Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report BFSV-1F(N)_1B-8B_ANSI.exe

Overview

General Information

Sample Name:BFSV-1F(N)_1B-8B_ANSI.exe
Analysis ID:337281
MD5:36f13aad903e851544fe137feca3435b
SHA1:776d3d7e39a8b3e72e2e9b5c36a615e3157d05ad
SHA256:41617ac4431c229ba27bf94617b465309e7f502ae5088cd12ee571a0428ea120
Tags:exeNanoCoreRAT

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Sigma detected: NanoCore
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Nanocore RAT
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • BFSV-1F(N)_1B-8B_ANSI.exe (PID: 5932 cmdline: 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe' MD5: 36F13AAD903E851544FE137FECA3435B)
    • BFSV-1F(N)_1B-8B_ANSI.exe (PID: 4420 cmdline: 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe' MD5: 36F13AAD903E851544FE137FECA3435B)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x215e5:$x1: NanoCore.ClientPluginHost
  • 0x21622:$x2: IClientNetworkHost
  • 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0x2135d:$x1: NanoCore Client.exe
  • 0x215e5:$x2: NanoCore.ClientPluginHost
  • 0x22c1e:$s1: PluginCommand
  • 0x22c12:$s2: FileCommand
  • 0x23ac3:$s3: PipeExists
  • 0x2987a:$s4: PipeCreated
  • 0x2160f:$s5: IClientLoggingHost
00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x2134d:$a: NanoCore
    • 0x2135d:$a: NanoCore
    • 0x21591:$a: NanoCore
    • 0x215a5:$a: NanoCore
    • 0x215e5:$a: NanoCore
    • 0x213ac:$b: ClientPlugin
    • 0x215ae:$b: ClientPlugin
    • 0x215ee:$b: ClientPlugin
    • 0x214d3:$c: ProjectData
    • 0x21eda:$d: DESCrypto
    • 0x298a6:$e: KeepAlive
    • 0x27894:$g: LogClientMessage
    • 0x23a8f:$i: get_Connected
    • 0x22210:$j: #=q
    • 0x22240:$j: #=q
    • 0x2225c:$j: #=q
    • 0x2228c:$j: #=q
    • 0x222a8:$j: #=q
    • 0x222c4:$j: #=q
    • 0x222f4:$j: #=q
    • 0x22310:$j: #=q
    Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932Nanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x10dff2:$x1: NanoCore.ClientPluginHost
    • 0x10e053:$x2: IClientNetworkHost
    • 0x113458:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x1213ca:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    Click to see the 2 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x1d9e5:$x1: NanoCore.ClientPluginHost
    • 0x1da22:$x2: IClientNetworkHost
    • 0x21555:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0x1d75d:$x1: NanoCore Client.exe
    • 0x1d9e5:$x2: NanoCore.ClientPluginHost
    • 0x1f01e:$s1: PluginCommand
    • 0x1f012:$s2: FileCommand
    • 0x1fec3:$s3: PipeExists
    • 0x25c7a:$s4: PipeCreated
    • 0x1da0f:$s5: IClientLoggingHost
    0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x1d74d:$a: NanoCore
      • 0x1d75d:$a: NanoCore
      • 0x1d991:$a: NanoCore
      • 0x1d9a5:$a: NanoCore
      • 0x1d9e5:$a: NanoCore
      • 0x1d7ac:$b: ClientPlugin
      • 0x1d9ae:$b: ClientPlugin
      • 0x1d9ee:$b: ClientPlugin
      • 0x1d8d3:$c: ProjectData
      • 0x1e2da:$d: DESCrypto
      • 0x25ca6:$e: KeepAlive
      • 0x23c94:$g: LogClientMessage
      • 0x1fe8f:$i: get_Connected
      • 0x1e610:$j: #=q
      • 0x1e640:$j: #=q
      • 0x1e65c:$j: #=q
      • 0x1e68c:$j: #=q
      • 0x1e6a8:$j: #=q
      • 0x1e6c4:$j: #=q
      • 0x1e6f4:$j: #=q
      • 0x1e710:$j: #=q
      0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x215e5:$x1: NanoCore.ClientPluginHost
      • 0x21622:$x2: IClientNetworkHost
      • 0x25155:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 3 entries

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe, ProcessId: 4420, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Antivirus / Scanner detection for submitted sampleShow sources
      Source: BFSV-1F(N)_1B-8B_ANSI.exeAvira: detected
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORY
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPE
      Machine Learning detection for sampleShow sources
      Source: BFSV-1F(N)_1B-8B_ANSI.exeJoe Sandbox ML: detected
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: wntdll.pdbUGP source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000003.236111484.000000001A330000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000003.236111484.000000001A330000.00000004.00000001.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000001.00000003.410135152.0000000006773000.00000004.00000001.sdmp

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49716 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49721 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49728 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49736 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49738 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49740 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49749 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49759 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49760 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49761 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49762 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49763 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49764 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49767 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49768 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49769 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49770 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49771 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49772 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49773 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49774 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49775 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49776 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49777 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49778 -> 45.138.49.96:9999
      Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49779 -> 45.138.49.96:9999
      Source: global trafficTCP traffic: 192.168.2.3:49716 -> 45.138.49.96:9999
      Source: Joe Sandbox ViewASN Name: ASDETUKhttpwwwheficedcomGB ASDETUKhttpwwwheficedcomGB
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.49.96
      Source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000002.242332679.00000000008AA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORY
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D2B6500_2_00D2B650
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D2A8790_2_00D2A879
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D246100_2_00D24610
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D297000_2_00D29700
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D2CC360_2_00D2CC36
      Source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000003.239929756.000000001A496000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BFSV-1F(N)_1B-8B_ANSI.exe
      Source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000001.00000003.248234831.000000000674B000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs BFSV-1F(N)_1B-8B_ANSI.exe
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: classification engineClassification label: mal100.troj.evad.winEXE@3/4@0/1
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D30000 EntryPoint,FindResourceW,LoadResource,VirtualProtect,EnumLanguageGroupLocalesW,0_2_00D30000
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeFile created: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9AJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c9506c35-7fc9-4302-a06c-3e362d7043e7}
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeFile read: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe'
      Source: unknownProcess created: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe'
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess created: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe' Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: wntdll.pdbUGP source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000003.236111484.000000001A330000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000003.236111484.000000001A330000.00000004.00000001.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000001.00000003.410135152.0000000006773000.00000004.00000001.sdmp
      Source: initial sampleStatic PE information: section where entry point is pointing to: .stub
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: section name: .code
      Source: BFSV-1F(N)_1B-8B_ANSI.exeStatic PE information: section name: .stub
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D21000 push eax; ret 0_2_00D2102E

