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:02.658160925 CEST	49753	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:02.710290909 CEST	587	49753	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:02.714019060 CEST	49753	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:02.766189098 CEST	587	49753	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:05.641846895 CEST	587	49754	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:05 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:05.642152071 CEST	49754	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:05.695974112 CEST	587	49754	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:05.696294069 CEST	49754	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:05.751768112 CEST	587	49754	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:08.637576103 CEST	587	49758	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:08 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:08.637857914 CEST	49758	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:08.689131021 CEST	587	49758	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:08.689454079 CEST	49758	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:08.742544889 CEST	587	49758	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:11.723929882 CEST	587	49764	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:11 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:11.724150896 CEST	49764	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:11.777328968 CEST	587	49764	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:11.777564049 CEST	49764	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:11.831804991 CEST	587	49764	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:14.937293053 CEST	587	49765	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:14 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:14.937505007 CEST	49765	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:14.989166975 CEST	587	49765	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:14.989521027 CEST	49765	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:15.043912888 CEST	587	49765	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:18.134459972 CEST	587	49766	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:18 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:18.134676933 CEST	49766	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:18.185771942 CEST	587	49766	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:18.186606884 CEST	49766	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:18.241451025 CEST	587	49766	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:21.235661030 CEST	587	49767	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:21 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:21.235918999 CEST	49767	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:21.286895037 CEST	587	49767	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:21.287137985 CEST	49767	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:21.342760086 CEST	587	49767	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:24.248783112 CEST	587	49768	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:24 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:24.249223948 CEST	49768	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:24.300992012 CEST	587	49768	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:24.301321030 CEST	49768	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:24.355427980 CEST	587	49768	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:27.319574118 CEST	587	49769	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:27 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:27.320009947 CEST	49769	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:27.371115923 CEST	587	49769	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:27.371406078 CEST	49769	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:27.424992085 CEST	587	49769	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:30.373985052 CEST	587	49770	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:30 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:30.374295950 CEST	49770	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:30.425327063 CEST	587	49770	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:30.425825119 CEST	49770	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:30.480844021 CEST	587	49770	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:33.429408073 CEST	587	49771	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:33 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:33.429811001 CEST	49771	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:33.480855942 CEST	587	49771	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:33.481534958 CEST	49771	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:33.535408974 CEST	587	49771	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:36.366501093 CEST	587	49772	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:36 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:36.367079973 CEST	49772	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:36.420277119 CEST	587	49772	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:36.420774937 CEST	49772	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:36.474345922 CEST	587	49772	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:39.355858088 CEST	587	49773	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:39 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:39.356250048 CEST	49773	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:39.407392979 CEST	587	49773	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:39.407771111 CEST	49773	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:39.460494041 CEST	587	49773	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:42.323086977 CEST	587	49775	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:42 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:42.323323011 CEST	49775	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:42.374231100 CEST	587	49775	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:42.374475002 CEST	49775	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:42.428234100 CEST	587	49775	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:45.408426046 CEST	587	49777	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:45 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:45.478759050 CEST	49777	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:45.529841900 CEST	587	49777	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:46.301451921 CEST	49777	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:46.354165077 CEST	587	49777	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:49.210824966 CEST	587	49778	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:49 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:49.211108923 CEST	49778	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:49.263716936 CEST	587	49778	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:49.263982058 CEST	49778	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:49.317442894 CEST	587	49778	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:52.201212883 CEST	587	49779	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:52 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:52.201488018 CEST	49779	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:52.252479076 CEST	587	49779	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:52.252757072 CEST	49779	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:52.306229115 CEST	587	49779	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:55.288948059 CEST	587	49780	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:55 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:55.289232969 CEST	49780	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:55.340248108 CEST	587	49780	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:55.340534925 CEST	49780	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:55.393441916 CEST	587	49780	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:39:58.274290085 CEST	587	49781	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:39:58 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:39:58.274861097 CEST	49781	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:39:58.325934887 CEST	587	49781	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:39:58.326565027 CEST	49781	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:39:58.382201910 CEST	587	49781	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:01.266908884 CEST	587	49782	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:01 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:01.267385006 CEST	49782	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:01.318660975 CEST	587	49782	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:01.319211960 CEST	49782	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:01.373903990 CEST	587	49782	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:04.583982944 CEST	587	49783	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:04 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:04.584485054 CEST	49783	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:04.636044025 CEST	587	49783	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:04.636786938 CEST	49783	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:04.691268921 CEST	587	49783	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:07.555665970 CEST	587	49784	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:07 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:07.556175947 CEST	49784	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:07.607218981 CEST	587	49784	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:07.610018015 CEST	49784	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:07.664122105 CEST	587	49784	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:10.449016094 CEST	587	49785	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:10 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:10.449266911 CEST	49785	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:10.500260115 CEST	587	49785	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:10.500489950 CEST	49785	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:10.554462910 CEST	587	49785	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:13.378196001 CEST	587	49786	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:13 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:13.378406048 CEST	49786	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:13.429666996 CEST	587	49786	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:13.429955006 CEST	49786	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:13.483539104 CEST	587	49786	193.32.232.10	192.168.2.3	220 TLS go ahead
May 12, 2021 22:40:16.292247057 CEST	587	49787	193.32.232.10	192.168.2.3	220-s16.tarhely.com ESMTP Exim 4.94.2 #2 Wed, 12 May 2021 22:40:16 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
May 12, 2021 22:40:16.292386055 CEST	49787	587	192.168.2.3	193.32.232.10	EHLO 114127
May 12, 2021 22:40:16.343879938 CEST	587	49787	193.32.232.10	192.168.2.3	250-s16.tarhely.com Hello 114127 [84.17.52.78] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
May 12, 2021 22:40:16.345164061 CEST	49787	587	192.168.2.3	193.32.232.10	STARTTLS
May 12, 2021 22:40:16.399250031 CEST	587	49787	193.32.232.10	192.168.2.3	220 TLS go ahead

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Purchase Order_12052021.exe PID: 3560 Parent PID: 5640

General

Start time:	22:38:04
Start date:	12/05/2021
Path:	C:\Users\user\Desktop\Purchase Order_12052021.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\Purchase Order_12052021.exe'
Imagebase:	0x3b0000
File size:	1000448 bytes
MD5 hash:	B7394CCC239F48EB4A041F1C0FB92D92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.219914273.0000000002864000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000000.00000002.222285515.0000000003864000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: Purchase Order_12052021.exe PID: 404 Parent PID: 3560

General

Start time:	22:38:12
Start date:	12/05/2021
Path:	C:\Users\user\Desktop\Purchase Order_12052021.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\Purchase Order_12052021.exe
Imagebase:	0x310000
File size:	1000448 bytes
MD5 hash:	B7394CCC239F48EB4A041F1C0FB92D92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: Purchase Order_12052021.exe PID: 2792 Parent PID: 3560

General

Start time:	22:38:13
Start date:	12/05/2021
Path:	C:\Users\user\Desktop\Purchase Order_12052021.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\Purchase Order_12052021.exe
Imagebase:	0x960000
File size:	1000448 bytes
MD5 hash:	B7394CCC239F48EB4A041F1C0FB92D92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.470992091.0000000002DC1000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_2, Description: Yara detected AgentTesla, Source: 00000003.00000002.467511051.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: Purchase Order_12052021.exe PID: 3560 Parent PID: 5640 Purchase Order_12052021.exeCOMMON

Executed Functions

Function 00B3BEC0, Relevance: 4.0, Strings: 3, Instructions: 262COMMON

Download Yara Rule

Strings

+y+V, xrefs: 00B3BFE6
3e4!, xrefs: 00B3C277
+y+V, xrefs: 00B3BFDF

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: +y+V$+y+V$3e4!
API String ID: 0-449749765
Opcode ID: a93bd022a2af918f256d2ce2a3558999826feef4647a85e6947a7a010d8fc0ed
Instruction ID: 8a797077f214423bf6abe208556874365e2b1c890ba2d5b63627fae83e831420
Opcode Fuzzy Hash: a93bd022a2af918f256d2ce2a3558999826feef4647a85e6947a7a010d8fc0ed
Instruction Fuzzy Hash: 10B10274D05218CBCB18DFE5D880AEDBBF2FB89304F2098A9D009BB258DB359945CF24

Uniqueness

Uniqueness Score: -1.00%

Function 00B3B558, Relevance: 3.9, Strings: 3, Instructions: 133COMMON

Download Yara Rule

Strings

Jizz, xrefs: 00B3B6C6
+kG^, xrefs: 00B3B5AE
+kG^, xrefs: 00B3B6C9

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: +kG^$+kG^$Jizz
API String ID: 0-1253777015
Opcode ID: b35dc514a4bf7210515c220fe3b03c7da1e5024b15b749dab7c571a47a1c9060
Instruction ID: 282ef65f26ac622506c16378a6a84f7256e40e6e046622a91ec30bd7a6e4997d
Opcode Fuzzy Hash: b35dc514a4bf7210515c220fe3b03c7da1e5024b15b749dab7c571a47a1c9060
Instruction Fuzzy Hash: 5D510375E10619CBCB14DFE9C8905DDFBB6FF89304F20862AD509AB218EB30A942CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00B31655, Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00B3176C

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 3bb9655249a1a1908bf3e6ffe09ff34df895973c1b0f24f3831fa2b6b70d3ba3
Instruction ID: 006650a06fd0b8b31ca6c6a0e980f17c25046ea65ec69a70b2112f9423a4311d
Opcode Fuzzy Hash: 3bb9655249a1a1908bf3e6ffe09ff34df895973c1b0f24f3831fa2b6b70d3ba3
Instruction Fuzzy Hash: 815135B5D092988FCB01CFA9D4846DDFFF0AF0A314F18819AD450BB252D338AA46CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00B316D0, Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

CheckRemoteDebuggerPresent.KERNELBASE(?,?), ref: 00B3176C

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: CheckDebuggerPresentRemote
String ID:
API String ID: 3662101638-0
Opcode ID: 5bc5808394aee8b12eab545cce9431d6fe3353c96a8cff0c323d35aa109d1641
Instruction ID: aa71fae03e0bcf5ad9a162df120055b53058a575ee6ff98685efea8478a42441
Opcode Fuzzy Hash: 5bc5808394aee8b12eab545cce9431d6fe3353c96a8cff0c323d35aa109d1641
Instruction Fuzzy Hash: 2941BCB9D04258DFCB10CFA9D484AEEFBF4AF09310F14946AE415B7250D778AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00B304E2, Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