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeFile opened: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWindow / User API: threadDelayed 5591Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWindow / User API: threadDelayed 2861Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWindow / User API: foregroundWindowGot 626Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWindow / User API: foregroundWindowGot 790Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe TID: 6232Thread sleep time: -7378697629483816s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D2F270 mov eax, dword ptr fs:[00000030h]0_2_00D2F270
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_006FF669 mov eax, dword ptr fs:[00000030h]0_2_006FF669
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_006FF6CC mov eax, dword ptr fs:[00000030h]0_2_006FF6CC
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_006FF62C mov eax, dword ptr fs:[00000030h]0_2_006FF62C
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_006FEDB6 mov eax, dword ptr fs:[00000030h]0_2_006FEDB6
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_006FF80D mov eax, dword ptr fs:[00000030h]0_2_006FF80D
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeCode function: 0_2_00D2F3F0 GetProcessHeap,RtlAllocateHeap,GetProcessHeap,HeapAlloc,0_2_00D2F3F0
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeSection loaded: unknown target: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeProcess created: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe 'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe' Jump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORY
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: BFSV-1F(N)_1B-8B_ANSI.exe, 00000001.00000003.248234831.000000000674B000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932, type: MEMORY
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d40000.2.raw.unpack, type: UNPACKEDPE

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management Instrumentation1Path InterceptionProcess Injection111Masquerading1Input Capture1Query Registry1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      BFSV-1F(N)_1B-8B_ANSI.exe100%AviraTR/Crypt.XPACK.Gen
      BFSV-1F(N)_1B-8B_ANSI.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      0.2.BFSV-1F(N)_1B-8B_ANSI.exe.d20000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      0.0.BFSV-1F(N)_1B-8B_ANSI.exe.d20000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
      1.0.BFSV-1F(N)_1B-8B_ANSI.exe.d20000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      45.138.49.96
      		unknownGermany
      		61317ASDETUKhttpwwwheficedcomGBtrue

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:337281
      Start date:08.01.2021
      Start time:09:23:02
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 7m 20s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:BFSV-1F(N)_1B-8B_ANSI.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:34
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@3/4@0/1
      EGA Information:Failed
      HDC Information:
      • Successful, ratio: 1% (good quality ratio 0%)
      • Quality average: 0%
      • Quality standard deviation: 0%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .exe
      Warnings:
      Show All
      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, SgrmBroker.exe, svchost.exe, UsoClient.exe, wuapihost.exe
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      09:24:10API Interceptor1454x Sleep call for process: BFSV-1F(N)_1B-8B_ANSI.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      45.138.49.96ts1593782194000000.exeGet hashmaliciousBrowse

        Domains

        No context

        ASN

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        ASDETUKhttpwwwheficedcomGBts1593782194000000.exeGet hashmaliciousBrowse
        • 45.138.49.96
        https://mysp.ac/WJKWebxcAX/../4lj3C#fCfAXmrBDFsvHupFQHQULbmkQvYGet hashmaliciousBrowse
        • 181.214.121.98
        https://storage.googleapis.com/hjjdkkejsdido/ar.htmlGet hashmaliciousBrowse
        • 181.214.121.98
        SecuriteInfo.com.Variant.Bulz.286556.17709.exeGet hashmaliciousBrowse
        • 191.96.184.151
        https://00000000.rdtk.io/5fea58f1588f49000120c69f?thru=thru2Get hashmaliciousBrowse
        • 154.16.134.180
        http://p4fxv.info/D3c2Hp2HMIGet hashmaliciousBrowse
        • 154.16.134.180
        http://p4fxv.info/D3c2Hp2HMIGet hashmaliciousBrowse
        • 154.16.134.180
        https://uwvhagmjgz.objects-us-east-1.dream.io/1.html#qs=r-acacaegfhckeadkfkgjejaejcckabababadhadbfaccadieacjjkagggbcacbGet hashmaliciousBrowse
        • 154.16.134.180
        Requestforprices..xlsxGet hashmaliciousBrowse
        • 181.214.31.82
        SecuriteInfo.com.Trojan.BtcMine.3311.17146.exeGet hashmaliciousBrowse
        • 181.214.59.30
        Shipping_Details.exeGet hashmaliciousBrowse
        • 181.214.142.116
        zSPIyck1p9.exeGet hashmaliciousBrowse
        • 181.214.142.116
        Shipping_Details.exeGet hashmaliciousBrowse
        • 181.214.142.116
        qkN4OZWFG6.exeGet hashmaliciousBrowse
        • 154.16.46.128
        kvdYhqN3Nh.exeGet hashmaliciousBrowse
        • 154.16.46.128
        rJz6SePuqu.dllGet hashmaliciousBrowse
        • 191.96.108.132
        Inv_RM55024.exeGet hashmaliciousBrowse
        • 181.214.142.131
        Receipt.exeGet hashmaliciousBrowse
        • 181.214.142.131
        3yhnaDfaxn.exeGet hashmaliciousBrowse
        • 154.16.46.128
        file 010.20.docGet hashmaliciousBrowse
        • 45.150.64.102

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
        Process:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        File Type:data
        Category:dropped
        Size (bytes):1392
        Entropy (8bit):7.024371743172393
        Encrypted:false
        SSDEEP:24:IQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUt4:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/f
        MD5:E78C6686C5A1A9CB0724F84DEA9A75F0
        SHA1:80E61D5BDC7AF293362024781DA66BEA9D370FF9
        SHA-256:FBE0B513511C00AC3B7169E1BCFB675CFD708B249365D724269C23FAC1184967
        SHA-512:FF3835238CAEA26D8800B56901AB962ACD2FA390F955C4A8A15B5817AAB7642D105538CF63938D218567501477FB4B23C2834F22CBC8BA0002C7BCACB2875637
        Malicious:false
        Reputation:low
        Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Process:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        File Type:ISO-8859 text, with no line terminators
        Category:dropped
        Size (bytes):8
        Entropy (8bit):3.0
        Encrypted:false
        SSDEEP:3:nvt:n1
        MD5:3F3CD5C288B64A7072F09AC01296FBC4
        SHA1:E46242146BEBEFF9D2FF11B8C187518025E4E182
        SHA-256:35943387C3ACAE14B8EE9FA76521D176C82DEB8F1BA2EDDB1F3BDCFF2863236B
        SHA-512:A02091D483EB31B5590C522B6AD3192134BD1C3BED2D53ACAB699579EF4A6B882547006D443289B0CEDBEA6C0BC94CF2A596120F71E0C9FB7137C187F7F30CAC
        Malicious:true
        Reputation:low
        Preview: ...5...H
        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
        Process:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        File Type:data
        Category:dropped
        Size (bytes):40
        Entropy (8bit):5.153055907333276
        Encrypted:false
        SSDEEP:3:9bzY6oRDT6P2bfVn1:RzWDT621
        MD5:4E5E92E2369688041CC82EF9650EDED2
        SHA1:15E44F2F3194EE232B44E9684163B6F66472C862
        SHA-256:F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
        SHA-512:1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview: 9iH...}Z.4..f.~a........~.~.......3.U.
        C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
        Process:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        File Type:data
        Category:dropped
        Size (bytes):327432
        Entropy (8bit):7.99938831605763
        Encrypted:true
        SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
        MD5:7E8F4A764B981D5B82D1CC49D341E9C6
        SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
        SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
        SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.860141249668034
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:BFSV-1F(N)_1B-8B_ANSI.exe
        File size:346624
        MD5:36f13aad903e851544fe137feca3435b
        SHA1:776d3d7e39a8b3e72e2e9b5c36a615e3157d05ad
        SHA256:41617ac4431c229ba27bf94617b465309e7f502ae5088cd12ee571a0428ea120
        SHA512:77a68e34a1bbf2360f8473368a0e3fd9c54567477a29561980851b82bd8ac1655919a109d6d4456a67bd633ef436fcf4697fc77d17e03e701d36ee7b82f296e6
        SSDEEP:6144:cvnifsw4lp4UlclMNJO2OOZNYQjJntWar4u0PYlcf2ELdYyfHwgF2r2QQvipF:snL3lklmOkYstWa/7cfNLyR2kF
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.3.g.]Ug.]Ug.]U..\Tv.]Ug.\UN.]U..SUf.]U..YTf.]U...Uf.]U.._Tf.]URichg.]U........PE..L......_...................................