<, xrefs: 00B30601

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: d6137e5e475c7995ebbbc44ba3f4e52dad75fcd8d9c247b6f35bebbb95cb5efe
Instruction ID: 299dda85b94fa82b93ba5a105beb5cd48107998854221469edba0b56386dc7d1
Opcode Fuzzy Hash: d6137e5e475c7995ebbbc44ba3f4e52dad75fcd8d9c247b6f35bebbb95cb5efe
Instruction Fuzzy Hash: 8E51B375E04618DFDB58CFAAC8506DDBBF2BF89300F14C0AAD519AB264EB305A85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 00B318F0, Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

5[:k, xrefs: 00B319C4

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: 5[:k
API String ID: 0-2039574647
Opcode ID: 3fe571cae8c8a5c957fd66bcb086c5d979115fed11fa8fb804f23c521d176985
Instruction ID: 4209cb55d8324495cad0efe79d7fbcc30293b4cb56174ddd755d1522eb7252aa
Opcode Fuzzy Hash: 3fe571cae8c8a5c957fd66bcb086c5d979115fed11fa8fb804f23c521d176985
Instruction Fuzzy Hash: 1141F171E056188FDB18DFAAD850B9EBBF7AFC9300F14C1AAD509A7254DB305A458F11

Uniqueness

Uniqueness Score: -1.00%

Function 00B3439B, Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b463969cb9d9fbb6c1ec54a19a0f5d3ad5343ae2fdbc18473e63186bcf19205e
Instruction ID: 7498f29616cf2c20bb7104359ad548cfd7fea9614bea51a4fb53fc7b113c694b
Opcode Fuzzy Hash: b463969cb9d9fbb6c1ec54a19a0f5d3ad5343ae2fdbc18473e63186bcf19205e
Instruction Fuzzy Hash: 2CF18C70E0924ADFCB04CFA9C48599EFBB2FF8A340F2594A9C415AB355D734A942CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00B344A0, Relevance: .3, Instructions: 308COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06cd7e977e5d10cb0e98b310fd479560950b266dafe38a1b00f7abc8add42da7
Instruction ID: 2e4670188a0cf5877c41389bab30db5441ab8f3da179045e7c7eb0d67609f53c
Opcode Fuzzy Hash: 06cd7e977e5d10cb0e98b310fd479560950b266dafe38a1b00f7abc8add42da7
Instruction Fuzzy Hash: FBD12974E0420ADFCB04CF99C4849AEFBB2FF89340F6585A9D416AB354D734AA42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00B323AE, Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c41bd2f4cec4794f7feaeead467ec37de6d2e4ff42bcd56fdab16909f827f7
Instruction ID: b12a4a7f966bc8286685c593d86872d7b4b1cc0006fac02627c5c02fdc69d35d
Opcode Fuzzy Hash: e6c41bd2f4cec4794f7feaeead467ec37de6d2e4ff42bcd56fdab16909f827f7
Instruction Fuzzy Hash: 90A11370E042588FDB08CFA9C8946EEBBB2FF89304F24856AD419AB365D7349906CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00B32411, Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20bf5f1ebaa20fff34e83f8a18184677dbbd41260801f79efbf8cdffb4f695c9
Instruction ID: bff2315578969fff05ab04481e24170f462d52979c91d1864958bc52c4581594
Opcode Fuzzy Hash: 20bf5f1ebaa20fff34e83f8a18184677dbbd41260801f79efbf8cdffb4f695c9
Instruction Fuzzy Hash: 6981D374E042198FDB08CFE9C894AADBBF2BF88300F24C56AD519AB364D7359946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00B32420, Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb521434044335ae282bd44bfdef4eab753f5da923d49b0838c80cb300612d54
Instruction ID: 08e041c97f437ef80ff932d64af4ddf05b7094bc09ad8fad87918db8e8ce3ea7
Opcode Fuzzy Hash: fb521434044335ae282bd44bfdef4eab753f5da923d49b0838c80cb300612d54
Instruction Fuzzy Hash: C881D174E002199FDB08CFE9C984AADBBF2BF88300F24842AD519AB364D7359905CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D4148, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47e260a04c1e42e0fad692c3c57f11ed2180b47f374aef29970a30c856f0884f
Instruction ID: b7f9bd8abbb3b0bf17f58fd414302d7c10e9620c018e8223aaf48592fd4bd0cb
Opcode Fuzzy Hash: 47e260a04c1e42e0fad692c3c57f11ed2180b47f374aef29970a30c856f0884f
Instruction Fuzzy Hash: 10713970E0521A8FCF08CFEAD5459EEFBB2BB89310F14D826D415B7254E7749A428FA4

Uniqueness

Uniqueness Score: -1.00%

Function 054D4137, Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e69157bc5792f5e8962d5e443474a8fff30f4318549f0811d09d542231e848c0
Instruction ID: 229c5902ebc13b1c2007f6e385c354e2879f5f23db9bc4ac171d6fbb00c5b076
Opcode Fuzzy Hash: e69157bc5792f5e8962d5e443474a8fff30f4318549f0811d09d542231e848c0
Instruction Fuzzy Hash: 1B714A74E0520A8FCB08CFEAD5459EEFBB2AF89310F14C866D415F7254E7749A428FA0

Uniqueness

Uniqueness Score: -1.00%

Function 054D8C59, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f5578e68b397e0b53fdec073dd84f1616117cf82137c8648071d7ffd9b240f5
Instruction ID: 66c5929093e80a69434001d923c780c47ae542fe20f2a728028be611c644a506
Opcode Fuzzy Hash: 8f5578e68b397e0b53fdec073dd84f1616117cf82137c8648071d7ffd9b240f5
Instruction Fuzzy Hash: F6711871D01219DBDB68CF65C844BEEFBB2BB88300F14C5AAD509A7254EB705A85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D8C68, Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28bc88d0049dba0f919d6cfcb402c1296378f9cddd6cff1dfd15146804be7e5
Instruction ID: fa0264614ac99ed2dd0e204cdef4c5c47acb6b1de08fd29ded3bc91ca4a90662
Opcode Fuzzy Hash: c28bc88d0049dba0f919d6cfcb402c1296378f9cddd6cff1dfd15146804be7e5
Instruction Fuzzy Hash: B0613971E05629CBDB68CF66C844BEEF7B6BF88300F10C5EAD509A7244EB705A858F50

Uniqueness

Uniqueness Score: -1.00%

Function 054D8E84, Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c57ddfc5caa2a870ae6038d491fc7c0e15b313f2cbc6d20cede3ebb339aadc1c
Instruction ID: b016ae24a0d222ebfc0ebb493ee2675d9f910ce197b5b843b9a5d87e58cb18c0
Opcode Fuzzy Hash: c57ddfc5caa2a870ae6038d491fc7c0e15b313f2cbc6d20cede3ebb339aadc1c
Instruction Fuzzy Hash: F9511775A1022ACFDB64CF65C884BEDF7B2BB98300F1086EAD509A7254E7709AC5CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D8EFA, Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6c40ae80899b3ea240b9eaf07b960654072f185b47f19b6ddfa03a9c99e690
Instruction ID: 7c224dcd03d1596e2254a833dd8d1ca076bf691a272fed150f82cec7b4301e67
Opcode Fuzzy Hash: 4d6c40ae80899b3ea240b9eaf07b960654072f185b47f19b6ddfa03a9c99e690
Instruction Fuzzy Hash: 8A510571A5122ACFDB64CF65C840BEDF7B2BB98300F1086EAD509A7244E7709AC5CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D8ED4, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8843289fd2a85c9a8597865b880a4e3ba6a4c9e22bafaae4b79726cb2ecf8bf8
Instruction ID: e4db779b1aebb7b400c5bcc214a8f3e65813346535b19522e7c7abd70ce910bb
Opcode Fuzzy Hash: 8843289fd2a85c9a8597865b880a4e3ba6a4c9e22bafaae4b79726cb2ecf8bf8
Instruction Fuzzy Hash: AD511771E5022ADFDB68CF65C840BEDF7B2BB98300F1086EAD509A7244E7705A85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D0006, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bec58a8b7579128cdd8df102997339341e35dc2e1ea143315738f7b4da03faaa
Instruction ID: 68de6dea9da6759f9508eeefb824a88a2d58457b8d8dc604eac090ac164e75c0
Opcode Fuzzy Hash: bec58a8b7579128cdd8df102997339341e35dc2e1ea143315738f7b4da03faaa
Instruction Fuzzy Hash: E05189B1D056588FDB59CF6BCD4469AFBF3BFC9200F14C1AA840DA7265EB340A858F51

Uniqueness

Uniqueness Score: -1.00%

Function 054D8E6B, Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc4eb52110a7af076a6c7a2b5bf0e41e1b7649cae422531a7ebcb07872575e3e
Instruction ID: 9c3c852d783870d2fbb1cd13dc160633d2a1c6c21b28bfe6fc99b3ffe44f9d39
Opcode Fuzzy Hash: cc4eb52110a7af076a6c7a2b5bf0e41e1b7649cae422531a7ebcb07872575e3e
Instruction Fuzzy Hash: 36511771E5022ADFDB68CF65C840BEDF7B2BB98300F1086EAD509A7244E7709A85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00B32B98, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4048da67e972ee13073d48f849b34a6b55c38aef65644669449eeaf915149e7
Instruction ID: 39fe266fb53078c80718dc434bb69e654859effe322869c3008990c6c938a4fa
Opcode Fuzzy Hash: a4048da67e972ee13073d48f849b34a6b55c38aef65644669449eeaf915149e7
Instruction Fuzzy Hash: 8151F974D05219DFCB08CFA6C8446AEFBF2FF88301F24D4AAD819A7265D7345941DB54

Uniqueness

Uniqueness Score: -1.00%

Function 054D8E5D, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77198b65318ccf68100f8b94f77af1866a7691e244033fa45e4cc29915fbceae
Instruction ID: f2f019a592cd26f22a59c96ac3e83c78918ea825ff68d2983c8b34c4ff12af15
Opcode Fuzzy Hash: 77198b65318ccf68100f8b94f77af1866a7691e244033fa45e4cc29915fbceae
Instruction Fuzzy Hash: 19512671E4022ACFDB68CF65C840BEDF7B2BB98300F1086EAD509A7240EB705A85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 054D0040, Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9acfdafa6c02c39d89dfd48031f541046ad979379f1cd12aaea1ecb9ed79fc1b
Instruction ID: 4361f60239962e88b1cbb2e0439fb985b910a9881c7de9174c9c8387c88e1e26
Opcode Fuzzy Hash: 9acfdafa6c02c39d89dfd48031f541046ad979379f1cd12aaea1ecb9ed79fc1b
Instruction Fuzzy Hash: 135148B5E056188BDB68CF6BDD4469EFBF7BFC8200F14C1AA850DA7215EB301A858F51

Uniqueness

Uniqueness Score: -1.00%

Function 00B33528, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba4055d89d1e17f1c6aeec1c3064867e63aa69a00daf07c64cbf2e68739d7993
Instruction ID: f1d44968977ea1d249cd015f5a541e3b3a2ef40026c19d225d78df0addc2e5c9
Opcode Fuzzy Hash: ba4055d89d1e17f1c6aeec1c3064867e63aa69a00daf07c64cbf2e68739d7993
Instruction Fuzzy Hash: 72311971E046188BDB18CFA6D8447DEFBF7AFC9310F14C16AD409A6264DB741A5ACF40

Uniqueness

Uniqueness Score: -1.00%

Function 04E93621, Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 04E93690
GetCurrentThread.KERNEL32 ref: 04E936CD
GetCurrentProcess.KERNEL32 ref: 04E9370A
GetCurrentThreadId.KERNEL32 ref: 04E93763

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 3c2822b252a1e433494603dfe4f65811b52cda72e771ae3b68d06fb8e5446120
Instruction ID: 121aaab602753ac24974c59e10715ff544e83db0ae60a241543c554a1f56640e
Opcode Fuzzy Hash: 3c2822b252a1e433494603dfe4f65811b52cda72e771ae3b68d06fb8e5446120
Instruction Fuzzy Hash: B95152B0E01249CFDB14CFA9C588BDEBBF1AF48314F248499E419A7391D774A844CB66

Uniqueness

Uniqueness Score: -1.00%

Function 04E93630, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 04E93690
GetCurrentThread.KERNEL32 ref: 04E936CD
GetCurrentProcess.KERNEL32 ref: 04E9370A
GetCurrentThreadId.KERNEL32 ref: 04E93763

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: 765641392310a815029b2227404975e233a1140c2559043d31bf435544532230
Instruction ID: b5e1db5ea0b58ec1606ddd19b7396b52044aa3bcb9a769c318aeedb49a75e5ab
Opcode Fuzzy Hash: 765641392310a815029b2227404975e233a1140c2559043d31bf435544532230
Instruction Fuzzy Hash: 825132B0E01609CFDB14CFAAD588BDEBBF1AF48314F208459E419A7790D774A844CB66

Uniqueness

Uniqueness Score: -1.00%

Function 054D748F, Relevance: 1.8, APIs: 1, Instructions: 327processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 054D775F

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: dca5b5805a9c76cecfc466bdc348ff58e4a415c62ff486b195bb6f8c1f0d6475
Instruction ID: 9aa3d6388783608ddece8081fda62b50a5690450b8757601ac5c0c995d66c84e
Opcode Fuzzy Hash: dca5b5805a9c76cecfc466bdc348ff58e4a415c62ff486b195bb6f8c1f0d6475
Instruction Fuzzy Hash: 24C12571D0422D8FDB20CFA4C894BEEBBB1FF49304F1485AAD449A7240DB749A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 054D7498, Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 054D775F

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 5eb5202a015f9ada879fea039d02ad1983e3679df64273cd590ddb22e93efc90
Instruction ID: ca3011f2e56e9539cae17926b8ce00d211a6f0c4f2fb971c12a0fc411ca4616b
Opcode Fuzzy Hash: 5eb5202a015f9ada879fea039d02ad1983e3679df64273cd590ddb22e93efc90
Instruction Fuzzy Hash: D9C11571D0022D9FDB20CFA8C854BEEBBB1FB49314F1485AAE419B7240DB749A85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 04E9A8B8, Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 04E9AA79

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: b8c10bb353189812c04eb3344dca2a05c409e239d87475c6ed7caaa3b6a4aa91
Instruction ID: 3f74682ab3bc9f8bf2917ec7adaa1170d38645b33540b0f0f343646d34f0e73e
Opcode Fuzzy Hash: b8c10bb353189812c04eb3344dca2a05c409e239d87475c6ed7caaa3b6a4aa91
Instruction Fuzzy Hash: 07719AB4D00218DFDF20CFA9D984ADEBBF1BF09304F5491AAE818AB211D774A985CF55

Uniqueness

Uniqueness Score: -1.00%

Function 054D6E30, Relevance: 1.6, APIs: 1, Instructions: 134threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 054D6F77

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: a8a321a85cd2f98b069ff6135ac60729a5581fe35f3503e9128524ae0fa09163
Instruction ID: 7ae215e499e34f36e65651fe2323a435991931285c02585b4ece55fab5fb5b8b
Opcode Fuzzy Hash: a8a321a85cd2f98b069ff6135ac60729a5581fe35f3503e9128524ae0fa09163
Instruction Fuzzy Hash: 255122B4D052588FCB10CFA9D8946DEFBB2BF49314F18806AE414AB341C734A946CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 054D710B, Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 054D71E3

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 5880d21a811beaca5689068e1e787812408e61246b62677f8472238a742a68e0
Instruction ID: 8fa655ee4422c2bd37bb03eea1b28aca99a8f26f4e2933905604263ad657ad30
Opcode Fuzzy Hash: 5880d21a811beaca5689068e1e787812408e61246b62677f8472238a742a68e0
Instruction Fuzzy Hash: DE4199B5D012589FCF00CFA9D984AEEFBF1BB49314F14942AE815B7200D738AA46CF64

Uniqueness

Uniqueness Score: -1.00%

Function 054D7110, Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 054D71E3

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6adc9ffee802a043a91ae75cf60989a70435d86d1087f5a30a59076b8715220a
Instruction ID: 12cdff919fdf6495420f49135513a05cf00961767c4aac8c62da0a2b37b897d9
Opcode Fuzzy Hash: 6adc9ffee802a043a91ae75cf60989a70435d86d1087f5a30a59076b8715220a
Instruction Fuzzy Hash: 424198B5D012589FCF00CFA9D984AEEFBF1BB49314F14942AE819B7200D738AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 054D7260, Relevance: 1.6, APIs: 1, Instructions: 114COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 054D731A

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 90707c88c3aba7f97e0e3581f97c9fb5836a05aea73c6d182434e83d9fcb151e
Instruction ID: 2159b7872bf21a303b6617197738573d42fb5abffd6b5f09f81e8027b3473c1c
Opcode Fuzzy Hash: 90707c88c3aba7f97e0e3581f97c9fb5836a05aea73c6d182434e83d9fcb151e
Instruction Fuzzy Hash: 0B41CCB9D042589FCF11CFA9D880AEEFBB1BF59310F14906AE815B7250C738A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 04E93850, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04E93923

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 18ee0ca541f3fac05b2be3531b6b4d965f381deaa37b2abf3261a3f1ebd6093c
Instruction ID: d01a1b7f10d7c432e383350de18c47d26b82cff794faae75048cfed24dbf4035
Opcode Fuzzy Hash: 18ee0ca541f3fac05b2be3531b6b4d965f381deaa37b2abf3261a3f1ebd6093c
Instruction Fuzzy Hash: 934186B9D002489FCF10CFA9D984ADEBBF4BB19310F14902AE918BB350D335A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 054D6E98, Relevance: 1.6, APIs: 1, Instructions: 110threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 054D6F77

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: c3bbc98179153d6a0d54ed90639e393bca4c72fe9235a0ed15b18f89d8eaca6b
Instruction ID: aa38daf0d9a5620fcd3525c3d173188ed726deb612bb089d02c0d680c4dc5263
Opcode Fuzzy Hash: c3bbc98179153d6a0d54ed90639e393bca4c72fe9235a0ed15b18f89d8eaca6b
Instruction Fuzzy Hash: B141EDB5D00258CFCB10CFA9D8846EEFBB1BF49314F54802AE405B7240D734A949CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04E93858, Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04E93923

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 93568850db864abd5c1b757dfa2df4b4f354826f90f20aa4c7340e58791a2231
Instruction ID: da267cb121a4106fc146660a47f7d4fef437bce38e38742f481eb68e9c0a0c65
Opcode Fuzzy Hash: 93568850db864abd5c1b757dfa2df4b4f354826f90f20aa4c7340e58791a2231
Instruction Fuzzy Hash: 914144B9E002589FCF10CFA9D984ADEBBF5BB19310F14902AE918BB310D735A955CF94

Uniqueness

Uniqueness Score: -1.00%

Function 054D7268, Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 054D731A

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: cd747efdb94cba902dea2caf0a669e67d18ab4456f96e291076bf2984c5e4d99
Instruction ID: 7ea13f4d58bbbb36b6d16413dfb8b162bc971264a3341451f2c147d32320b7ab
Opcode Fuzzy Hash: cd747efdb94cba902dea2caf0a669e67d18ab4456f96e291076bf2984c5e4d99
Instruction Fuzzy Hash: AD41A8B9D042589FCF10CFAAD880AEEFBB1BF59310F14942AE815B7200D739A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 054D6FE8, Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 054D709A

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 523fb86f510c1c3c96447759919851a9a55346edf3a17eb7926751d7e88a7262
Instruction ID: 045079c0acad3838720b40d3086130bd0698cd74b8e4dba6a6c4b9979b20ac59
Opcode Fuzzy Hash: 523fb86f510c1c3c96447759919851a9a55346edf3a17eb7926751d7e88a7262
Instruction Fuzzy Hash: 4C3195B9D002589FCF10CFA9D980AEEFBB5BB59310F14942AE815BB300D735A946CF65

Uniqueness

Uniqueness Score: -1.00%

Function 054D6FF0, Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 054D709A

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9ec016e4c76bab8f63db382672c9134b248c7be714d242bdec3d4eb87de2247c
Instruction ID: 280cd74bb3493e1ab56a455d9e9e27b251475b3440b11d98454354dfde667550
Opcode Fuzzy Hash: 9ec016e4c76bab8f63db382672c9134b248c7be714d242bdec3d4eb87de2247c
Instruction Fuzzy Hash: AD3195B8D042589FCF10CFA9D880AEEFBB5AB49310F10942AE815BB200D735A946CF65

Uniqueness

Uniqueness Score: -1.00%

Function 04E98B80, Relevance: 1.6, APIs: 1, Instructions: 98libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 04E98C32

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0ed0ade7954ea352e54b685c8ad3ec4b46510aaa2333f7fcc431c7926c3e1263
Instruction ID: 92b6c0a38e5a47a2a56288cbf231f47b75d9bd9fced457cec8d3b7513ab27ed1
Opcode Fuzzy Hash: 0ed0ade7954ea352e54b685c8ad3ec4b46510aaa2333f7fcc431c7926c3e1263
Instruction Fuzzy Hash: 9D4196B8D012599FCF10CFA9D984ADEFBF1BB4A314F14906AE814BB260D334A946CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00B317E8, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00B31897

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: fbce8dff2ec4a13da2bbb2882194137e019f44d7cbae864485d33a2385112bdc
Instruction ID: 9969efc0308c092f69f313df145e0e5de0ac1834649077fddf0fd8370b76dd01
Opcode Fuzzy Hash: fbce8dff2ec4a13da2bbb2882194137e019f44d7cbae864485d33a2385112bdc
Instruction Fuzzy Hash: 1B31A8B9D042589FCF10CFA9E484AEEFBF5AF19310F24946AE814B7210D774A946CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04E97DD4, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 04E9D261