        File Icon

        Icon Hash:74f4c4ccccd4d0d4

        Static PE Info

        General

        Entrypoint:0x410000
        Entrypoint Section:.stub
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
        DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Time Stamp:0x5FF7808C [Thu Jan 7 21:43:40 2021 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:6
        OS Version Minor:0
        File Version Major:6
        File Version Minor:0
        Subsystem Version Major:6
        Subsystem Version Minor:0
        Import Hash:6a01311f3b93e75b0932a2018ac2171e

        Entrypoint Preview

        Instruction
        push ebp
        mov ebp, esp
        mov eax, 00001A30h
        call 00007FC2FCA2FBC8h
        call 00007FC2FCA3DE33h
        mov dword ptr [ebp-0Ch], eax
        call 00007FC2FCA3DFABh
        push 0000000Ah
        push 004100D4h
        push 00000000h
        call dword ptr [00403024h]
        mov dword ptr [ebp-04h], eax
        mov eax, dword ptr [ebp-04h]
        push eax
        push 00000000h
        call dword ptr [00403010h]
        mov dword ptr [ebp-08h], eax
        push 00001A05h
        mov ecx, dword ptr [ebp-08h]
        push ecx
        lea edx, dword ptr [ebp-00001A30h]
        push edx
        call 00007FC2FCA3DF15h
        mov ecx, 00000000h
        mov al, byte ptr [ebp+ecx-00001A30h]
        cmp ecx, 00001A05h
        je 00007FC2FCA3EC02h
        xor al, A3h
        dec al
        sub al, A3h
        inc al
        add al, A7h
        dec al
        add al, 40h
        sub al, 8Bh
        add al, 72h
        xor al, ADh
        sub al, E1h
        add al, D6h
        dec al
        xor al, 99h
        sub al, C3h
        inc al
        add al, 28h
        add al, F0h
        mov byte ptr [ebp+ecx-00001A30h], al
        add ecx, 01h
        jmp 00007FC2FCA3EB93h
        mov al, 00h
        mov ecx, 00000000h
        lea eax, dword ptr [ebp-10h]
        push eax
        push 00000040h
        push 00001A05h
        lea ecx, dword ptr [ebp-00001A30h]
        push ecx
        call dword ptr [00403014h]
        push 00000000h
        push 00000000h
        push 00000002h
        lea edx, dword ptr [ebp-00001A30h]
        push edx
        call dword ptr [00403020h]
        lea eax, dword ptr [ebp+00h]

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x30c40xb4.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000x4138.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000x80.reloc
        IMAGE_DIRECTORY_ENTRY_DEBUG0x20000x1c.data
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x30000xc4.idata
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
        .text0x10000x15a0x200False0.42578125data3.57394794431IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        .data0x20000x1500x200False0.37890625data2.5909148946IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        .idata0x30000x5760x600False0.486328125data4.62959328748IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .code0x40000xb4540xb600False0.499291723901data5.38349156704IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
        .stub0x100000xe60x200False0.40625data3.07398255133IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .rsrc0x110000x41380x4200False0.817412405303data7.56696464821IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
        .reloc0x160000x800x200False0.26953125data1.68689486927IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

        Resources

        NameRVASizeTypeLanguageCountry
        RT_ICON0x111000x2615PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
        RT_RCDATA0x137300x1a05dataEnglishUnited States
        RT_GROUP_ICON0x137180x14dataEnglishUnited States

        Imports

        DLLImport
        KERNEL32.dllLoadResource, VirtualProtect, GetProcessHeap, HeapAlloc, EnumLanguageGroupLocalesW, FindResourceW
        wsnmp32.dll
        COMDLG32.dllChooseFontW, ReplaceTextA, PrintDlgA
        SETUPAPI.dllSetupOpenMasterInf, SetupDiCreateDeviceInfoListExA, SetupDiGetDeviceInfoListDetailW, SetupQueryDrivesInDiskSpaceListW, SetupDiCancelDriverInfoSearch, SetupQueryFileLogA
        ole32.dllOleCreateEmbeddingHelper, DllGetClassObjectWOW, OleGetIconOfFile, OleQueryLinkFromData, HWND_UserSize
        WINSPOOL.DRVFindNextPrinterChangeNotification, DeletePrinterDriverA, DeletePrinterDataW, DocumentPropertiesA, EnumPrinterDataExA, AddFormA
        SHLWAPI.dllSHRegGetBoolUSValueW, StrSpnA, StrRChrIA, SHDeleteEmptyKeyW, UrlEscapeW
        loadperf.dllUnloadPerfCounterTextStringsA, LoadPerfCounterTextStringsA

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        EnglishUnited States