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 887083ecbae6f9473c484d793e0855b3601670842f50bb09fac7bfb583386a29
Instruction ID: 26d3c9e425c3ca7a67068c3604abf7d0e030a7d1b54721994ad23379d7ad07b9
Opcode Fuzzy Hash: 887083ecbae6f9473c484d793e0855b3601670842f50bb09fac7bfb583386a29
Instruction Fuzzy Hash: E5413AB4A00315DFDB14CF99C888AAABBF5FF88314F148499E519AB360D734E841CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04E97BA8, Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 04E98C32

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b7f2da6278db0e49c60182014f2d27bca32451633e3376a9be193344204f213a
Instruction ID: c45c99eb645f1525c64efafd5fb728926642dc5f30e1c467235d55852f98fb79
Opcode Fuzzy Hash: b7f2da6278db0e49c60182014f2d27bca32451633e3376a9be193344204f213a
Instruction Fuzzy Hash: 774185B8D012589FCF10CFA9D484ADEFBF1BB59314F14906AE814BB220D334A946CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00B39E98, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00B39F3F

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 071589b4798b8868f98519be44cc35c9d295a9e742e8dc2d740b5f6829bf21c6
Instruction ID: 19b513b880f644c2f663d982fd1b2df60815076d1fb53a10d2f4b10d04857a3f
Opcode Fuzzy Hash: 071589b4798b8868f98519be44cc35c9d295a9e742e8dc2d740b5f6829bf21c6
Instruction Fuzzy Hash: 323177B9D042589FCF10CFA9D884ADEFBF5BB59310F24906AE814B7210D774A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00B317F0, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00B31897

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 47fd9a9e5cc63c36ce2a4cee0a8bdfe3a3af46c782fe927bb45112603eae2611
Instruction ID: ee1b80e121d628d519fd8c252d465062e26a4f8c20110a3a7357350fc36dfa35
Opcode Fuzzy Hash: 47fd9a9e5cc63c36ce2a4cee0a8bdfe3a3af46c782fe927bb45112603eae2611
Instruction Fuzzy Hash: 3C3177B9D042589FCF10CFA9E884AEEFBF5BB19310F24946AE814B7210D774A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 054D6EC8, Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON

Download Yara Rule

APIs

SetThreadContext.KERNELBASE(?,?), ref: 054D6F77

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 04d33f33bbb243da6ca76ac958b4b7062c7b87b5179be2fb8e50d7c54f8213b7
Instruction ID: 4b32b29033e411cecb40387640347a3778c962f7597596d2a794287a6e7b3842
Opcode Fuzzy Hash: 04d33f33bbb243da6ca76ac958b4b7062c7b87b5179be2fb8e50d7c54f8213b7
Instruction Fuzzy Hash: FF31BBB4D012589FCB10CFA9D884AEEFBF1BF49314F14842AE415B7240D738A989CF64

Uniqueness

Uniqueness Score: -1.00%

Function 054D27D8, Relevance: 1.6, APIs: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,00000000), ref: 054DA7A3

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: bd3b84969d5fba5936ef43184db555cdd2d58951eef39e1b1f613768eb6a645f
Instruction ID: ed0dfcf09da6e738fe8b549d8cc583098623650a8f20c663e6d91ff25eb79b29
Opcode Fuzzy Hash: bd3b84969d5fba5936ef43184db555cdd2d58951eef39e1b1f613768eb6a645f
Instruction Fuzzy Hash: 473186B9D04208AFCB10CFA9E484ADEFBF5AB59310F14902AE815BB310D374A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00B303FC, Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

OutputDebugStringW.KERNELBASE(?), ref: 00B3C8C2

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID: DebugOutputString
String ID:
API String ID: 1166629820-0
Opcode ID: be88ce0047a13537633c4a9104d5be1d6b5f52b6b03e622e0fe412e318c7a3b8
Instruction ID: 4dd76f5268c2744e63020be02a33173c3538724876c0bd7b4edaccba74ec8f82
Opcode Fuzzy Hash: be88ce0047a13537633c4a9104d5be1d6b5f52b6b03e622e0fe412e318c7a3b8
Instruction Fuzzy Hash: 9F31A9B5D002489FCB14CFA9D484AEEFBF5AF49314F24806AE818B7310D774AA45CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 04E98878, Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 04E9890A

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: fe2f1a0d6f0f6a30f6069bd6f4d4d18ddf378bbbb7e1467cdbb8fec5e4bd0845
Instruction ID: a7fcc3d3350e8bea4a796c6d50c83ebf1e0787bc00e75a14cdbb40b01d962ff7
Opcode Fuzzy Hash: fe2f1a0d6f0f6a30f6069bd6f4d4d18ddf378bbbb7e1467cdbb8fec5e4bd0845
Instruction Fuzzy Hash: 483198B4D002099FCB14CFA9D484ADEFBF5BB49314F14902AE818B7360D334A945CF65

Uniqueness

Uniqueness Score: -1.00%

Function 054D67CB, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 054D684E

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 1c69f0d1816d72ec6993a720642e9f56569519626a4beb779e88b9938435f738
Instruction ID: 161a7ba2e02b057e235988dcebd0576abd213dcd40fbb9a2d87e33873e428ce7
Opcode Fuzzy Hash: 1c69f0d1816d72ec6993a720642e9f56569519626a4beb779e88b9938435f738
Instruction Fuzzy Hash: AE31C9B4D012189FCF10CFA9D984AEEFBB5AF48314F14842AE815B7300CB34A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 054D67D0, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 054D684E

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 310f4f227f607aa8f65b2ca0ba7a470505dcac3b6ab17cd536418c3e346646e7
Instruction ID: 55e1f6bb92a358e69796408282a1246e5ac97415a35e64fa2f9b0d2f2b24930a
Opcode Fuzzy Hash: 310f4f227f607aa8f65b2ca0ba7a470505dcac3b6ab17cd536418c3e346646e7
Instruction Fuzzy Hash: EA31A9B4D012589FCF14CFA9D884AEEFBB5AF49314F14842AE815B7300DB35A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0098D01C, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219066191.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c39d53712cba7b5247eaa5275df79da6ff6f741c5e81f450f260876d216178a2
Instruction ID: aaf3f0aa9ef806ef7beb9c7fb98520a9fe2ba411454adac8437aea8b152af3ba
Opcode Fuzzy Hash: c39d53712cba7b5247eaa5275df79da6ff6f741c5e81f450f260876d216178a2
Instruction Fuzzy Hash: B7212271504300EFDB14EF14D8C4B26BB69FB88328F20C969D8094B386C73AD847CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0098D006, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219066191.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a6242c0684c210d519df6f6ad02f294dbd4a7f8d7ee0e47840f2238e51cbeb
Instruction ID: 1e37e0a12d9f23bf65d8415317ce52fcc5491c1da20c4da50f0f53a07f829a57
Opcode Fuzzy Hash: e4a6242c0684c210d519df6f6ad02f294dbd4a7f8d7ee0e47840f2238e51cbeb
Instruction Fuzzy Hash: 90217C755093808FCB02CF24D994B15BF71AB46214F29C5EAD8498B6A7C33A984ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0097D7FD, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219049884.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 520b5939a9b4c56731b34b396b5902e9e867cc0258b7b04443742deff39c6151
Instruction ID: 611702e6ae207814f39a7f60738b444f7d54d549fbf21784cd4a5211a673f4cd
Opcode Fuzzy Hash: 520b5939a9b4c56731b34b396b5902e9e867cc0258b7b04443742deff39c6151
Instruction Fuzzy Hash: AA01F77250A344EAE7108E55D8807E2BBACEF51378F18C45AEE095F243D7789844C6B2

Uniqueness

Uniqueness Score: -1.00%

Function 0097D7FC, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219049884.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c020bbba55fe84273aac1ef7379fb24cd27061917aa3da2767f828b71afb4f4c
Instruction ID: 723f6673ff760ccb4d02dd3bed4c8e3ba9948274dc6a100d1512f9e9ab8c5ee4
Opcode Fuzzy Hash: c020bbba55fe84273aac1ef7379fb24cd27061917aa3da2767f828b71afb4f4c
Instruction Fuzzy Hash: 80F06272405284AEE7108E16DC84BA2FFACEF51734F18C45AED085B686C3799844CAB1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 054D88A8, Relevance: 2.7, Strings: 2, Instructions: 222COMMON

Download Yara Rule

Strings

_a<u, xrefs: 054D890D
8d], xrefs: 054D8A73

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID: 8d]$_a<u
API String ID: 0-889248474
Opcode ID: 22d86bfe43acdfb7a54813e1d3244581b759627903faa3bf5cd15e1745ba648a
Instruction ID: 042ada0ba159c32e841e1c600cbf10f526b5fd6bccaf37ba09ec64dbb6a3ec83
Opcode Fuzzy Hash: 22d86bfe43acdfb7a54813e1d3244581b759627903faa3bf5cd15e1745ba648a
Instruction Fuzzy Hash: FF91E174E05209DFCB48CFA9D5908EEFBF2EB89300F24946AD445BB314E7359A028F65

Uniqueness

Uniqueness Score: -1.00%

Function 054D88A4, Relevance: 2.7, Strings: 2, Instructions: 210COMMON

Download Yara Rule

Strings

_a<u, xrefs: 054D890D
8d], xrefs: 054D8A73

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID: 8d]$_a<u
API String ID: 0-889248474
Opcode ID: 3bbaf19a639d01a5a68b0bf8da4b5fe9cb7f202d0b1ad251524f05de47c77de3
Instruction ID: 738eb75daa42cea240e0e5cf96cb2555e477d517b4dc6462fda446bbf91b4960
Opcode Fuzzy Hash: 3bbaf19a639d01a5a68b0bf8da4b5fe9cb7f202d0b1ad251524f05de47c77de3
Instruction Fuzzy Hash: 5691D174E05209DFCB44CFA9D9948EEFBF2EB89300F24946AD445BB314E7359A028F65

Uniqueness

Uniqueness Score: -1.00%

Function 054D68C0, Relevance: 1.5, Strings: 1, Instructions: 228COMMON

Download Yara Rule

Strings

P~, xrefs: 054D6940

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID: P~
API String ID: 0-4179635623
Opcode ID: 8f008cfbdc5a9907a6131d1e5d7eb6aa0028ce35e6fdf7845beade3138385f89
Instruction ID: 8b61eac75eecc24ad4594a3b3bf67ef6f8444cd87cfb10ac36c3a43d6e534024
Opcode Fuzzy Hash: 8f008cfbdc5a9907a6131d1e5d7eb6aa0028ce35e6fdf7845beade3138385f89
Instruction Fuzzy Hash: 8EA11874E04219CFCB14CFA9D994ADEFBB2BF89214F2481AAD409AB315D730AD41CF61

Uniqueness

Uniqueness Score: -1.00%

Function 054D68B3, Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

P~, xrefs: 054D6940

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID: P~
API String ID: 0-4179635623
Opcode ID: 306092f0f06b08fcc912cb8c87be56b690ecee043b12793a069f9451c6b4c985
Instruction ID: 3717de7a57d787c462b6673a08b16e05c5184b0da4bab0ed2b67c925ab904c45
Opcode Fuzzy Hash: 306092f0f06b08fcc912cb8c87be56b690ecee043b12793a069f9451c6b4c985
Instruction Fuzzy Hash: A3A12874E04619CFCB14CFA9C990A9EFBB2BF89214F1481AAD409AB365D730AD41CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00B36571, Relevance: 1.4, Strings: 1, Instructions: 120COMMON

Download Yara Rule

Strings

vQ[9, xrefs: 00B36650

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: vQ[9
API String ID: 0-69494860
Opcode ID: fbf023d61032a95779bb98abc31d0d4e0e1587df27d317151c0ced88848d8655
Instruction ID: a2abcf02d5942dd696ca04798325ca8171a64a359d327dc25810cd6ef6d12fba
Opcode Fuzzy Hash: fbf023d61032a95779bb98abc31d0d4e0e1587df27d317151c0ced88848d8655
Instruction Fuzzy Hash: D851E8B4D0520A9FCB08CFAAC5915EEFBF2AF99340F24D46AC415E7258E2349A418F94

Uniqueness

Uniqueness Score: -1.00%

Function 00B36580, Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

vQ[9, xrefs: 00B36650

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: vQ[9
API String ID: 0-69494860
Opcode ID: 3878980882c11a98f7b1b7c40ac84122f91ff3fb2ac31cb4627724cc2e7a7b56
Instruction ID: 31fdc7bc755f4db092dd9262a4f627619acbb2383fe0bb4c29ae2c565826c117
Opcode Fuzzy Hash: 3878980882c11a98f7b1b7c40ac84122f91ff3fb2ac31cb4627724cc2e7a7b56
Instruction Fuzzy Hash: 8151E8B0D0520A9BCB08CFAAC5815EEFBF2BF98340F24D46AC415E7258E7349A418F94

Uniqueness

Uniqueness Score: -1.00%

Function 00B36C58, Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

k_5, xrefs: 00B36CEB

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID: k_5
API String ID: 0-2591209475
Opcode ID: 599c23d3ee7bd5b7dc5a019bf6ef552bf7b46252f2414e96980e269fed763728
Instruction ID: 6459896168904d8a34d47e69fd8a4428d24ac6033e8b78d5a4bf82ce096ddb02
Opcode Fuzzy Hash: 599c23d3ee7bd5b7dc5a019bf6ef552bf7b46252f2414e96980e269fed763728
Instruction Fuzzy Hash: 2921F175E056189BEB58CF6BD84069EFBF3AFC9300F14D1BAC408A6264EB7005468F11

Uniqueness

Uniqueness Score: -1.00%

Function 04E98E70, Relevance: .5, Instructions: 529COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3180e89ca248c77b001559abd24e7bd11d719f6de37be58dbc4d045e79974c
Instruction ID: 94d2fe8b104e1f8761ff91ed3fef8e2e59c8c051b5f7d4db682c250fa15dd53b
Opcode Fuzzy Hash: 2b3180e89ca248c77b001559abd24e7bd11d719f6de37be58dbc4d045e79974c
Instruction Fuzzy Hash: 6F5249B0940705DFD710CFA8E88819D3BF9FB41318B646A08D5619B2D1DBB96DEACF84

Uniqueness

Uniqueness Score: -1.00%

Function 054D4AB0, Relevance: .3, Instructions: 298COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dbf72a06a51a026488732e18cc05373c64390db7d5b1c8e2113ccb37fc9c2fd
Instruction ID: 58ed2662bdfad632bccffa67001d73eb68c68da48ce778dd912b94c345e5aca8
Opcode Fuzzy Hash: 4dbf72a06a51a026488732e18cc05373c64390db7d5b1c8e2113ccb37fc9c2fd
Instruction Fuzzy Hash: A0D11A74E042199FCF14CF95C994AEEFBB2BB89304F2485AAD409AB315D730AD42CF61

Uniqueness

Uniqueness Score: -1.00%

Function 054D4AAF, Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab217d4fb4b730ddc89f63996ddb8d69f4ff6eaa2889a370dedd0b3cc3d0b9e
Instruction ID: f4ece1bf3cbfea6ee59d822aedaf2d6f46721965a2376df8f811d6d40a068316
Opcode Fuzzy Hash: 1ab217d4fb4b730ddc89f63996ddb8d69f4ff6eaa2889a370dedd0b3cc3d0b9e
Instruction Fuzzy Hash: 87D12A74E042199FCB14CFA5C594AEEFBB2BF89304F2485AAD409AB315D7709D41CF61

Uniqueness

Uniqueness Score: -1.00%

Function 04E96490, Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a782dc7a6170cedba3618651d899acdec97885a3da80f2af95f0fe582527deaf
Instruction ID: 2efa362bbfba650eea0284310e2f00d0bf42330d15411b17c46187f8f9a7514b
Opcode Fuzzy Hash: a782dc7a6170cedba3618651d899acdec97885a3da80f2af95f0fe582527deaf
Instruction Fuzzy Hash: D9A16B32E1021ACFCF05DFB5C88459EB7F2FF85304B15956AE805AB261EB31AD19CB40

Uniqueness

Uniqueness Score: -1.00%

Function 054D3C60, Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1917b17d841c308f646844263b1027d867bab18c899a82886811c75de55c86cc
Instruction ID: 2d10b1faa1a65e52f73fdfe089495ebf600216b335fbf1942e17135c21840734
Opcode Fuzzy Hash: 1917b17d841c308f646844263b1027d867bab18c899a82886811c75de55c86cc
Instruction Fuzzy Hash: 18B12475E052198BCB04CFE9C5519EEFBF2BF88300F24C96AD419BB358E73499428B65

Uniqueness

Uniqueness Score: -1.00%

Function 054D4BAF, Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60e6f4dae522cd37c727213b807479c553466d91619a07ca28266f479055075
Instruction ID: 786cc97b1c588df75e0690f6021d6bc31fba98f482dac58b11db9977201107c8
Opcode Fuzzy Hash: e60e6f4dae522cd37c727213b807479c553466d91619a07ca28266f479055075
Instruction Fuzzy Hash: C6C13774A04219DFCF14CFA4C994AEEFBB2BB89304F24959AD409AB315D731AD42CF61

Uniqueness

Uniqueness Score: -1.00%

Function 054D3C50, Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 806a931ae6548b76858aabdabd3da5dd1b25b9479cf85539afe77139f70ae73b
Instruction ID: b3a8a49d5538c399ace1d080d28eb4e3611110bc16f6a9317ac16895adc091ea
Opcode Fuzzy Hash: 806a931ae6548b76858aabdabd3da5dd1b25b9479cf85539afe77139f70ae73b
Instruction Fuzzy Hash: A3A12575E052198BCB04CFE9C5559EEFBF2BF88300F24C96AC419BB358D73499428B65

Uniqueness

Uniqueness Score: -1.00%

Function 00B367C9, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1eacdd72ce95cbf3e0607196d0b9677a19f006cc45cdd77e5a713d8026d73eb
Instruction ID: 6a96e2fd3a43671e2b64d978960bade1f2055a28abf31887b43114b5f3f673b1
Opcode Fuzzy Hash: f1eacdd72ce95cbf3e0607196d0b9677a19f006cc45cdd77e5a713d8026d73eb
Instruction Fuzzy Hash: E771C274E156099FCB08CFA9C5805DEFBF2BF8D310F24956AD415BB264D3349A42CB68

Uniqueness

Uniqueness Score: -1.00%

Function 00B367D8, Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c02184c6396025a8b3f99c6883c639e6370dc5bc02246741529d7ac0598b31b4
Instruction ID: b7ca292d6dbed30c360f4ceb0c6b239fca6c8bb09568bf71f0d35727cd9b4524
Opcode Fuzzy Hash: c02184c6396025a8b3f99c6883c639e6370dc5bc02246741529d7ac0598b31b4
Instruction Fuzzy Hash: D471A274E156099B8B08CFAAC9905DEFBF2BF89310F24D56AD415B7224D3349A41CF68

Uniqueness

Uniqueness Score: -1.00%

Function 054D4468, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f6e48fbec94509e0e95240a87b24b0c14816dfb28e3c6c5250a6c6869ec3dca
Instruction ID: df8c9ac634a6c0addd6ed34167a59319c2b8617988fdba777d3ddd9345abfcfd
Opcode Fuzzy Hash: 5f6e48fbec94509e0e95240a87b24b0c14816dfb28e3c6c5250a6c6869ec3dca
Instruction Fuzzy Hash: 3B51E970E052198FDB58CF65D991BEEFBB2BF88200F1080AAD509A7354DB709E85CF61

Uniqueness

Uniqueness Score: -1.00%

Function 00B3A240, Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7840103a35464cc914db9d06ed10d30ea6a8cca1febc04a6cbf408c9e3d479
Instruction ID: 7e0ec4960f22163da1c2525cc793af7317cd569e21cd66b4cbdb5c3466f65028
Opcode Fuzzy Hash: ba7840103a35464cc914db9d06ed10d30ea6a8cca1febc04a6cbf408c9e3d479
Instruction Fuzzy Hash: AB512770E116198FDB18CFA9D880A9EFBF2BF88300F2081A9D448AB355DB709A418F51

Uniqueness

Uniqueness Score: -1.00%

Function 054D4458, Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff945dfb45c8b0d5c09cb394c240db2baeef5dcf1c12565108d9e4a087c1c006
Instruction ID: f593906877045a184362d0c83ae6ecca5e51481eecf34af37e4b8892c2d067c3
Opcode Fuzzy Hash: ff945dfb45c8b0d5c09cb394c240db2baeef5dcf1c12565108d9e4a087c1c006
Instruction Fuzzy Hash: D0511A74E052198FDB54CF65C991B9EFBB2BF88200F10C0AAD509A7354EB709E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00B377D2, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59f7b7647a9e07d29719746104d082554a418343fdaaa804e42923278790c729
Instruction ID: ba67788d29602c6d8da8d6bafa8d8fbc144a97e3ad5a6f1e9d42969e819de4ee
Opcode Fuzzy Hash: 59f7b7647a9e07d29719746104d082554a418343fdaaa804e42923278790c729
Instruction Fuzzy Hash: E4517B75E056588BDB28CF6B9D4569DFBF3AFC9300F14C1BAC50DAA264DB301A868F11