        Network Behavior

        Snort IDS Alerts

        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
        01/08/21-09:24:11.140705TCP2025019ET TROJAN Possible NanoCore C2 60B497169999192.168.2.345.138.49.96
        01/08/21-09:24:17.902668TCP2025019ET TROJAN Possible NanoCore C2 60B497219999192.168.2.345.138.49.96
        01/08/21-09:24:25.388192TCP2025019ET TROJAN Possible NanoCore C2 60B497289999192.168.2.345.138.49.96
        01/08/21-09:24:31.278859TCP2025019ET TROJAN Possible NanoCore C2 60B497359999192.168.2.345.138.49.96
        01/08/21-09:24:37.425775TCP2025019ET TROJAN Possible NanoCore C2 60B497369999192.168.2.345.138.49.96
        01/08/21-09:24:44.986569TCP2025019ET TROJAN Possible NanoCore C2 60B497389999192.168.2.345.138.49.96
        01/08/21-09:24:51.260108TCP2025019ET TROJAN Possible NanoCore C2 60B497409999192.168.2.345.138.49.96
        01/08/21-09:24:58.098409TCP2025019ET TROJAN Possible NanoCore C2 60B497499999192.168.2.345.138.49.96
        01/08/21-09:25:03.147692TCP2025019ET TROJAN Possible NanoCore C2 60B497539999192.168.2.345.138.49.96
        01/08/21-09:25:09.262215TCP2025019ET TROJAN Possible NanoCore C2 60B497599999192.168.2.345.138.49.96
        01/08/21-09:25:15.224134TCP2025019ET TROJAN Possible NanoCore C2 60B497609999192.168.2.345.138.49.96
        01/08/21-09:25:21.269898TCP2025019ET TROJAN Possible NanoCore C2 60B497619999192.168.2.345.138.49.96
        01/08/21-09:25:27.242753TCP2025019ET TROJAN Possible NanoCore C2 60B497629999192.168.2.345.138.49.96
        01/08/21-09:25:33.237074TCP2025019ET TROJAN Possible NanoCore C2 60B497639999192.168.2.345.138.49.96
        01/08/21-09:25:39.241771TCP2025019ET TROJAN Possible NanoCore C2 60B497649999192.168.2.345.138.49.96
        01/08/21-09:25:45.227980TCP2025019ET TROJAN Possible NanoCore C2 60B497679999192.168.2.345.138.49.96
        01/08/21-09:25:51.238341TCP2025019ET TROJAN Possible NanoCore C2 60B497689999192.168.2.345.138.49.96
        01/08/21-09:25:57.259892TCP2025019ET TROJAN Possible NanoCore C2 60B497699999192.168.2.345.138.49.96
        01/08/21-09:26:03.246907TCP2025019ET TROJAN Possible NanoCore C2 60B497709999192.168.2.345.138.49.96
        01/08/21-09:26:09.229937TCP2025019ET TROJAN Possible NanoCore C2 60B497719999192.168.2.345.138.49.96
        01/08/21-09:26:15.229234TCP2025019ET TROJAN Possible NanoCore C2 60B497729999192.168.2.345.138.49.96
        01/08/21-09:26:21.249433TCP2025019ET TROJAN Possible NanoCore C2 60B497739999192.168.2.345.138.49.96
        01/08/21-09:26:27.232176TCP2025019ET TROJAN Possible NanoCore C2 60B497749999192.168.2.345.138.49.96
        01/08/21-09:26:34.829754TCP2025019ET TROJAN Possible NanoCore C2 60B497759999192.168.2.345.138.49.96
        01/08/21-09:26:41.886345TCP2025019ET TROJAN Possible NanoCore C2 60B497769999192.168.2.345.138.49.96
        01/08/21-09:26:47.983092TCP2025019ET TROJAN Possible NanoCore C2 60B497779999192.168.2.345.138.49.96
        01/08/21-09:26:54.327113TCP2025019ET TROJAN Possible NanoCore C2 60B497789999192.168.2.345.138.49.96
        01/08/21-09:27:02.343670TCP2025019ET TROJAN Possible NanoCore C2 60B497799999192.168.2.345.138.49.96

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 8, 2021 09:24:11.053262949 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.093405008 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.095838070 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.140705109 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.185173035 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.194889069 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.235156059 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.257477999 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.317126989 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.340390921 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.340504885 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.340545893 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.340631008 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.340713024 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.340735912 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.380659103 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.380758047 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.380801916 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.380870104 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.380924940 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.380947113 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.380964041 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.380986929 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.381031036 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.381095886 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.381148100 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.381150961 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.392416000 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421037912 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421087027 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421143055 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421180010 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421191931 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421211004 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421227932 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421267033 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421278000 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421282053 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421324015 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421365023 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421375990 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421380997 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421422005 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421456099 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421495914 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421541929 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421547890 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421546936 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421590090 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421642065 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421643972 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421648026 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421700954 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421741962 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421768904 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421817064 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.421868086 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.421875954 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.457406044 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.461874962 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.461918116 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.461977005 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462019920 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462064981 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462124109 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462148905 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462166071 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462213039 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462255001 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462316990 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462321043 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462332010 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462393999 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462450027 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462503910 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462569952 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462591887 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462598085 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462652922 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462696075 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462748051 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462784052 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462795019 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462800026 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462832928 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462871075 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462928057 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.462985039 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.462989092 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463010073 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463052034 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463104010 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463151932 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463212013 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463274002 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463273048 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463279009 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463323116 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463383913 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463416100 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463448048 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463491917 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463543892 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463546991 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.463551044 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.463584900 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.468239069 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.503587008 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.503698111 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.503760099 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.503837109 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.503896952 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.503923893 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.503952980 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.503977060 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504070997 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504129887 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504192114 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504195929 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504195929 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504277945 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504317999 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504384995 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504436970 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504476070 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504488945 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504492998 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504524946 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504563093 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504618883 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504627943 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504667997 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504717112 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504755020 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504767895 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504772902 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504812002 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504853010 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504913092 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504962921 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.504966974 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.504971981 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505023003 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505085945 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505132914 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505186081 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505189896 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505198002 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505237103 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505290031 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505354881 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505409956 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505415916 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505461931 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505516052 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505584002 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505644083 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505707979 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505714893 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505721092 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505781889 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505861998 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505923033 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.505943060 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.505995989 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506042004 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.506047010 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.506057024 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506119013 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506211042 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506273031 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506309986 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.506337881 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.506351948 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.506392956 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.507313967 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.508054018 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.508114100 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.509407997 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546252966 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546300888 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546360016 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546411991 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546447992 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546468019 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546487093 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546542883 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546542883 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546547890 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546580076 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546622992 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546638966 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546659946 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546709061 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546746969 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546777010 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546807051 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546857119 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.546873093 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546956062 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.546967983 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547008038 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547046900 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547102928 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547156096 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547158957 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547164917 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547194004 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547244072 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547281981 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547337055 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547338009 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547379971 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547445059 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547446012 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547451973 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547506094 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547569036 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547617912 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547669888 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547676086 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547677994 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547744036 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547787905 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547838926 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547894955 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547903061 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.547909975 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.547947884 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548006058 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548060894 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548099995 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548150063 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548155069 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548173904 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548243046 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548286915 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548345089 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548371077 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548376083 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548434973 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548496008 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548563004 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548603058 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548654079 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.548701048 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548707962 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.548712015 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.549097061 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.549139023 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.549315929 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.588581085 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.588629007 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.588797092 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.589559078 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589621067 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589696884 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589757919 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.589773893 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589835882 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589917898 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.589925051 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.589962006 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590025902 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590040922 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590090990 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590112925 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590121984 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590137959 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590188026 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590249062 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590323925 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590367079 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590384960 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590398073 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590426922 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590491056 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590539932 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590600967 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590609074 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590625048 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590679884 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590744972 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590818882 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590878963 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590888023 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.590925932 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.590987921 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591061115 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591119051 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591182947 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591192961 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591193914 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591255903 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591335058 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591394901 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591475964 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591541052 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591543913 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591551065 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591628075 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591691971 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591768026 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591825962 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591829062 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591837883 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.591902018 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.591957092 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592036963 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592097044 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592111111 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.592124939 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.592183113 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592250109 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592331886 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592375040 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.592384100 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.592448950 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592513084 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.592555046 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.592585087 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.593110085 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.629606009 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.629729033 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.629793882 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.629869938 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.629966021 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.630017996 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.632560968 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632611036 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632664919 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632704973 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632764101 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632770061 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.632785082 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.632821083 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632875919 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632939100 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.632989883 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633002043 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633053064 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633104086 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633107901 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633117914 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633148909 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633208036 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633263111 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633271933 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633302927 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633353949 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633428097 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633430958 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633476973 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633529902 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633529902 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633544922 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633580923 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633619070 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633667946 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633682966 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633708000 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633708954 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633764982 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633835077 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633876085 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633905888 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633936882 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.633938074 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.633985043 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634046078 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634100914 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634130001 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634146929 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634147882 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634212971 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634277105 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634327888 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634378910 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634388924 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634392023 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634453058 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634515047 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634543896 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634588003 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634639025 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634675026 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634723902 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634723902 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634733915 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634763002 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634819984 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634862900 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634912968 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634921074 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.634926081 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.634972095 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635009050 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635060072 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635072947 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635127068 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635169983 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635229111 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635296106 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635302067 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635303020 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635361910 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635405064 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635459900 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635473967 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635478020 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635531902 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635570049 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635618925 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635670900 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635682106 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:11.635684967 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.635729074 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:11.636121035 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:12.380889893 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:12.441668987 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:12.441775084 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:12.504319906 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:12.556103945 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:12.750737906 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:12.790580988 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:12.860136986 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.180104971 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:13.251897097 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.296294928 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.379980087 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:13.470171928 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.512522936 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:13.536350012 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.555661917 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:13.576648951 CET99994971645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:13.576838970 CET497169999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:17.862091064 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:17.901885033 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:17.902175903 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:17.902667999 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:17.949510098 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:17.951121092 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.005727053 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.007821083 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.165150881 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.196449995 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.197668076 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.237518072 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.246012926 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.286310911 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.288791895 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.338671923 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.339046955 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.395178080 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.395334005 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.457751989 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:18.702568054 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:18.770256042 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:19.725771904 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:19.785825968 CET99994972145.138.49.96192.168.2.3
        Jan 8, 2021 09:24:21.219790936 CET497219999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.344019890 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.386621952 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.386841059 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.388191938 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.435853004 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.443356037 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.483711958 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.486757994 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.551568031 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.789282084 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.790333033 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.832720041 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.876955986 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.916953087 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.917382002 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:25.960320950 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:25.960472107 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:26.000582933 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:26.048742056 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:26.221265078 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:26.301553011 CET99994972845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:27.222806931 CET497289999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.237910032 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.277977943 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.278120995 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.278858900 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.326039076 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.326198101 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.379920006 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.380157948 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.420536995 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.421945095 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.489166021 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.586605072 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.587558031 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.627605915 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.630839109 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.671785116 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.672555923 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.712904930 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:31.752366066 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.881655931 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:31.958233118 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:32.324098110 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:32.395862103 CET99994973545.138.49.96192.168.2.3
        Jan 8, 2021 09:24:33.374459028 CET497359999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.385059118 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.425198078 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.425298929 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.425775051 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.477006912 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.477041960 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.477292061 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.518076897 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.519236088 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.584259033 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.695965052 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.835028887 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.862212896 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.875364065 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.926894903 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:37.930459023 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:37.971345901 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:38.003182888 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:38.043132067 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:38.147423029 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:38.458760023 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:38.647490978 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:38.928383112 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:39.005140066 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:39.914335966 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:40.005058050 CET99994973645.138.49.96192.168.2.3
        Jan 8, 2021 09:24:40.929616928 CET497369999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:44.945935965 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:44.985963106 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:44.986068964 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:44.986568928 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.031366110 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.031618118 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.071844101 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.072982073 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.130172968 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.232738018 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.233809948 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.275283098 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.276223898 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.316308975 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.316395998 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.357481003 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.411220074 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.496318102 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.552073956 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:45.914199114 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:45.989557981 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:46.887330055 CET99994973845.138.49.96192.168.2.3
        Jan 8, 2021 09:24:46.914598942 CET497389999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.041692972 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.081542969 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.081821918 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.260107994 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.302129984 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.308473110 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.319941998 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.360258102 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.414355993 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.462892056 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.536583900 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.616657019 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.623569965 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.663386106 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.667423010 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.707683086 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.707834005 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:51.747997999 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:51.789160967 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:52.014827013 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:52.083980083 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:52.084928036 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:52.145891905 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:53.039750099 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:53.099720001 CET99994974045.138.49.96192.168.2.3
        Jan 8, 2021 09:24:54.034595013 CET497409999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.057658911 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.097603083 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.097803116 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.098408937 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.141537905 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.195945978 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.235935926 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.236403942 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.276581049 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.320954084 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.325207949 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.396238089 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.496824026 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.499464989 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.539247990 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.541179895 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.581581116 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.582643032 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.622747898 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:58.664752960 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.913244963 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:24:58.974435091 CET99994974945.138.49.96192.168.2.3
        Jan 8, 2021 09:24:59.087541103 CET497499999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.103593111 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.145783901 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.146353960 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.147691965 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.193274021 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.193360090 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.196788073 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.196875095 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.255808115 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.255911112 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.296061993 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.297317028 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.365438938 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.461075068 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.462291002 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.502120018 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.555797100 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.595581055 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.598337889 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.638730049 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.638844013 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.678797007 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.727718115 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.767474890 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:03.821548939 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.836605072 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:03.896250010 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:04.165972948 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:04.224927902 CET99994975345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:05.166012049 CET497539999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.221501112 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.261509895 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.261639118 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.262214899 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.309756041 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.310038090 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.352399111 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.354569912 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.414768934 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.523917913 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.538954020 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.578831911 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.582060099 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.622209072 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.622322083 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.662602901 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:09.704447985 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.864770889 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:09.943521976 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:10.197829008 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:10.271507025 CET99994975945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:11.167187929 CET497599999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.183456898 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.223289967 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.223546982 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.224133968 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.268946886 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.269325018 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.309566975 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.310739040 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.365350008 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.478641987 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.480123043 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.521622896 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.551521063 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.595238924 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.597665071 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.640394926 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:15.643717051 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:15.711214066 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:16.167782068 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:16.224705935 CET99994976045.138.49.96192.168.2.3
        Jan 8, 2021 09:25:17.198260069 CET497609999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.228643894 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.268656015 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.268811941 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.269897938 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.314722061 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.315181017 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.355381012 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.357644081 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.412559986 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.524436951 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.526539087 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.566453934 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.619818926 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.661365986 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.662028074 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.703814030 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.703950882 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.744339943 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:21.786122084 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:21.851600885 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:22.168056011 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:22.240473032 CET99994976145.138.49.96192.168.2.3
        Jan 8, 2021 09:25:23.184420109 CET497619999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.201066971 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.241890907 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.242088079 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.242753029 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.291125059 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.291831970 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.331971884 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.334552050 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.396953106 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.511065006 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.513547897 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.553380013 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.604804039 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.644773960 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.645425081 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.685777903 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.688838005 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.729037046 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:27.776545048 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.782212019 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:27.834471941 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:28.039376020 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:28.089266062 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:28.168448925 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:28.225982904 CET99994976245.138.49.96192.168.2.3
        Jan 8, 2021 09:25:29.168171883 CET497629999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.196002960 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.235999107 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.236222982 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.237073898 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.281342983 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.281712055 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.322037935 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.323450089 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.381548882 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.493771076 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.494787931 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.534699917 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.589720011 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.629941940 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.630672932 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.671103001 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.671387911 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:33.711486101 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:33.761552095 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:34.168812037 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:34.225263119 CET99994976345.138.49.96192.168.2.3
        Jan 8, 2021 09:25:35.184226990 CET497639999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.201023102 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.241117001 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.241250038 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.241770983 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.287817955 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.288172960 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.328557014 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.332154036 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.397325993 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.493102074 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.494014025 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.534075975 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.536176920 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.576383114 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.576517105 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:39.616863012 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:39.668160915 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:40.168864965 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:40.225711107 CET99994976445.138.49.96192.168.2.3
        Jan 8, 2021 09:25:41.170681953 CET497649999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.186476946 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.226661921 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.226826906 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.227979898 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.272594929 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.277895927 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.278779030 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.319156885 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.321604967 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.381766081 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.494841099 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.496213913 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.535988092 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.590538025 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.630642891 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.631078005 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.671371937 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.671610117 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:45.713623047 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:45.762495041 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:46.185271978 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:46.256860971 CET99994976745.138.49.96192.168.2.3
        Jan 8, 2021 09:25:47.169346094 CET497679999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.196997881 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.237268925 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.237402916 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.238341093 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.282066107 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.282598972 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.324395895 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.327263117 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.432806969 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.512703896 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.515273094 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.557199001 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.606868982 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.647214890 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.647779942 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.690607071 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.690771103 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.731676102 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:51.732080936 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:51.819598913 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:52.185918093 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:52.288397074 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:52.401343107 CET99994976845.138.49.96192.168.2.3
        Jan 8, 2021 09:25:52.450501919 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:53.201519012 CET497689999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.218662977 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.258472919 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.258650064 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.259891987 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.307821035 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.308278084 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.348366976 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.350965023 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.444709063 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.527304888 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.528254986 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.568044901 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.570326090 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.611344099 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.611434937 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:57.651561975 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:57.700905085 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:58.170578957 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:25:58.257204056 CET99994976945.138.49.96192.168.2.3
        Jan 8, 2021 09:25:59.186268091 CET497699999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.205573082 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.245498896 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.245671988 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.246906996 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.292857885 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.293724060 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.333908081 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.336694002 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.398008108 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.493040085 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.494103909 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.533842087 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.576412916 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.616295099 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.616628885 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.656763077 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.656908989 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:03.699099064 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:03.748274088 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:04.170980930 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:04.226119995 CET99994977045.138.49.96192.168.2.3
        Jan 8, 2021 09:26:05.171257973 CET497709999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.187727928 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.227655888 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.228975058 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.229937077 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.275599003 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.276021004 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.316134930 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.317470074 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.382450104 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.478605032 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.479490995 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.520024061 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.520901918 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.561079979 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.562067986 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:09.602153063 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:09.655008078 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:10.187024117 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:10.257431030 CET99994977145.138.49.96192.168.2.3
        Jan 8, 2021 09:26:11.171427011 CET497719999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.188057899 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.228204012 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.228315115 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.229233980 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.277286053 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.277823925 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.318475008 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.324507952 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.429461956 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.495064020 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.497296095 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.537374020 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.540610075 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.580889940 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.582833052 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:15.623028994 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:15.671680927 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:16.172723055 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:16.273298025 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:16.774764061 CET99994977245.138.49.96192.168.2.3
        Jan 8, 2021 09:26:16.827550888 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:17.188324928 CET497729999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.207931995 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.247932911 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.248465061 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.249433041 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.301475048 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.301805973 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.342063904 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.344496012 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.414045095 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.540532112 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.542510033 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.582485914 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.584605932 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.624924898 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.625246048 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:21.666873932 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:21.718550920 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:22.172874928 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:22.242264986 CET99994977345.138.49.96192.168.2.3
        Jan 8, 2021 09:26:23.172396898 CET497739999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.190361023 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.230993986 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.231122971 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.232176065 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.283116102 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.283737898 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.324476004 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.327811956 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.429837942 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.494365931 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.562794924 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.581054926 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.602653980 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.656547070 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.680332899 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.680958986 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.721093893 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.765937090 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:27.805799007 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:27.859672070 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:28.209772110 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:28.304768085 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:29.782665968 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:29.867597103 CET99994977445.138.49.96192.168.2.3
        Jan 8, 2021 09:26:30.768232107 CET497749999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.788222075 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.828147888 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:34.828704119 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.829754114 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.879296064 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:34.880964994 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.921303988 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:34.922741890 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:34.977130890 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.088808060 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.093575001 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:35.133486032 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.135901928 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:35.176489115 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.177123070 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:35.217365026 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.217463970 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:35.289299011 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:35.786113024 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:35.851982117 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:36.826025963 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:36.898880005 CET99994977545.138.49.96192.168.2.3
        Jan 8, 2021 09:26:37.824446917 CET497759999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:41.845179081 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:41.885106087 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:41.885744095 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:41.886344910 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:41.936827898 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:41.937057018 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.008344889 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.008409977 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.048674107 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.051346064 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.118091106 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.247718096 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.249614954 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.289654016 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.291830063 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.332079887 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.333129883 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.373511076 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.375325918 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.445804119 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:42.909130096 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:42.977070093 CET99994977645.138.49.96192.168.2.3
        Jan 8, 2021 09:26:43.924925089 CET497769999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:47.942351103 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:47.982384920 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:47.982506990 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:47.983092070 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.033871889 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.034224033 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.084959984 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.086371899 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.149111032 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.244621992 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.246177912 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.286127090 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.286324024 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.352437019 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.352518082 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.392935991 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.440289974 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:48.480288029 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:48.534013987 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:49.269099951 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:49.304575920 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:49.336673021 CET99994977745.138.49.96192.168.2.3
        Jan 8, 2021 09:26:49.346662998 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:50.269339085 CET497779999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.286174059 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.326108932 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.326312065 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.327112913 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.373331070 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.425224066 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.465204954 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.465939045 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.506216049 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.508883953 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.571830988 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.666948080 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.667848110 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.707750082 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.708759069 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.748845100 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.748919010 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:54.789110899 CET99994977845.138.49.96192.168.2.3
        Jan 8, 2021 09:26:54.831468105 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:55.275810003 CET497789999192.168.2.345.138.49.96
        Jan 8, 2021 09:26:59.286183119 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.300924063 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.340806007 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.342995882 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.343669891 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.389880896 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.441482067 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.481422901 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.485311031 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.525603056 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.530235052 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.586960077 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.716286898 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.718924999 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.759434938 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.762059927 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.802628994 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.802912951 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:02.843131065 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:02.894654036 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:05.577681065 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:05.629333019 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:07.400326014 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:07.441976070 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:12.418171883 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:12.473550081 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:13.692588091 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:13.739340067 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:17.433444023 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:17.489706039 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:21.797444105 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:21.849364996 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:22.448359966 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:22.505666971 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:27.463587046 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:27.506052971 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:29.920006990 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:29.975050926 CET497799999192.168.2.345.138.49.96
        Jan 8, 2021 09:27:32.478691101 CET99994977945.138.49.96192.168.2.3
        Jan 8, 2021 09:27:32.522100925 CET497799999192.168.2.345.138.49.96

        Code Manipulations

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        Analysis Process: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932 Parent PID: 5596

        General

        Start time:09:24:03
        Start date:08/01/2021
        Path:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        Wow64 process (32bit):true
        Commandline:'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe'
        Imagebase:0xd20000
        File size:346624 bytes
        MD5 hash:36F13AAD903E851544FE137FECA3435B
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, Author: Florian Roth
        • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, Author: Florian Roth
        • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, Author: Joe Security
        • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.242826392.0000000000D40000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
        Reputation:low

        Chronological Activities

        Analysis Process: BFSV-1F(N)_1B-8B_ANSI.exe PID: 4420 Parent PID: 5932

        General

        Start time:09:24:05
        Start date:08/01/2021
        Path:C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe
        Wow64 process (32bit):true
        Commandline:'C:\Users\user\Desktop\BFSV-1F(N)_1B-8B_ANSI.exe'
        Imagebase:0xd20000
        File size:346624 bytes
        MD5 hash:36F13AAD903E851544FE137FECA3435B
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:.Net C# or VB.NET
        Reputation:low

        Chronological Activities

        Disassembly

        Code Analysis

        Reset < >

          Analysis Process: BFSV-1F(N)_1B-8B_ANSI.exe PID: 5932 Parent PID: 5596 BFSV-1F(N)_1B-8B_ANSI.exeCOMMON

          Executed Functions

          Function 00D30000, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69memoryCOMMON
          Download Yara Rule
          APIs
            • Part of subcall function 00D2F3F0: GetProcessHeap.KERNEL32(00000001,17D78400,?,?,?,00D3001A), ref: 00D2F3FC
            • Part of subcall function 00D2F3F0: RtlAllocateHeap.NTDLL(00000000,?,?,?,00D3001A), ref: 00D2F403
            • Part of subcall function 00D2F3F0: GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,?,00D3001A), ref: 00D2F43D
            • Part of subcall function 00D2F3F0: HeapAlloc.KERNEL32(00000000,?,?,?,00D3001A), ref: 00D2F444
          • FindResourceW.KERNEL32(00000000,IEUCIZEO,0000000A), ref: 00D30023
          • LoadResource.KERNEL32(00000000,?), ref: 00D30032
          • VirtualProtect.KERNELBASE(?,00001A05,00000040,?,?,?,00001A05), ref: 00D300AD
          • EnumLanguageGroupLocalesW.KERNELBASE(?,00000002,00000000,00000000), ref: 00D300C0
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID: Heap$ProcessResource$AllocAllocateEnumFindGroupLanguageLoadLocalesProtectVirtual
          • String ID: IEUCIZEO
          • API String ID: 953603375-3934895164
          • Opcode ID: c284d64e4b853df6985c434e23cfe98237ca7444788abcdced0f6568caaa37af
          • Instruction ID: e7016f8149a5ac054c6ae719a926cafa25b4d70237ad92d8284e299aaba000d0
          • Opcode Fuzzy Hash: c284d64e4b853df6985c434e23cfe98237ca7444788abcdced0f6568caaa37af
          • Instruction Fuzzy Hash: 3D1104B1A113086BEB10DBB09D96FEE7774FB15701F100458F6169A681D6385B038F76
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D2F3F0, Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
          Download Yara Rule
          APIs
          • GetProcessHeap.KERNEL32(00000001,17D78400,?,?,?,00D3001A), ref: 00D2F3FC
          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00D3001A), ref: 00D2F403
          • GetProcessHeap.KERNEL32(00000001,00000000,00000000,17D78400,?,?,?,00D3001A), ref: 00D2F43D
          • HeapAlloc.KERNEL32(00000000,?,?,?,00D3001A), ref: 00D2F444
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID: Heap$Process$AllocAllocate
          • String ID:
          • API String ID: 1154092256-0
          • Opcode ID: 0e6a7e896b128a5ccada7ee4139cbe13417760eae35741793be999fd94c0fd22
          • Instruction ID: 091c0482e883c1056c390f2e4a7777132c48dcdf884c3a4c6bd410c488ba4730
          • Opcode Fuzzy Hash: 0e6a7e896b128a5ccada7ee4139cbe13417760eae35741793be999fd94c0fd22
          • Instruction Fuzzy Hash: 4AF0BE71541228BFE720ABB4AD0EFABB3ACA714308F204460F404D3250C6B58E46A6B0
          Uniqueness

          Uniqueness Score: -1.00%

          Non-executed Functions

          Function 00D24610, Relevance: 28.5, Strings: 20, Instructions: 3494COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID: "$"$%&$,$4$6Lb$;$?N$DDA$^$`J$c$d$kd$m$u!$|JDU$3$d$e
          • API String ID: 0-4104743298
          • Opcode ID: a46043030a240af10a46158205ee69baddc6d36c3f1ab4b7e8523aebab24df65
          • Instruction ID: 671e154b2b5d22422a51a195e108322b96a83b3a88f240b2b85fa7b8a61a14c9
          • Opcode Fuzzy Hash: a46043030a240af10a46158205ee69baddc6d36c3f1ab4b7e8523aebab24df65
          • Instruction Fuzzy Hash: 5FA39CB4C05269CBDB25CF14C994BDDBBB5BB58304F1082EAD459AB280EB745BC8CF91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D2B650, Relevance: 14.6, Strings: 10, Instructions: 2060COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID: !$*$,$,$@$H$f$t$S$T
          • API String ID: 0-2926721169
          • Opcode ID: 80c1d9f86d483e32f0d20ac81493a14f7dbcaf6d5c89ac17f0f9b62b3f2e0dc7
          • Instruction ID: 679d3071c107df77671f1beb1132038c50c7bfb6a5cd6c5e89e8a5e59b287eb8
          • Opcode Fuzzy Hash: 80c1d9f86d483e32f0d20ac81493a14f7dbcaf6d5c89ac17f0f9b62b3f2e0dc7
          • Instruction Fuzzy Hash: 0E53AEB4D05229CADB25CF54C994BDDBBB1BF58304F1082EAC459AB280EBB55BC8CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D29700, Relevance: 12.6, Strings: 9, Instructions: 1357COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID: !$2$3$:3xJ$D$Dh$F$[$m`
          • API String ID: 0-3700522336
          • Opcode ID: 3901f1719fb68ac898b81efb543565959841e51d41d10dc0612a5892218bfbb9
          • Instruction ID: f0c24783e8e7c542c63bfde44e7175a6b6b0b05dcc29f2ecba06863e3720ab36
          • Opcode Fuzzy Hash: 3901f1719fb68ac898b81efb543565959841e51d41d10dc0612a5892218bfbb9
          • Instruction Fuzzy Hash: 0903BDB4C052298BDB25CF58C994BDDBBB1FF58304F1482EAD859A7280EB745B88CF51
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D2A879, Relevance: 6.7, Strings: 5, Instructions: 407COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID: 2$3$:3xJ$F$[
          • API String ID: 0-3355043786
          • Opcode ID: 7444cf33e48585ce5d74e738f577994a2b3af363b0996c53449d54cb6a9d787d
          • Instruction ID: e0da0d21a8ce894e308f375d5288c7d48cccd49d03a0f34dbc8a3311a701a616
          • Opcode Fuzzy Hash: 7444cf33e48585ce5d74e738f577994a2b3af363b0996c53449d54cb6a9d787d
          • Instruction Fuzzy Hash: A502BE70904269CBDB24CF5CC9807EDBBB2EF95308F18819AD459AB254D778DE80CF22
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D2CC36, Relevance: 3.4, Strings: 2, Instructions: 918COMMON
          Download Yara Rule
          Strings
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID: @$T
          • API String ID: 0-4155019088
          • Opcode ID: 4d3f7c26b70a3cc6b35384a787273d432997fd56e56eb360783bf1fb3115a665
          • Instruction ID: 7c1d02501e71cfb8b00f2405e15fedca675f05a1707bcbe41526541029380a81
          • Opcode Fuzzy Hash: 4d3f7c26b70a3cc6b35384a787273d432997fd56e56eb360783bf1fb3115a665
          • Instruction Fuzzy Hash: 97C29DB5D0122CCADB65CF14C994BDDBBB5BB58304F1082EAC85AA7240EB745BC8CF91
          Uniqueness

          Uniqueness Score: -1.00%

          Function 006FF62C, Relevance: .0, Instructions: 26COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.241335510.00000000006FD000.00000040.00000001.sdmp, Offset: 006FD000, based on PE: false
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: fef698d5a7fd2696b4f0482ff220f46467770bdc268d2ee289834e5d15518d4e
          • Instruction ID: 882ad12b387eec5c0259cca37422e54528002bd43de5e0346de60f97943ad95c
          • Opcode Fuzzy Hash: fef698d5a7fd2696b4f0482ff220f46467770bdc268d2ee289834e5d15518d4e
          • Instruction Fuzzy Hash: 7FE01A36264509AFCB44CBACCC82D65B3E8EF19724B1442A4FA15CB3A1DA34EE009A50
          Uniqueness

          Uniqueness Score: -1.00%

          Function 006FF669, Relevance: .0, Instructions: 23COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.241335510.00000000006FD000.00000040.00000001.sdmp, Offset: 006FD000, based on PE: false
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
          • Instruction ID: 401e1031766d8873977fd3203539cdf5a5f705388d607e19873775ae45c7fcbe
          • Opcode Fuzzy Hash: ff5f89fbc0ecb4e9f42a23ab0e6ea761649b2aca3cc7db53e6fbbfb3471062a8
          • Instruction Fuzzy Hash: DCE04F332105189BC7719B59D900CA6F7EAEF88BB07594836EA49D7620CA30FC00C790
          Uniqueness

          Uniqueness Score: -1.00%

          Function 00D2F270, Relevance: .0, Instructions: 10COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.242725911.0000000000D24000.00000080.00020000.sdmp, Offset: 00D20000, based on PE: true
          • Associated: 00000000.00000002.242656897.0000000000D20000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242673349.0000000000D21000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242692885.0000000000D22000.00000008.00020000.sdmp Download File
          • Associated: 00000000.00000002.242702072.0000000000D23000.00000002.00020000.sdmp Download File
          • Associated: 00000000.00000002.242788242.0000000000D30000.00000020.00020000.sdmp Download File
          • Associated: 00000000.00000002.242808307.0000000000D31000.00000002.00020000.sdmp Download File
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
          • Instruction ID: 58c6f5837427d6eca2c2deaad74ce6c6656098581891570576efec04afcca601
          • Opcode Fuzzy Hash: f9ed70d17b65b173f63ea8bde167bd4dbe7c19cd1b27e585218ed96e6e4df4c6
          • Instruction Fuzzy Hash: 42D001392A1A48CFC241CF4CD084E40B3F8FB0DA20B068092FA0A8BB32C334FC00DA80
          Uniqueness

          Uniqueness Score: -1.00%

          Function 006FF6CC, Relevance: .0, Instructions: 7COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.241335510.00000000006FD000.00000040.00000001.sdmp, Offset: 006FD000, based on PE: false
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
          • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
          • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
          • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
          Uniqueness

          Uniqueness Score: -1.00%

          Function 006FEDB6, Relevance: .0, Instructions: 7COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.241335510.00000000006FD000.00000040.00000001.sdmp, Offset: 006FD000, based on PE: false
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
          • Instruction ID: e7e679cb0f8910d9a3f7219ba2f85293d9aae343e830c9a5d3249e5ee0547f44
          • Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
          • Instruction Fuzzy Hash: B1B092616154884AEB2283288415B527AE1AB40B41F8984E0A00582D95C25D89849500
          Uniqueness

          Uniqueness Score: -1.00%

          Function 006FF80D, Relevance: .0, Instructions: 3COMMON
          Download Yara Rule
          Memory Dump Source
          • Source File: 00000000.00000002.241335510.00000000006FD000.00000040.00000001.sdmp, Offset: 006FD000, based on PE: false
          Similarity
          • API ID:
          • String ID:
          • API String ID:
          • Opcode ID: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
          • Instruction ID: cb197d2559c09660318d3d12e6cb9f80cf1b08a2d0c32daa4285e7c7a95ab15a
          • Opcode Fuzzy Hash: 3f377ddc5f06dfc3153ea0c28b0a1464ef23ffe7e410e0425465c082cb6f6e04
          • Instruction Fuzzy Hash: ECA00179152A809BD7128B55D558B9476A4B748A44F9544A4D40546A51827C5504CE04
          Uniqueness

          Uniqueness Score: -1.00%