Uniqueness

Uniqueness Score: -1.00%

Function 00B36A79, Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0607516066b0cac68e701238be0e00d5c90ee2856ef57bf21259c8423a2569d
Instruction ID: 681d4c92be5c3f571aa4042db09709bbd7308ab3eaef3ab3a12d754a1ef90c0a
Opcode Fuzzy Hash: a0607516066b0cac68e701238be0e00d5c90ee2856ef57bf21259c8423a2569d
Instruction Fuzzy Hash: D341F7B0E0560ADFCB48CFA9C5815AEFBF2FF88300F24D4AAC515B7214E7349A418B91

Uniqueness

Uniqueness Score: -1.00%

Function 00B36A88, Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c528de1b97d3f93e4b263c27d51fcb44738ab1bb2065984880373a601e8d7f
Instruction ID: 7f91cc9eb2623f6de52e316da7b6365e62391d798bf4f0dc81e275c0a472cf5e
Opcode Fuzzy Hash: f4c528de1b97d3f93e4b263c27d51fcb44738ab1bb2065984880373a601e8d7f
Instruction Fuzzy Hash: 7241F7B0E0561ADBCB48CFA9C5815AEFBF6FF88300F24D4AAC515B7214E7349A418B95

Uniqueness

Uniqueness Score: -1.00%

Function 054D5CE8, Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 075c927e57196b1262aa3d48499653742f8df09d5c7bf80eec789725fc7e0c52
Instruction ID: f419645e73ef18896ca651518b04a76de534c8cf0c87ebd9bb10c720891a813b
Opcode Fuzzy Hash: 075c927e57196b1262aa3d48499653742f8df09d5c7bf80eec789725fc7e0c52
Instruction Fuzzy Hash: B5411774E152199FDB18CFA9D885BDEFBF7BB88210F10C0A6D409A7355DB309A458F60

Uniqueness

Uniqueness Score: -1.00%

Function 054D5CD9, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66b3facf2b398d13dfa0545fcab8ff6f4154967a768be251ca3fa9c6308f447a
Instruction ID: 22252932ed7f776ddfc8b55c02b9975824665cc41c4e40d773601ef76dbbb835
Opcode Fuzzy Hash: 66b3facf2b398d13dfa0545fcab8ff6f4154967a768be251ca3fa9c6308f447a
Instruction Fuzzy Hash: 9A415974E112189FDB18CF65C985ADEFBF3BB88200F14C0AAD409A7311DB309A418F60

Uniqueness

Uniqueness Score: -1.00%

Function 04E97D7C, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224934999.0000000004E90000.00000040.00000001.sdmp, Offset: 04E90000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8274aa6420873d66379a7c4b3aecdd08956a05278e16314cc740570b03e31c
Instruction ID: 1346e28480a00182c8f086c7ad8c7603bac2f83ae7515b13a8dd8845b36edf99
Opcode Fuzzy Hash: 7b8274aa6420873d66379a7c4b3aecdd08956a05278e16314cc740570b03e31c
Instruction Fuzzy Hash: D73188B8D012089FCF10CFA9E584ADEBBF5BB49314F24A02AE815BB350D374A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 054D3331, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de673c08f46f80db4be6968af70b5e9a713caf24e7e958d191e2d49e1dee4f3e
Instruction ID: eda8c2a5b1c22ab62cb87cd2521bb9b5bce6ea258ce1edc5cac3f8fd6f453f68
Opcode Fuzzy Hash: de673c08f46f80db4be6968af70b5e9a713caf24e7e958d191e2d49e1dee4f3e
Instruction Fuzzy Hash: 4131E072E192188BC708CF6ACD556DEFBB3EB84200F08C56BC408E6354DB748A05CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00B3A898, Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f08acdec515aab1d55a13d202e1065312ee4da75ec829dbc92f0bad753f5b008
Instruction ID: b3e8837eb7a04a1a9b26df505e38f4645fb429641c0c8382f7f86c8ee48eb26e
Opcode Fuzzy Hash: f08acdec515aab1d55a13d202e1065312ee4da75ec829dbc92f0bad753f5b008
Instruction Fuzzy Hash: FE21C371E116299BDB18CFABD8406AEFBF7BFC8310F24C17AD518A7254EB345A018B51

Uniqueness

Uniqueness Score: -1.00%

Function 00B3AE90, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659a9e1e0e866ca71a96bc159ad45eb7687bd2a9ca127991cd42929b7ccf32cb
Instruction ID: d4971ca4550071692d44250b7ed0b539809093bbd7a91aebb0f99e1b4a7e7502
Opcode Fuzzy Hash: 659a9e1e0e866ca71a96bc159ad45eb7687bd2a9ca127991cd42929b7ccf32cb
Instruction Fuzzy Hash: 4511D671E116199BDB08CFAAD9406EEFBF7ABC8310F24C06AD508A7214EB305A418B95

Uniqueness

Uniqueness Score: -1.00%

Function 00B3B870, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.219420082.0000000000B30000.00000040.00000001.sdmp, Offset: 00B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 657b6bf75136fe3deb2722811badaa3c6e37a9b5b5bebd3af24d5b9ec4dcbf6f
Instruction ID: 841bfc0219a664c3bd5c57a64baa8b8894dab46cdf83f123550edce60cbe7124
Opcode Fuzzy Hash: 657b6bf75136fe3deb2722811badaa3c6e37a9b5b5bebd3af24d5b9ec4dcbf6f
Instruction Fuzzy Hash: AD111A71E106199BDB18CFAAD940ADEFBF7ABC8310F14C57AD518A7218DB304A018B91

Uniqueness

Uniqueness Score: -1.00%

Function 054D3390, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.225857757.00000000054D0000.00000040.00000001.sdmp, Offset: 054D0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8552e6233fd6133643e073746200b964861e4b296ef10d3a268bea126a75f6fa
Instruction ID: 1156b3b94a90322cfeb1827182ea2d3152a4c0a53a11c8733307eb5155d6d9b3
Opcode Fuzzy Hash: 8552e6233fd6133643e073746200b964861e4b296ef10d3a268bea126a75f6fa
Instruction Fuzzy Hash: 62111471E156199BDB08CFABD9406EEFBF7EBC8210F14C46AD508A7214DB305A028B61

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Purchase Order_12052021.exe PID: 2792 Parent PID: 3560 Purchase Order_12052021.exeCOMMON

Executed Functions

Function 0694B780, Relevance: 2.2, APIs: 1, Instructions: 665libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0694BA35

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5cae52f74a96ea506c33a4750763b59f6d2fc9ea2339d31567d70c3e71f4baa9
Instruction ID: 8add6e60250353486d3374295fcb55cd6a9755fabd15bcd5a329ac692ca98beb
Opcode Fuzzy Hash: 5cae52f74a96ea506c33a4750763b59f6d2fc9ea2339d31567d70c3e71f4baa9
Instruction Fuzzy Hash: 8432E134F142498FDB54AB78C854BAE7BF6AF85304F2484AAD409DBB99EB34DC45CB10

Uniqueness

Uniqueness Score: -1.00%

Function 0591DD88, Relevance: .4, Instructions: 379COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bb92b3b8567506e0b1634f80fe7cedfc8f32dbc21dca3dd9019f00ec29c33d6
Instruction ID: 3f37a574c43fee52cea098a91b27cf3ff7264546e0b8b708862e18c5e6b70d8d
Opcode Fuzzy Hash: 8bb92b3b8567506e0b1634f80fe7cedfc8f32dbc21dca3dd9019f00ec29c33d6
Instruction Fuzzy Hash: 29C1D634748229CBDB385B79841573A79AFBB85641F088D6DDCA38F694CF30C982C75A

Uniqueness

Uniqueness Score: -1.00%

Function 069492EB, Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 06949358
GetCurrentThread.KERNEL32 ref: 06949395
GetCurrentProcess.KERNEL32 ref: 069493D2
GetCurrentThreadId.KERNEL32 ref: 0694942B

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: c31abafd4c19ceb46f80b23d157556dd8838035c0dcbc1e9f7093e925bf8edca
Instruction ID: 2a607b36910d3cacb4992844857622f25f3a77816e797dc7985688f75207961e
Opcode Fuzzy Hash: c31abafd4c19ceb46f80b23d157556dd8838035c0dcbc1e9f7093e925bf8edca
Instruction Fuzzy Hash: 155154B0D003498FDB64CFA9C548BDEBBF0BF89314F24815AE01AA77A0D7755884CB65

Uniqueness

Uniqueness Score: -1.00%

Function 069492F8, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 06949358
GetCurrentThread.KERNEL32 ref: 06949395
GetCurrentProcess.KERNEL32 ref: 069493D2
GetCurrentThreadId.KERNEL32 ref: 0694942B

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: f3f494cb74f3d37dec588774f3b5c20971ed5d12c973cc887979b5b593465037
Instruction ID: 5df1b64ee913aa81d7afc8a9d6540569614e17e39d6be0f300bc9c3633c3a2a4
Opcode Fuzzy Hash: f3f494cb74f3d37dec588774f3b5c20971ed5d12c973cc887979b5b593465037
Instruction Fuzzy Hash: 9B5154B0D002098FDB64CFAAC588BDEBBF0BF89314F20845AE019A77A0D7755884CB65

Uniqueness

Uniqueness Score: -1.00%

Function 06947FC1, Relevance: 1.8, APIs: 1, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 0ef11fac67b0a3dbb412a991c201991448597a6072862ddfc9352b5653906da1
Instruction ID: 4d33e847b1a8aadb3ed48c5eedc218a5355dfb76c0048b06d58cfc49dbf0f04e
Opcode Fuzzy Hash: 0ef11fac67b0a3dbb412a991c201991448597a6072862ddfc9352b5653906da1
Instruction Fuzzy Hash: 6CB1A070A007058FCB54EFB9D444A6EBBF5FF89204B10896DD81ADBB55DB30E845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06943159, Relevance: 1.8, APIs: 1, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 425e79eaa1c41ed39084babdfa355f354c8e77bb4d985e5a220629effa9f1dc6
Instruction ID: 99afcba18dc69289244139ef1d91fb3939d72999ead95019f299eff42506d730
Opcode Fuzzy Hash: 425e79eaa1c41ed39084babdfa355f354c8e77bb4d985e5a220629effa9f1dc6
Instruction Fuzzy Hash: 83C18C30A10305DFD769AF75E51DB6ABBB2AF84305F148838E526DBAA4DF748C85CB40

Uniqueness

Uniqueness Score: -1.00%

Function 06948958, Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 06948A6A

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 5d43d6e8d3d74c6b925b28191cdac921490a8c89f7f2744e1e9646da5c669e20
Instruction ID: a1527c2b65dc3d0487d9f87e7c3b69bc47f1afe799fdbeb32cebd0e1e4846e58
Opcode Fuzzy Hash: 5d43d6e8d3d74c6b925b28191cdac921490a8c89f7f2744e1e9646da5c669e20
Instruction Fuzzy Hash: 6F41C0B1D00309DFDB14CF9AC984ADEBBB5BF48314F24822AE419AB250D7759845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0117A5B4, Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 0117A6A7

Memory Dump Source

Source File: 00000003.00000002.469693506.0000000001170000.00000040.00000001.sdmp, Offset: 01170000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7c43a149f21043a5d549f7c9bdb0523124a90e6ab0862e025ca83e79953a4bbb
Instruction ID: 24521956c1e07c2a40e8945101b6720a1d58552ebb741f6f057037757ce9766c
Opcode Fuzzy Hash: 7c43a149f21043a5d549f7c9bdb0523124a90e6ab0862e025ca83e79953a4bbb
Instruction Fuzzy Hash: F2412570D10619CFDB18CFA9D98579EBBF1AF88314F18812AE815AB380D77598458F92

Uniqueness

Uniqueness Score: -1.00%

Function 01176FA8, Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?), ref: 0117A6A7

Memory Dump Source

Source File: 00000003.00000002.469693506.0000000001170000.00000040.00000001.sdmp, Offset: 01170000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 8f7f5243072546cf82a7b445ecc168329ec74be8496a7f383d7a22bd921ff67c
Instruction ID: 17e9c6f686a3184362be26a848fa6e4114ccb6b6506f79caf3162fb66800b023
Opcode Fuzzy Hash: 8f7f5243072546cf82a7b445ecc168329ec74be8496a7f383d7a22bd921ff67c
Instruction Fuzzy Hash: DD411870D10619CFDB18CFA9D88479EBBF1BF88314F188129E815EB384D77598458F92

Uniqueness

Uniqueness Score: -1.00%

Function 06949594, Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 0694A7D9

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 15f8ebe0d49582eb01e911ed5ffd00126c0fac3b1bb1326210a36618fc0867c3
Instruction ID: 17e6bde9999f5f15c623a8321af5ffe592d38b2520d3c78f5b64ae7f8cd6fd41
Opcode Fuzzy Hash: 15f8ebe0d49582eb01e911ed5ffd00126c0fac3b1bb1326210a36618fc0867c3
Instruction Fuzzy Hash: 4D4156B4E00345DFDB54CF89C488EAABBF5FF88324F258459E519AB725D334A841CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0692B62E, Relevance: 1.6, APIs: 1, Instructions: 76comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 0692B6C0

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 7e2cf0ca8718389d14e0804c32630eb70e36a653a2ba8c650502ad97d1564c2e
Instruction ID: b0157ba726277b02251aedfd20dccff913a653a2c42b0f26e32560d764df95a5
Opcode Fuzzy Hash: 7e2cf0ca8718389d14e0804c32630eb70e36a653a2ba8c650502ad97d1564c2e
Instruction Fuzzy Hash: AB3123B0E00219DFDB54CF99C889BDEBBF5BF88318F248019E405ABB94D7B45949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 069287C1, Relevance: 1.6, APIs: 1, Instructions: 75comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06928875

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: e6d7bf4627fd2496f5adfd7686eb40b779fd2b2d69d6c8f9aa884fd04b069246
Instruction ID: a8a09502d5d1905c2c11595521e7a9a4fdb60de0bcd985fdc8946cdc24bb63ad
Opcode Fuzzy Hash: e6d7bf4627fd2496f5adfd7686eb40b779fd2b2d69d6c8f9aa884fd04b069246
Instruction Fuzzy Hash: 7A21B870D003958FCB64CFA9C545BEEBFF8AF49318F14445EE446A7A50C3B9A848CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0692B638, Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 0692B6C0

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: aac06625320afba86e377e384d3e3b82d502d2869876526ede2d00382a311fe1
Instruction ID: 8945214c1bf252b4064c2f7e7f3cd5b6f9a18db3bad2c92fa7a5645e6e999b4f
Opcode Fuzzy Hash: aac06625320afba86e377e384d3e3b82d502d2869876526ede2d00382a311fe1
Instruction Fuzzy Hash: 4E3124B0E00219DFDB50CF99C884BCEBBF8BF48318F248019E404ABB94D7B4A945CB61

Uniqueness

Uniqueness Score: -1.00%

Function 06949928, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 069499AF

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: a799464da72606ab3b8fdf396e357af935ab400e73735bdce1ad794685d09964
Instruction ID: 2aa9a4cc46a049cf8800cff9852484efd64aa163dc6e7dc8cdf27a15885cba8b
Opcode Fuzzy Hash: a799464da72606ab3b8fdf396e357af935ab400e73735bdce1ad794685d09964
Instruction Fuzzy Hash: 7E21D3B5D00209DFDB10CFAAD884ADEBBF8FB48324F14841AE915A7710D379A954CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06924DD8, Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06924DB9,00000800), ref: 06924E4A

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 02366b7f2e8b4e1d55e12477723ba3afed81e50d7766e36f8b48736b2f63b559
Instruction ID: 7f67a1bd863d7013204be8d8e636b84a877a31841450554f3bc82fe678a7ff73
Opcode Fuzzy Hash: 02366b7f2e8b4e1d55e12477723ba3afed81e50d7766e36f8b48736b2f63b559
Instruction Fuzzy Hash: 532144B2D002198FDB10CF9AD444AEEFBF4EB88310F10852EE415A7600C375A949CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0694961C, Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 0694ADE0

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: CurrentThread
String ID:
API String ID: 2882836952-0
Opcode ID: 208c8b9206ecadc8e98d29b9aba6e43947b73eea988c524e8d98f82aba1e0679
Instruction ID: 507021a659ddd4e615f8bf2370c8657c20b17d1f84a99fcd43835f476839c726
Opcode Fuzzy Hash: 208c8b9206ecadc8e98d29b9aba6e43947b73eea988c524e8d98f82aba1e0679
Instruction Fuzzy Hash: E1116071D043058FDB60DF99C885BEFBBF8FB48264F54842AE41AA3600D734A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06923B30, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000000,?,06924DB9,00000800), ref: 06924E4A

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 80bfb2096bec77c693c51f6954624272986c9ccacea99353f623057f5a997d28
Instruction ID: 4e1f3836a222e6a73dad5981fd491005bf8be511531b4c27ca7ae6e65dc66823
Opcode Fuzzy Hash: 80bfb2096bec77c693c51f6954624272986c9ccacea99353f623057f5a997d28
Instruction Fuzzy Hash: 7C1144B6D002198FDB10CF9AD444BEEFBF4EB88310F11842AE915A7700C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069475FC, Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 06948366

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 3745c4fbb8af11fe8a35ed35b2bf42ffb19135249efbe023fd3d2d664cced8af
Instruction ID: 7fdb79839ae90016f140c21476d9befaf47546776f239a937e8f16f6f4fb35e3
Opcode Fuzzy Hash: 3745c4fbb8af11fe8a35ed35b2bf42ffb19135249efbe023fd3d2d664cced8af
Instruction Fuzzy Hash: 7F1132B1C003098FCB20DF9AC544BDEFBF4EB88224F10841AD429B7600C374A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 06943546, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 069435C4

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 6bbe9a725150be927fee1c9ac06c1271abb2af3ff8a01c79567959f67f9dee20
Instruction ID: 6a6bca6b1f07ce14bdcefc607ec3f6f9efd22303f905ff8445b5a86cadf77100
Opcode Fuzzy Hash: 6bbe9a725150be927fee1c9ac06c1271abb2af3ff8a01c79567959f67f9dee20
Instruction Fuzzy Hash: B1119F34660308CFC7593BB1EA1E15DBFBAEB8935AB042471F817C66A4DF300E818B55

Uniqueness

Uniqueness Score: -1.00%

Function 06928818, Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06928875

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 56f48883eadf3f96ee39908e2d3769081ec4dd6fb4c374673c9351dc2a1139d4
Instruction ID: 5987048faf2eeaa0d8c5e640a15188515d15dc3cfafabdc313d61c167a5126ad
Opcode Fuzzy Hash: 56f48883eadf3f96ee39908e2d3769081ec4dd6fb4c374673c9351dc2a1139d4
Instruction Fuzzy Hash: 4A1136B0D00209CFCB50CF99D448BDEBBF4EB88364F14842AD515A7710C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06945200, Relevance: 1.5, APIs: 1, Instructions: 47timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,0145AA60,?,?,?,?,?,?,?,069456A0,00000000,?,00000000), ref: 0694A9AD

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: Timer
String ID:
API String ID: 2870079774-0
Opcode ID: 913759e72060e79a141040f520f5d49887b5eb33fcdb4c0aa620a9e59866e97d
Instruction ID: 7b7978ba413cfb0c0990b0364682cd94c6eff2613e066697876451d3fc2d2f98
Opcode Fuzzy Hash: 913759e72060e79a141040f520f5d49887b5eb33fcdb4c0aa620a9e59866e97d
Instruction Fuzzy Hash: 781103B5900349DFDB50DF9AD889BDEBBF8EB48324F10841AE915A7700C376A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06929B09, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,06928D5F), ref: 06929B6D

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: c1a47fcfcac4eddd0d699e5147c34a8d4f26f477123f829b88f2fb486f0f6d7a
Instruction ID: 7e285f4ab268eb16742ff820e2ba9d8102bc0c4e733619ea8ff9a4641ed5b0e7
Opcode Fuzzy Hash: c1a47fcfcac4eddd0d699e5147c34a8d4f26f477123f829b88f2fb486f0f6d7a
Instruction Fuzzy Hash: 3A1103B1D046598FCB10CF9AD888BDEFBF8EB48324F10852AE419A7710D375A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069279D4, Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,06928D5F), ref: 06929B6D

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: e91b2a7552d27cfcb89438e921a783f834dc75e1461db27d5eb1581450a846d6
Instruction ID: 98a0ba5468eac7cb2f95fe84e0b44cf22e247ff7058833e34c1765318a3b0ac6
Opcode Fuzzy Hash: e91b2a7552d27cfcb89438e921a783f834dc75e1461db27d5eb1581450a846d6
Instruction Fuzzy Hash: C111F2B1D046598FCB10CF9AD448BDEFBF8EB88324F10852AE419A7700D378A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 06927928, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 06928875

Memory Dump Source

Source File: 00000003.00000002.475850403.0000000006920000.00000040.00000001.sdmp, Offset: 06920000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5a66732e8347c29c3f63e3455623de7bd72dacdacd7af7da99f23f9b55806a0a
Instruction ID: 7e6ad0874431d9025c91df7fb158969bae34a570927d61c8d834648ad26a1e93
Opcode Fuzzy Hash: 5a66732e8347c29c3f63e3455623de7bd72dacdacd7af7da99f23f9b55806a0a
Instruction Fuzzy Hash: 921133B0D00249CFCB60CF9AD448BDEBBF8EB48324F14842AE519A7710C374A948CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0694353D, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 069435C4

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 0e75a06f9d40be261d9b3ff813a1c766758128c97c3957be11df2672761e8da2
Instruction ID: 22c6532910130e7e04404e8bf913ff9f5d9845f7a3e264c42f66b37dc5d61b7f
Opcode Fuzzy Hash: 0e75a06f9d40be261d9b3ff813a1c766758128c97c3957be11df2672761e8da2
Instruction Fuzzy Hash: 01116D34620304CFCB592BB1EA0E15DBFBAEB8535AB042431F417C66A8DF304E858B51

Uniqueness

Uniqueness Score: -1.00%

Function 0694357F, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 069435C4

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 781f42af68ecde0bf248a130cf3b122f459f7c670dc23d71c5c473a245a04940
Instruction ID: f6cf6683ad649fc5b8e4f4b2c5ab6134a4e66d5bb715031cff22c27c92f2eda1
Opcode Fuzzy Hash: 781f42af68ecde0bf248a130cf3b122f459f7c670dc23d71c5c473a245a04940
Instruction Fuzzy Hash: 74017B34660308CFCB593BB1EA1E05DBFAAFB8935AB042471F417CA6A4CF300E858B55

Uniqueness

Uniqueness Score: -1.00%

Function 069435B3, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL ref: 069435C4

Memory Dump Source

Source File: 00000003.00000002.475884092.0000000006940000.00000040.00000001.sdmp, Offset: 06940000, based on PE: false

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: fd7b7d3a3aff4e1d339d1b17ce45185b3a62cfa1048121f6b47d49ee8daa61c2
Instruction ID: fbc72689aa2295bbc5cee7146b33a27063df8349c6e6f966e9186746d09526e5
Opcode Fuzzy Hash: fd7b7d3a3aff4e1d339d1b17ce45185b3a62cfa1048121f6b47d49ee8daa61c2
Instruction Fuzzy Hash: A1F04435660308CBCB143BB1EA0E15DBFAAEB8836AB053871F416CA664CF200E858B55

Uniqueness

Uniqueness Score: -1.00%

Function 0591FB68, Relevance: .3, Instructions: 330COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ef2342e52b1c1462f81a253f87832a5c54be5882511c8e0715cfba9f2dbcef
Instruction ID: 6f8a286aa5b47298c681a418e2d75579a90607510d355d598a95b88d7f874b02
Opcode Fuzzy Hash: 12ef2342e52b1c1462f81a253f87832a5c54be5882511c8e0715cfba9f2dbcef
Instruction Fuzzy Hash: 71D15B34A1122CDFCB54DFA4D944AADB7B6FF88314F118568E812AB3A5CB31DC81CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0591E3F0, Relevance: .2, Instructions: 248COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c9be4e6a5828ea8d4a8009941fbd2a0055f69bca17d443a73c1bde214d9807a
Instruction ID: 1c38fa735307ab57f14c9b533c6c440231886a70fb0ff2df5bd2fdbdc41d28c0
Opcode Fuzzy Hash: 6c9be4e6a5828ea8d4a8009941fbd2a0055f69bca17d443a73c1bde214d9807a
Instruction Fuzzy Hash: 8181F3327142298FCB15DB28D418A6A7FAAEFC9314F198469ED0ACF3A5DB34CC018795

Uniqueness

Uniqueness Score: -1.00%

Function 0591FB58, Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 435a35561b045c71d706e4329845933f327f793458738fa4a12f10e0f9e314d3
Instruction ID: 70bdb5aea0ab1fab4b6f30fa4cfab0cdaebf7f163a34aa89324106447d2d315c
Opcode Fuzzy Hash: 435a35561b045c71d706e4329845933f327f793458738fa4a12f10e0f9e314d3
Instruction Fuzzy Hash: 0FA10934A11218DFCB64DF64D984EADB7B6FF48315F218168E812AB3A5C731EC81CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0110D514, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469291561.000000000110D000.00000040.00000001.sdmp, Offset: 0110D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7030e71e7215f037210723497f734a774ef5b00cbe1d9658adbecfa6e2e1c342
Instruction ID: df29b90d7737fb83e6e7e6f2fde03f089afe7d9b125c63a7af8f47982cdb5ab5
Opcode Fuzzy Hash: 7030e71e7215f037210723497f734a774ef5b00cbe1d9658adbecfa6e2e1c342
Instruction Fuzzy Hash: C6210B71904240DFDF0ADF94E4C0B16BB75FB88318F248569ED054B286C376D445C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0110D428, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469291561.000000000110D000.00000040.00000001.sdmp, Offset: 0110D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d195a4b02c76b900603f528bbe300b092bd597e3fefdaebed5ed921a1ca58c9a
Instruction ID: da4f66692a6c34a12ba1e1081b7bc74727b9550a796cb695a872dfb39ff26b7f
Opcode Fuzzy Hash: d195a4b02c76b900603f528bbe300b092bd597e3fefdaebed5ed921a1ca58c9a
Instruction Fuzzy Hash: 23214871904240DFDF0ACF94E9C4B56BB65FB84324F21C569E8058FA86C376E846C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0591E338, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01c3d265f4cc57f8b0460b8e55274b652e683768f449722af68f2adb83e41902
Instruction ID: 1a92d516bc86e31d2ed49583e27024da4530727585c3822350702cb5d0dc0faa
Opcode Fuzzy Hash: 01c3d265f4cc57f8b0460b8e55274b652e683768f449722af68f2adb83e41902
Instruction Fuzzy Hash: 01218076A002199FCB00DF99D845AEEFFFAFB88310F10842AE915E7241D7759956CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0111D030, Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469389633.000000000111D000.00000040.00000001.sdmp, Offset: 0111D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71db2c5c992d900896fe3bb7cd65833b764f4c77e4004a7046c3b2c99f6796ea
Instruction ID: b7083471376f2116ec5b1e40650ca70cc4d4642ae6926111f994259d92701512
Opcode Fuzzy Hash: 71db2c5c992d900896fe3bb7cd65833b764f4c77e4004a7046c3b2c99f6796ea
Instruction Fuzzy Hash: 92210375504200DFDF19CF98E8C8B1AFB65FB84214F24C979D8094B24AC336D846CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0591E540, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cecb87486d1f497227ceeaab2b1301ea71355db9136e9927cdaffb1a0b10551
Instruction ID: 322d0128f2f28d528e4624d43624cf0e26838c55984d56969b2e1a5fa561bc92
Opcode Fuzzy Hash: 9cecb87486d1f497227ceeaab2b1301ea71355db9136e9927cdaffb1a0b10551
Instruction Fuzzy Hash: C21193367002388FDB248A19C548B1ABBAEEFC4A54F598065DD05CF365EA71DC418789

Uniqueness

Uniqueness Score: -1.00%

Function 0110D50F, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469291561.000000000110D000.00000040.00000001.sdmp, Offset: 0110D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d004d151982520d82b782d4735647871151bc0f40ac205a76a03d9cb8f3c13
Instruction ID: 7afc9b032a665bd2c86ab3d031a5ce018ddf689fd46986e1a3747c0121ca9f9d
Opcode Fuzzy Hash: 99d004d151982520d82b782d4735647871151bc0f40ac205a76a03d9cb8f3c13
Instruction Fuzzy Hash: BC11AF76804280CFCF16CF54D5C4B16BF71FB84324F2486A9DC054B656C376D45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0110D423, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469291561.000000000110D000.00000040.00000001.sdmp, Offset: 0110D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99d004d151982520d82b782d4735647871151bc0f40ac205a76a03d9cb8f3c13
Instruction ID: b57910e2925c5dfb06709c4f0a3fcc7456d783cad2ad87bc2b21730fed49f3ef
Opcode Fuzzy Hash: 99d004d151982520d82b782d4735647871151bc0f40ac205a76a03d9cb8f3c13
Instruction Fuzzy Hash: 2111B176804280DFDF16CF54D5C4B56BF71FB84324F24C6AAD8094BA56C336D45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0591E622, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9bc4394f451dd6c28506bb3681c74fe68eb363d4885df4c1b07b76ce592deb5e
Instruction ID: 65b981367243fd017518715c06075623fc9897c48b07479bd32868db2e9fc939
Opcode Fuzzy Hash: 9bc4394f451dd6c28506bb3681c74fe68eb363d4885df4c1b07b76ce592deb5e
Instruction Fuzzy Hash: 1A01D876B141585FD708526998067AFFE9FEBC9364F988439F90AC7384DE64CC0142A5

Uniqueness

Uniqueness Score: -1.00%

Function 0111D02B, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.469389633.000000000111D000.00000040.00000001.sdmp, Offset: 0111D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10598f41ecae80e3ed7eaa2e4d93e548ce5d2277042f09e11ef5a73a669a8393
Instruction ID: f8bfbce1cd812f6743b77c12cc6a561967b21978f387e5eb0c90e8a5a5f950a7
Opcode Fuzzy Hash: 10598f41ecae80e3ed7eaa2e4d93e548ce5d2277042f09e11ef5a73a669a8393
Instruction Fuzzy Hash: 8211BE75504680CFCB16CF58D5C4B15FB61FB84314F28C6AAD8494B65AC33AD44ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0591E3E2, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2be26d00e60e1a3384fc2a6777697ee5cc98721ec0613a095312f4922f75ec7d
Instruction ID: 3e340b2b11513d5adbac48994d66cc98d3d7e49324e2b9929b413a3e59b0d4fb
Opcode Fuzzy Hash: 2be26d00e60e1a3384fc2a6777697ee5cc98721ec0613a095312f4922f75ec7d
Instruction Fuzzy Hash: 1501717631021A9BD704DF19E444B6A7BEAEB88320F549439ED1ADB391DA34DC128B54

Uniqueness

Uniqueness Score: -1.00%

Function 0591EDAD, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.475292860.0000000005910000.00000040.00000001.sdmp, Offset: 05910000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0e21d38c981a2b53059891348981d9aeb945c650852f54d8a52a45ae6aa709c
Instruction ID: b2084d2981ef1bc50baed9e5c67c77301f9363ee14503434a21ff7b15d606d63
Opcode Fuzzy Hash: c0e21d38c981a2b53059891348981d9aeb945c650852f54d8a52a45ae6aa709c
Instruction Fuzzy Hash: 7BD0173AB001558BC768DE24A4881BDF7A3EBCC221B01C176E91A93A44DE3009A99B54

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report Purchase Order_12052021.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre