Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Scan_00059010189_ ref. 004118379411_ pdf.exe

Overview

General Information

Sample Name:Scan_00059010189_ ref. 004118379411_ pdf.exe
Analysis ID:337758
MD5:106117a9928b774aa6bbb657f275de53
SHA1:208d61ecd30789fba2325a0e0f46bb63bdba5bd9
SHA256:a5affcfc364530db52dd4fcf252187cc09968a7bb1f1149bb919fd339634468a
Tags:exeNanoCoreRAT

Most interesting Screenshot:

Errors
  • Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected Nanocore RAT
Allocates memory in foreign processes
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Scan_00059010189_ ref. 004118379411_ pdf.exe (PID: 4532 cmdline: 'C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe' MD5: 106117A9928B774AA6BBB657F275DE53)
    • RegAsm.exe (PID: 5764 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 6FD7592411112729BF6B1F2F6C34899F)
      • schtasks.exe (PID: 4392 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5436 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp606.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 3536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • RegAsm.exe (PID: 6028 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 0 MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • conhost.exe (PID: 4944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 4948 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • conhost.exe (PID: 5352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 5644 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 6FD7592411112729BF6B1F2F6C34899F)
    • conhost.exe (PID: 1624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x442ed:$x1: NanoCore.ClientPluginHost
  • 0x76f1d:$x1: NanoCore.ClientPluginHost
  • 0xa993d:$x1: NanoCore.ClientPluginHost
  • 0x4432a:$x2: IClientNetworkHost
  • 0x76f5a:$x2: IClientNetworkHost
  • 0xa997a:$x2: IClientNetworkHost
  • 0x47e5d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0x7aa8d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0xad4ad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x44055:$a: NanoCore
    • 0x44065:$a: NanoCore
    • 0x44299:$a: NanoCore
    • 0x442ad:$a: NanoCore
    • 0x442ed:$a: NanoCore
    • 0x76c85:$a: NanoCore
    • 0x76c95:$a: NanoCore
    • 0x76ec9:$a: NanoCore
    • 0x76edd:$a: NanoCore
    • 0x76f1d:$a: NanoCore
    • 0xa96a5:$a: NanoCore
    • 0xa96b5:$a: NanoCore
    • 0xa98e9:$a: NanoCore
    • 0xa98fd:$a: NanoCore
    • 0xa993d:$a: NanoCore
    • 0x440b4:$b: ClientPlugin
    • 0x442b6:$b: ClientPlugin
    • 0x442f6:$b: ClientPlugin
    • 0x76ce4:$b: ClientPlugin
    • 0x76ee6:$b: ClientPlugin
    • 0x76f26:$b: ClientPlugin
    Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532Nanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xfb31:$x1: NanoCore.ClientPluginHost
    • 0x2e4b0:$x1: NanoCore.ClientPluginHost
    • 0x4cd44:$x1: NanoCore.ClientPluginHost
    • 0xfb92:$x2: IClientNetworkHost
    • 0x2e511:$x2: IClientNetworkHost
    • 0x4cda5:$x2: IClientNetworkHost
    • 0x14f97:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x22f09:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x33916:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x41888:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x521aa:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x6011c:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532JoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 1 entries

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 5764, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
      Sigma detected: Scheduled temp file as task from temp locationShow sources
      Source: Process startedAuthor: Joe Security: Data: Command: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp', CommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp', CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ParentProcessId: 5764, ProcessCommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp', ProcessId: 4392

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Antivirus / Scanner detection for submitted sampleShow sources
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeAvira: detected
      Multi AV Scanner detection for submitted fileShow sources
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeVirustotal: Detection: 57%Perma Link
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeReversingLabs: Detection: 58%
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORY
      Machine Learning detection for sampleShow sources
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeJoe Sandbox ML: detected
      Source: 1.2.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen
      Source: 1.0.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: RunPE.pdb source: Scan_00059010189_ ref. 004118379411_ pdf.exe, 00000001.00000002.233684353.0000000002A01000.00000004.00000001.sdmp
      Source: Binary string: RegAsm.pdb source: dhcpmon.exe, dhcpmon.exe.2.dr
      Source: Binary string: RegAsm.pdb4 source: dhcpmon.exe, 0000000A.00000002.268427132.00000000007C2000.00000002.00020000.sdmp, dhcpmon.exe, 0000000C.00000002.270489024.0000000000E92000.00000002.00020000.sdmp, dhcpmon.exe.2.dr
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegAsm.exe, 00000002.00000003.425640561.0000000003F52000.00000004.00000001.sdmp
      Source: global trafficTCP traffic: 192.168.2.5:49714 -> 185.244.38.210:7008
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210
      Source: unknownTCP traffic detected without corresponding DNS query: 185.244.38.210

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORY

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeCode function: 1_2_011118111_2_01111811
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeCode function: 1_2_011118201_2_01111820
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeCode function: 1_2_011115B11_2_011115B1
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeCode function: 1_2_011115C01_2_011115C0
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeCode function: 1_2_011106821_2_01110682
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_007C3DFE10_2_007C3DFE
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_00E93DFE12_2_00E93DFE
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exe, 00000001.00000002.233684353.0000000002A01000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPE.dll" vs Scan_00059010189_ ref. 004118379411_ pdf.exe
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exe, hpCGGsxnBfkpZyTC.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 1.2.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpack, hpCGGsxnBfkpZyTC.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 1.0.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpack, hpCGGsxnBfkpZyTC.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: classification engineClassification label: mal100.troj.evad.winEXE@15/14@0/2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Scan_00059010189_ ref. 004118379411_ pdf.exe.logJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4944:120:WilError_01
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{003adc3a-22f1-4bc1-a79f-fc8c7d09606c}
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:408:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3536:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1624:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5352:120:WilError_01
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Temp\tmpE5CB.tmpJump to behavior
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeVirustotal: Detection: 57%
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeReversingLabs: Detection: 58%
      Source: unknownProcess created: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe 'C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe'
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp606.tmp'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 0
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp606.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: RunPE.pdb source: Scan_00059010189_ ref. 004118379411_ pdf.exe, 00000001.00000002.233684353.0000000002A01000.00000004.00000001.sdmp
      Source: Binary string: RegAsm.pdb source: dhcpmon.exe, dhcpmon.exe.2.dr
      Source: Binary string: RegAsm.pdb4 source: dhcpmon.exe, 0000000A.00000002.268427132.00000000007C2000.00000002.00020000.sdmp, dhcpmon.exe, 0000000C.00000002.270489024.0000000000E92000.00000002.00020000.sdmp, dhcpmon.exe.2.dr
      Source: Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegAsm.exe, 00000002.00000003.425640561.0000000003F52000.00000004.00000001.sdmp
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_007C4469 push cs; retf 10_2_007C449E
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_007C44A3 push es; retf 10_2_007C44A4
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_007C4289 push es; retf 10_2_007C4294
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_00E94469 push cs; retf 12_2_00E9449E
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_00E944A3 push es; retf 12_2_00E944A4
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_00E94289 push es; retf 12_2_00E94294
      Source: initial sampleStatic PE information: section name: .text entropy: 7.99662602027
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

      Boot Survival:

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp'

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe:Zone.Identifier read attributes | deleteJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 4629Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 4928Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: foregroundWindowGot 623Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: foregroundWindowGot 751Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe TID: 4536Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1460Thread sleep time: -23058430092136925s >= -30000sJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4604Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 4620Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 1132Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Allocates memory in foreign processesShow sources
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
      Writes to foreign memory regionsShow sources
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 402000Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 420000Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 422000Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: A6D008Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp'Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp606.tmp'Jump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeQueries volume information: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORY

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: Scan_00059010189_ ref. 004118379411_ pdf.exe, 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: RegAsm.exe, 00000002.00000003.281602709.0000000006405000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Process Injection311Masquerading2OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/Job1DLL Side-Loading1Scheduled Task/Job1Virtualization/Sandbox Evasion2LSASS MemorySecurity Software Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)DLL Side-Loading1Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection311NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing3Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)DLL Side-Loading1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 337758 Sample: Scan_00059010189_ ref. 0041... Startdate: 10/01/2021 Architecture: WINDOWS Score: 100 49 Malicious sample detected (through community Yara rule) 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 53 Sigma detected: Scheduled temp file as task from temp location 2->53 55 6 other signatures 2->55 8 Scan_00059010189_ ref. 004118379411_  pdf.exe 3 2->8         started        12 RegAsm.exe 2 2->12         started        14 dhcpmon.exe 2 2->14         started        16 dhcpmon.exe 1 2->16         started        process3 file4 43 Scan_00059010189_ ...79411_  pdf.exe.log, ASCII 8->43 dropped 59 Writes to foreign memory regions 8->59 61 Allocates memory in foreign processes 8->61 63 Injects a PE file into a foreign processes 8->63 18 RegAsm.exe 1 14 8->18         started        23 conhost.exe 12->23         started        25 conhost.exe 14->25         started        27 conhost.exe 16->27         started        signatures5 process6 dnsIp7 45 185.244.38.210, 49714, 49721, 49727 ASN-QUADRANET-GLOBALUS Netherlands 18->45 47 127.0.0.1 unknown unknown 18->47 37 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 18->37 dropped 39 C:\Users\user\AppData\Local\...\tmpE5CB.tmp, XML 18->39 dropped 41 C:\Program Files (x86)\...\dhcpmon.exe, PE32 18->41 dropped 57 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->57 29 schtasks.exe 1 18->29         started        31 schtasks.exe 1 18->31         started        file8 signatures9 process10 process11 33 conhost.exe 29->33         started        35 conhost.exe 31->35         started       

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Scan_00059010189_ ref. 004118379411_ pdf.exe58%VirustotalBrowse
      Scan_00059010189_ ref. 004118379411_ pdf.exe59%ReversingLabsByteCode-MSIL.Trojan.Cryptos
      Scan_00059010189_ ref. 004118379411_ pdf.exe100%AviraTR/Dropper.MSIL.Gen
      Scan_00059010189_ ref. 004118379411_ pdf.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%MetadefenderBrowse
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%ReversingLabs

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      1.2.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpack100%AviraTR/Dropper.MSIL.GenDownload File
      1.0.Scan_00059010189_ ref. 004118379411_ pdf.exe.760000.0.unpack100%AviraTR/Dropper.MSIL.GenDownload File

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      185.244.38.210
      		unknownNetherlands
      		8100ASN-QUADRANET-GLOBALUSfalse

      Private

      IP
      127.0.0.1

      General Information

      Joe Sandbox Version:31.0.0 Red Diamond
      Analysis ID:337758
      Start date:10.01.2021
      Start time:08:24:23
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 8m 49s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Scan_00059010189_ ref. 004118379411_ pdf.exe
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:38
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal100.troj.evad.winEXE@15/14@0/2
      EGA Information:Failed
      HDC Information:
      • Successful, ratio: 2.3% (good quality ratio 2%)
      • Quality average: 65.9%
      • Quality standard deviation: 26.6%
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 25
      • Number of non-executed functions: 5
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Found application associated with file extension: .exe
      Warnings:
      Show All
      • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtProtectVirtualMemory calls found.
      Errors:
      • Sigma syntax error: Has an empty selector, Rule: Abusing Azure Browser SSO

      Simulations

      Behavior and APIs

      TimeTypeDescription
      08:25:23AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      08:25:30Task SchedulerRun new task: DHCP Monitor path: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" s>$(Arg0)
      08:25:30API Interceptor1340x Sleep call for process: RegAsm.exe modified
      08:25:31Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      185.244.38.210Payment_Confirmation pdf.exeGet hashmaliciousBrowse

        Domains

        No context

        ASN

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        ASN-QUADRANET-GLOBALUSnh8712Nx5J.xlsGet hashmaliciousBrowse
        • 185.174.102.105
        Payment_Confirmation pdf.exeGet hashmaliciousBrowse
        • 185.244.38.210
        npp.7.9.2.Installer (1).exeGet hashmaliciousBrowse
        • 192.169.6.95
        https://linkprotect.cudasvc.com/url?a=http%3a%2f%2ffindcloud.id%2fwp-includes%2f8JTmzq3FN6z3OBJBdBCfXrdcZl5H7ZxOaOZzfl2H%2f&c=E,1,2CiyC7FGbs3Pvr1yrAWkewOmRL-xyrP42HL37xX4omRyLZqRrqWOt_1RKb6pLtfzxs7zIBTrrVMEwQ8pOUIr2mFuNwrd9eHNrfkptUp83QPlV-CrGIoXMw,,&typo=1Get hashmaliciousBrowse
        • 173.254.250.226
        https://mrveggy.com/resgatecarrinho/jcWVa69vj8IDsQRCud8h6RNI9Mz17JqsPPJ0DFnlbXZGyMM2GcZ3/Get hashmaliciousBrowse
        • 173.254.250.226
        1I72L29IL3F.docGet hashmaliciousBrowse
        • 173.254.250.226
        https://x9sademwnet.gb.net/bnbgfvgrthbg456tr54g6trvecds/?tuk5sx4dsb3=7df34dj4csaGet hashmaliciousBrowse
        • 104.129.25.9
        xLH4kwOjXR.exeGet hashmaliciousBrowse
        • 104.223.94.66
        utox.exeGet hashmaliciousBrowse
        • 104.223.122.15
        QUOTES.exeGet hashmaliciousBrowse
        • 69.174.99.26
        file.exeGet hashmaliciousBrowse
        • 192.161.187.200
        http://jb092.com/rxlbakzd/goqmmbmi.html?kjmikw5x.3hllrGet hashmaliciousBrowse
        • 185.174.103.81
        https://www.trackins.org/sale/cat/sale-c199387IoAL&C_fTkoAvATBo-1LAvvTgoAKL6_.T5.html?_emr=12e4edca-8183-44e0-bccb-e3d6e0eeb447&wfcs=cs2&dcrectxid=d48055ba-93d6-4b3f-80c6-70de3252bde6&_eml=2ec38d65-f3da-4587-bd38-7c1f333c6dc8&source=batch&batchid=04&varid=5&csnid=1eab81b4-e54d-4cc2-8735-a5d571cfe688&brcid=13&sm=1&refid=MKTEML_31000&emlid=1131&maiid=1913Get hashmaliciousBrowse
        • 173.205.83.250
        Shipment Document BLINV And Packing List Attached.exeGet hashmaliciousBrowse
        • 192.161.187.200
        kWbmxCNnPIYLMvvPIVlMbDKbbQCNjT.exeGet hashmaliciousBrowse
        • 69.174.99.26
        Purchase Order.exeGet hashmaliciousBrowse
        • 104.129.26.162
        SecuriteInfo.com.Variant.Bulz.265335.2250.exeGet hashmaliciousBrowse
        • 66.63.162.20
        New order.xlsGet hashmaliciousBrowse
        • 66.63.162.20
        https://app.box.com/s/rdobxcyrhp1cdxwej3pfeyvngfh3lwagGet hashmaliciousBrowse
        • 173.254.237.250
        https://bit.ly/2VPfIROGet hashmaliciousBrowse
        • 185.174.103.81

        JA3 Fingerprints

        No context

        Dropped Files

        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exehfix.exeGet hashmaliciousBrowse
          atikmdag-patcher 1.4.8.exeGet hashmaliciousBrowse
            Client1.exeGet hashmaliciousBrowse
              miner.exeGet hashmaliciousBrowse
                PhoenixMiner_5.4c_Windows.exeGet hashmaliciousBrowse
                  74725794.exeGet hashmaliciousBrowse
                    PO-498475-ORDER.vbsGet hashmaliciousBrowse
                      Payment Advice Note from 19.11.2020.exeGet hashmaliciousBrowse
                        SUSPENSION LETTER ON SIM SWAP.pdf.exeGet hashmaliciousBrowse
                          kiiDjfpu2x.exeGet hashmaliciousBrowse
                            invoice copy.exeGet hashmaliciousBrowse
                              purchase_order.exeGet hashmaliciousBrowse
                                LC No 075120020789.exeGet hashmaliciousBrowse
                                  pRTOIqmIH5.exeGet hashmaliciousBrowse
                                    M9Xn52MsfG.exeGet hashmaliciousBrowse
                                      ycqE1CONpY.exeGet hashmaliciousBrowse
                                        SecuriteInfo.com.Trojan.PackedNET.461.28807.exeGet hashmaliciousBrowse
                                          SecuriteInfo.com.Trojan.PackedNET.461.31996.exeGet hashmaliciousBrowse
                                            7RP240Rsf3.exeGet hashmaliciousBrowse
                                              JPY79XL8cl.exeGet hashmaliciousBrowse

                                                Created / dropped Files

                                                C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):64616
                                                Entropy (8bit):6.037264560032456
                                                Encrypted:false
                                                SSDEEP:768:J8XcJiMjm2ieHlPyCsSuJbn8dBhFVBSMQ6Iq8TSYDKpgLaDViRLNdr:9YMaNylPYSAb8dBnTHv8DKKaDVkX
                                                MD5:6FD7592411112729BF6B1F2F6C34899F
                                                SHA1:5E5C839726D6A43C478AB0B95DBF52136679F5EA
                                                SHA-256:FFE4480CCC81B061F725C54587E9D1BA96547D27FE28083305D75796F2EB3E74
                                                SHA-512:21EFCC9DEE3960F1A64C6D8A44871742558666BB792D77ACE91236C7DBF42A6CA77086918F363C4391D9C00904C55A952E2C18BE5FA1A67A509827BFC630070D
                                                Malicious:false
                                                Antivirus:
                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                • Antivirus: ReversingLabs, Detection: 0%
                                                Joe Sandbox View:
                                                • Filename: hfix.exe, Detection: malicious, Browse
                                                • Filename: atikmdag-patcher 1.4.8.exe, Detection: malicious, Browse
                                                • Filename: Client1.exe, Detection: malicious, Browse
                                                • Filename: miner.exe, Detection: malicious, Browse
                                                • Filename: PhoenixMiner_5.4c_Windows.exe, Detection: malicious, Browse
                                                • Filename: 74725794.exe, Detection: malicious, Browse
                                                • Filename: PO-498475-ORDER.vbs, Detection: malicious, Browse
                                                • Filename: Payment Advice Note from 19.11.2020.exe, Detection: malicious, Browse
                                                • Filename: SUSPENSION LETTER ON SIM SWAP.pdf.exe, Detection: malicious, Browse
                                                • Filename: kiiDjfpu2x.exe, Detection: malicious, Browse
                                                • Filename: invoice copy.exe, Detection: malicious, Browse
                                                • Filename: purchase_order.exe, Detection: malicious, Browse
                                                • Filename: LC No 075120020789.exe, Detection: malicious, Browse
                                                • Filename: pRTOIqmIH5.exe, Detection: malicious, Browse
                                                • Filename: M9Xn52MsfG.exe, Detection: malicious, Browse
                                                • Filename: ycqE1CONpY.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Trojan.PackedNET.461.28807.exe, Detection: malicious, Browse
                                                • Filename: SecuriteInfo.com.Trojan.PackedNET.461.31996.exe, Detection: malicious, Browse
                                                • Filename: 7RP240Rsf3.exe, Detection: malicious, Browse
                                                • Filename: JPY79XL8cl.exe, Detection: malicious, Browse
                                                Reputation:moderate, very likely benign file
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xX.Z..............0.............^.... ........@.. ....................... ............`.....................................O.......8...............h>........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P...*..0.."........(......-.r...p.rI..p(....s....z.*...0..........(....~P.....o......*..(....*n(.....(..........%...(....*~(.....(..........%...%...(....*.(.....(..........%...%...%...(....*V.(......}Q.....}R...*..{Q...*..{R...*...0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......
                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):42
                                                Entropy (8bit):4.0050635535766075
                                                Encrypted:false
                                                SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..
                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Scan_00059010189_ ref. 004118379411_ pdf.exe.log
                                                Process:C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):522
                                                Entropy (8bit):5.348034597186669
                                                Encrypted:false
                                                SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhav:MLU84qpE4Ks2wKDE4KhK3VZ9pKhk
                                                MD5:D4AF6B20AEA9906B4FF574A174E96287
                                                SHA1:81655019BB100FAADD5B36755F798EE5FB09E672
                                                SHA-256:DD8AE93DA079839B31327D22A2408E0C3EA4DDE92FD389CD5B96AD57CCE7B2E1
                                                SHA-512:6D912AC17876D9C21E61ED8C1B435AEA0FBB27FB97626A40903B4DFFC1204BEF3A43B02805DEDD2531822FD6F62CF06F0D758C1B2CA07258E82F95225D71C16E
                                                Malicious:true
                                                Reputation:moderate, very likely benign file
                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..
                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\dhcpmon.exe.log
                                                Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:modified
                                                Size (bytes):42
                                                Entropy (8bit):4.0050635535766075
                                                Encrypted:false
                                                SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                Malicious:false
                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..
                                                C:\Users\user\AppData\Local\Temp\tmp606.tmp
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1310
                                                Entropy (8bit):5.109425792877704
                                                Encrypted:false
                                                SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                Malicious:false
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1319
                                                Entropy (8bit):5.134254141338449
                                                Encrypted:false
                                                SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mxz5xtn:cbk4oL600QydbQxIYODOLedq3Zxz5j
                                                MD5:48EF7FA9033389AD7929D7A6B9D10298
                                                SHA1:9DB6CB7325C8BDF66A15F7B5F34703709A45AEB6
                                                SHA-256:0C1B5F67EEB276D1D4205B138CE32BC6149924E02281A2DB8E4623A700E88F15
                                                SHA-512:AC8BD104ECBACC9BCCCE9E087F67E5B18072D59367CCD31D4E66132B6BAAEA520CBA5B9B59464483D86ABF74826B382C402F12E9A586C99BDA8C78A0DE33944E
                                                Malicious:true
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):2232
                                                Entropy (8bit):7.108278141116062
                                                Encrypted:false
                                                SSDEEP:48:SUzDgcUzDgcUzDgcUzDgcUzDgcUzDgcUzDgcUzDgcUzDgd:nMMMMMMMMk
                                                MD5:D0CECEFBB6FCD57CDF6D49B3E30AD972
                                                SHA1:BA83D28BB3EBBB383D5A64F5ABF4E1804CFE5A7D
                                                SHA-256:90CD93824ED95C0CB0E805CC42196D8A81538B8152A08B2EA00736BA22DDE2F0
                                                SHA-512:36789EFE742431D38E6508AEC3F15F4F0579EC44C63E659C422904D0A236D55A70347C91817CF39274BC34F244D8C697E2E4FFAB331FF6939579743F397CAAEC
                                                Malicious:false
                                                Preview: >........]Z.S..._;yF..6..p..GK.>0hn....EY.+..U..y.Z..t.Z...k....s..\.'.i..pr....Y..Y..q......'..z..P.....:.....F[?..6My|...5.............".@..i,F.H....H.....|U.y.,...z...}...,:...C{v.Q.5.......&.:.Z.}.. ..3..T..........^3...f.1......7%.]..2_>........]Z.S..._;yF..6..p..GK.>0hn....EY.+..U..y.Z..t.Z...k....s..\.'.i..pr....Y..Y..q......'..z..P.....:.....F[?..6My|...5.............".@..i,F.H....H.....|U.y.,...z...}...,:...C{v.Q.5.......&.:.Z.}.. ..3..T..........^3...f.1......7%.]..2_>........]Z.S..._;yF..6..p..GK.>0hn....EY.+..U..y.Z..t.Z...k....s..\.'.i..pr....Y..Y..q......'..z..P.....:.....F[?..6My|...5.............".@..i,F.H....H.....|U.y.,...z...}...,:...C{v.Q.5.......&.:.Z.}.. ..3..T..........^3...f.1......7%.]..2_>........]Z.S..._;yF..6..p..GK.>0hn....EY.+..U..y.Z..t.Z...k....s..\.'.i..pr....Y..Y..q......'..z..P.....:.....F[?..6My|...5.............".@..i,F.H....H.....|U.y.,...z...}...,:...C{v.Q.5.......&.:.Z.}.. ..3..T..........^3...f.1......7%.]..2_>......
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:Non-ISO extended-ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):8
                                                Entropy (8bit):3.0
                                                Encrypted:false
                                                SSDEEP:3:Tt:h
                                                MD5:250442B41A1BC064560EF4F540927AC8
                                                SHA1:FDCFF45A028F804339F044080C2FB8BECB38CB29
                                                SHA-256:A83C93546468FE86A6CE1A8A01A8779C001D50DA4D3108BB3AB9150746A758B5
                                                SHA-512:C9850CE77471752369464B559D9C80C4977E9F02BFAD92B17F56AAEF53D095F7262DCF63E45C4380AA1EC1D1DA9F427B1CEAF45C5C894D3A23176D6017CE56FF
                                                Malicious:true
                                                Preview: .%.R...H
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):40
                                                Entropy (8bit):5.221928094887364
                                                Encrypted:false
                                                SSDEEP:3:9bzY6oRDMjmPl:RzWDMCd
                                                MD5:AE0F5E6CE7122AF264EC533C6B15A27B
                                                SHA1:1265A495C42EED76CC043D50C60C23297E76CCE1
                                                SHA-256:73B0B92179C61C26589B47E9732CE418B07EDEE3860EE5A2A5FB06F3B8AA9B26
                                                SHA-512:DD44C2D24D4E3A0F0B988AD3D04683B5CB128298043134649BBE33B2512CE0C9B1A8E7D893B9F66FBBCDD901E2B0646C4533FB6C0C8C4AFCB95A0EFB95D446F8
                                                Malicious:false
                                                Preview: 9iH...}Z.4..f..... 8.j....|.&X..e.F.*.
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):327432
                                                Entropy (8bit):7.99938831605763
                                                Encrypted:true
                                                SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                                                MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                                                SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                                                SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                                                SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                                                Malicious:false
                                                Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                                                C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                File Type:ASCII text, with no line terminators
                                                Category:dropped
                                                Size (bytes):56
                                                Entropy (8bit):4.823079645651109
                                                Encrypted:false
                                                SSDEEP:3:oMty8WddSWAnPL4A:oMLW6WAnPL4A
                                                MD5:743A1D76D284D8E42E19061A3F13A723
                                                SHA1:D6BBE641CBAC7B46C0922F32DCC89F8F5B87F98C
                                                SHA-256:86093BF03032ACFCEF934A0D8363B66AAF4ADEE58015DA0172E13635B1DD1FE8
                                                SHA-512:DF687DCD985D1F6127624220083DFD93A39FEBCE02A869F4126787DF3724890ECC10FF18077BFDEF02FCC802440F3F83545E4DA4BD826DC84E59B26A105F6567
                                                Malicious:false
                                                Preview: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                \Device\ConDrv
                                                Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1049
                                                Entropy (8bit):4.2989523990568035
                                                Encrypted:false
                                                SSDEEP:24:z3U3g4DO/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zEw4DBXZxo4ABV+SrUYE
                                                MD5:970EE6AEAB63008333D1D883327DA660
                                                SHA1:A71E19F66886B1888A183BA1777A23FABAE9822E
                                                SHA-256:D270D397EB3CF1173D25795834B240466EFEE213E11B1B31CDC101015AFFCAD9
                                                SHA-512:EB49AEE1B4524E6F15C08345A380D7D28DC845DEBA5408A7D034F2F7F5A652C8A2E2FF293BFB307DE87DCC2FAA111BA3BE8BEF9C4752A73DE1835DCD844D39BB
                                                Malicious:false
                                                Preview: Microsoft .NET Framework Assembly Registration Utility version 4.7.3056.0..for Microsoft .NET Framework version 4.7.3056.0..Copyright (C) Microsoft Corporation. All rights reserved.....Syntax: RegAsm AssemblyName [Options]..Options:.. /unregister Unregister types.. /tlb[:FileName] Export the assembly to the specified type library.. and register it.. /regfile[:FileName] Generate a reg file with the specified name.. instead of registering the types. This option.. cannot be used with the /u or /tlb options.. /codebase Set the code base in the registry.. /registered Only refer to already registered type libraries.. /asmpath:Directory Look for assembly references here.. /nologo Prevents RegAsm from displaying logo.. /silent Silent mode. Prevents displaying of success messages.. /verbose Displays extra information..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.664479719371558
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                • DOS Executable Generic (2002/1) 0.01%
                                                File name:Scan_00059010189_ ref. 004118379411_ pdf.exe
                                                File size:352256
                                                MD5:106117a9928b774aa6bbb657f275de53
                                                SHA1:208d61ecd30789fba2325a0e0f46bb63bdba5bd9
                                                SHA256:a5affcfc364530db52dd4fcf252187cc09968a7bb1f1149bb919fd339634468a
                                                SHA512:821b25876ccdf80a77714618766a0578898f6671755a1e399d1d5ab7302ceaa9d67b6ed37964dad27088996823c5bd2db312eb0fd5dc00123d294800797c24f1
                                                SSDEEP:6144:SiS9IvO+J0i2ttjKd4aOLlLFIbJU+M2ucUcjwxvHVZ0y1UCgVhjX5+:SEvO+l2ttKdpYLFI3XucMx/f0ymCuh
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'._.................L...........k... ........@.. ....................................@................................

                                                File Icon

                                                Icon Hash:8e9ab2a29a8a82d4

                                                Static PE Info

                                                General

                                                Entrypoint:0x446b8e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                Time Stamp:0x5FFA270C [Sat Jan 9 21:58:36 2021 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x46b380x53.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x480000x10e24.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a0000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x44b940x44c00False0.983899147727data7.99662602027IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rsrc0x480000x10e240x11000False0.09765625data4.29496295357IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x5a0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_ICON0x481300x10828dBase III DBT, version number 0, next free block index 40
                                                RT_GROUP_ICON0x589580x14data
                                                RT_VERSION0x5896c0x2ccdata
                                                RT_MANIFEST0x58c380x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Version Infos

                                                DescriptionData
                                                Translation0x0000 0x04b0
                                                LegalCopyright
                                                Assembly Version0.0.0.0
                                                InternalNameScan_00059010189_ ref. 004118379411_ pdf.exe
                                                FileVersion0.0.0.0
                                                ProductVersion0.0.0.0
                                                FileDescription
                                                OriginalFilenameScan_00059010189_ ref. 004118379411_ pdf.exe

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Jan 10, 2021 08:25:30.821877003 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:30.999865055 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:31.001878977 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:31.047482014 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:31.235569000 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:31.235827923 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:31.463349104 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:31.465738058 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:31.644119978 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:31.701517105 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:31.864511967 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.092422009 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.101799965 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.101877928 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.101939917 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.101984978 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102025032 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102041006 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.102072954 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.102082014 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102135897 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.102139950 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102194071 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102240086 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102243900 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.102302074 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.102354050 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.279844999 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.279941082 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.279968977 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.279994965 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280020952 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280040026 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280044079 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280065060 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280083895 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280095100 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280105114 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280119896 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280131102 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280153990 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280167103 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280178070 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280205011 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280220032 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280227900 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280241966 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280256033 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280284882 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280287027 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280312061 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280335903 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280350924 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280358076 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280385017 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.280401945 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.280440092 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458045959 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458072901 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458096027 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458122969 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458148956 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458178043 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458201885 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458203077 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458224058 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458240032 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458254099 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458282948 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458302975 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458307028 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458340883 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458347082 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458365917 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458394051 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458394051 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458415985 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458444118 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458446026 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458468914 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458494902 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458497047 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458518982 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458549023 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458550930 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458575964 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458604097 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458605051 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458626986 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458656073 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458657026 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458678007 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458704948 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458713055 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458729029 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458760023 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458765984 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458787918 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458815098 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458841085 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458868980 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458889961 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458901882 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458920956 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458954096 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.458967924 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.458988905 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459012032 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.459019899 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459053040 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459076881 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.459080935 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459103107 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459130049 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.459136963 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.459314108 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.636620998 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636660099 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636683941 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636710882 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636733055 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636755943 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636776924 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636797905 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636822939 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636838913 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.636847019 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636871099 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636892080 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.636900902 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.636902094 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636919975 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.636930943 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636955976 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636979103 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.636986017 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637001991 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637023926 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637023926 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637048960 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637072086 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637099028 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637104034 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637124062 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637125969 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637150049 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637173891 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637176991 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637188911 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637197018 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637219906 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637240887 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637264013 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637293100 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637317896 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637433052 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637433052 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637455940 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637478113 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637499094 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637511969 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637523890 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637525082 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637531042 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637535095 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637550116 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637571096 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637583971 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637594938 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637620926 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637624979 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637641907 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637664080 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637667894 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637686968 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637706041 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637712955 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637737036 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637758970 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637764931 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637784004 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637804031 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637808084 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637830973 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637862921 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.637907028 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.637960911 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815331936 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815361977 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815376997 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815393925 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815412045 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815428972 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815445900 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815463066 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815479994 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815493107 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815505981 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815522909 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815541983 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815561056 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815572023 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815578938 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815596104 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815613985 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815617085 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815623045 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815628052 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815632105 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815649986 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815659046 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815669060 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815690994 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815704107 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815711021 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815730095 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815728903 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815747976 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815766096 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815778017 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815783978 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815802097 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815817118 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815819979 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:32.815831900 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.815885067 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:32.993464947 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:33.170341969 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:33.344469070 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:33.344620943 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:33.905016899 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:33.951200962 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.082711935 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.082815886 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.181226969 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.260566950 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.260627031 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.260739088 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.439429045 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.439486027 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.439523935 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.439598083 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.617353916 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.617376089 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.617424011 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.617439985 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.617549896 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.795166969 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.795181990 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.795202971 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.795214891 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.795227051 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.795348883 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.795393944 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.921170950 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.973612070 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.973630905 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.973978043 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.975573063 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.975589037 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.975600958 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.975625992 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:34.975673914 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:34.975716114 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.150461912 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.151437998 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.151566982 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.152719975 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.153376102 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.153512955 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.153525114 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.153546095 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.153609991 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.153651953 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.330154896 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330177069 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330203056 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330307961 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.330835104 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330852985 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330877066 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330915928 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.330938101 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.330955029 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.467410088 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.507649899 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.507667065 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.507689953 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.507857084 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.508795977 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.508810043 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.508833885 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.508846998 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.508969069 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.509008884 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.644922018 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.645159006 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.685375929 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.685580969 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.685601950 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.685617924 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.685731888 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.686537027 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.686561108 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.686671972 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.686942101 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.686981916 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.687140942 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.822663069 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.863742113 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.863748074 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.863770962 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.863784075 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.863851070 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.863882065 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.865320921 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.865345001 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.865361929 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.865376949 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.865411043 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:35.865417004 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.865438938 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.865446091 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:35.921497107 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.044092894 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.044132948 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.044186115 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.044214964 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.044229031 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.044253111 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.044267893 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.044296026 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.044317961 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.046576023 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046617985 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046654940 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046693087 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046700001 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.046726942 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.046735048 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046739101 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.046758890 CET700849714185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:36.046789885 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:36.046809912 CET497147008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:37.937987089 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.116020918 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.116197109 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.116731882 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.310117006 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.310385942 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.488533974 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.489757061 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.716455936 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716491938 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716515064 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716538906 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716562033 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716584921 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716607094 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716615915 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.716628075 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716654062 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716671944 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.716675997 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.716723919 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894586086 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894618988 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894638062 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894658089 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894678116 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894701004 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894722939 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894743919 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894767046 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894779921 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894790888 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894812107 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894814014 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894819975 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894833088 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894846916 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894855022 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894881010 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894893885 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894902945 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894925117 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.894928932 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.894979000 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.895621061 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.895648956 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.895673990 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.895698071 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:38.895777941 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:38.921747923 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072387934 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072423935 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072448969 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072470903 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072494030 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072503090 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072518110 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072530985 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072542906 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072552919 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072570086 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072590113 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072594881 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072618008 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072618961 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072638988 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072650909 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072662115 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072670937 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072683096 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072693110 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072705030 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072716951 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072729111 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072736025 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072752953 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072760105 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072773933 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072778940 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072793961 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072801113 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072813034 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072818041 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072833061 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072838068 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072856903 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072870016 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072876930 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072891951 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072896957 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072920084 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072922945 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072943926 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072954893 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.072963953 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072983027 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.072985888 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073004007 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073014975 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073024988 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073045015 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073048115 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073070049 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073075056 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073093891 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073102951 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073118925 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073127031 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073139906 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073148012 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073160887 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073168993 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073184967 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073191881 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073206902 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073214054 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073227882 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073235035 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073249102 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073265076 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073271036 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.073287964 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.073322058 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.148874044 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254364014 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254400969 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254422903 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254465103 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254487038 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254508972 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254540920 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254556894 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254556894 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254579067 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254600048 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254621029 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254642010 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254662991 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254668951 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254673004 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254689932 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254710913 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254719973 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254734993 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254756927 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254767895 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254777908 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254800081 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254820108 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254834890 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254841089 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254863024 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254870892 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254884958 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254909992 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254931927 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254939079 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254945993 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.254954100 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254976034 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254997969 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.254998922 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255017996 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255023003 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255042076 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255059958 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255069971 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255081892 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255103111 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255110025 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255124092 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255145073 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255166054 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255168915 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255189896 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255207062 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255213976 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255234957 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255255938 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255258083 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255278111 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255292892 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255299091 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255319118 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255328894 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255340099 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255359888 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255371094 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255393982 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255415916 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255415916 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255436897 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255459070 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.255464077 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.255502939 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433007956 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433083057 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433140993 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433213949 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433227062 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433243990 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433305025 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433320999 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433362007 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433379889 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433454990 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433496952 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433523893 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433533907 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433577061 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433583975 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433626890 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433669090 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433682919 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433706045 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433743954 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433758974 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433780909 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433818102 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433830976 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433849096 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433886051 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433923960 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433933973 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.433963060 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.433984995 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434000015 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434037924 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434084892 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434113979 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434123039 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434159994 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434196949 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434196949 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434222937 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434243917 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434290886 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434303999 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434326887 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434365988 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434403896 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434423923 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434439898 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434468031 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434500933 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434542894 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434581041 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434618950 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434632063 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434653997 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434683084 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434684992 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434727907 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434737921 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434751987 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434792042 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434813976 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434817076 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434855938 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434861898 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434892893 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434912920 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.434941053 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.434983015 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.435020924 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.435045004 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.435079098 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612417936 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612462997 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612500906 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612570047 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612607956 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612607956 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612627029 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612647057 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612684011 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612713099 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612721920 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612757921 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612790108 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612796068 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612833023 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612854958 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612879038 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612920046 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612957001 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.612979889 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.612993002 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613013983 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613030910 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613173008 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613229990 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613241911 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613267899 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613293886 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613305092 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613343000 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613390923 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613426924 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613476992 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613521099 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613547087 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613559961 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613573074 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613596916 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613636017 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613672018 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613682032 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613711119 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613733053 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613748074 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613794088 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613795996 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613836050 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613873005 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613913059 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613923073 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613950968 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.613964081 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.613987923 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614026070 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614063025 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614083052 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614110947 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614123106 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614154100 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614192009 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614232063 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614258051 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614269972 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614298105 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614305019 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614342928 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614355087 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614382029 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614430904 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.614434958 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.614500046 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.616756916 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792655945 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792687893 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792711973 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792735100 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792757034 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792778015 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792798996 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792820930 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792840004 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792845011 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792861938 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792874098 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792884111 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792895079 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792906046 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792927027 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792948008 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792962074 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792968035 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792979002 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.792993069 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.792999983 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793015957 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793035984 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793036938 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793059111 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793081045 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793087959 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793101072 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793123960 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793123960 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793144941 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793164968 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793169022 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793190956 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793211937 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793219090 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793232918 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793253899 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793257952 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793276072 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793297052 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793298006 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793317080 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793338060 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793340921 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793363094 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793389082 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793399096 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793421030 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793442011 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793459892 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.793463945 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.793509007 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.794086933 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794110060 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794131994 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794156075 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794167995 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.794179916 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794194937 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.794200897 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794223070 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794236898 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.794243097 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794264078 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.794271946 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.794308901 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.795501947 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.795536995 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.795622110 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.922254086 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971050978 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971101999 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971149921 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971191883 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971211910 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971229076 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971246004 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971252918 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971257925 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971266985 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971271992 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971303940 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971330881 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971339941 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971359015 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:39.971369982 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:39.971405983 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:40.151176929 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:40.170964003 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:40.608998060 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:40.836507082 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:40.948690891 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:41.012226105 CET700849721185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:41.014718056 CET497217008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:42.969341993 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:43.147105932 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:43.147232056 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:43.147919893 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:43.334708929 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:43.335015059 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:43.512656927 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:43.545104027 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:43.773264885 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:43.855592012 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:43.923163891 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:44.101087093 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:44.101197004 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:44.330210924 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:44.330310106 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:44.508348942 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:44.523283005 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:44.702342987 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:44.703660965 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:44.931946993 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:44.969014883 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:45.197441101 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:45.790677071 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:45.937463045 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:46.018213034 CET700849727185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:46.018291950 CET497277008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:47.953819990 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.133089066 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:48.133311033 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.133879900 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.320962906 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:48.321319103 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.500375986 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:48.546590090 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.724350929 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:48.725465059 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:48.953627110 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:48.985641956 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:49.062284946 CET700849729185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:49.062402964 CET497297008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.001645088 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.181415081 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:51.181560040 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.210213900 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.399976015 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:51.400118113 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.633060932 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:51.635575056 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:51.813457012 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:51.825361967 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:52.053443909 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:52.152767897 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:52.161566019 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:52.339689016 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:52.341716051 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:52.569902897 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:52.569994926 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:52.751507044 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:52.796942949 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:52.974427938 CET700849730185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:53.015923023 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:53.235049963 CET497307008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:55.251485109 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:55.429564953 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:55.429656982 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:55.434613943 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:55.624161005 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:55.640177965 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:55.818191051 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:55.819377899 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:56.048361063 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.137152910 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.138302088 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:56.316160917 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.316291094 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:56.526563883 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.526828051 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:56.704464912 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.751976967 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:56.929867029 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:56.945825100 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:57.174798965 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:57.220009089 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:25:57.447155952 CET700849731185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:25:58.237435102 CET497317008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:00.252604961 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:00.430155993 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:00.430270910 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:00.439030886 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:00.626686096 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:00.627073050 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:00.805002928 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:00.806622982 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:01.034353971 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.121953964 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.123235941 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:01.300750971 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.300858974 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:01.530849934 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.531044006 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:01.708584070 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.750855923 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:01.928498030 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:01.969600916 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:02.236172915 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:02.464478970 CET700849733185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:03.236073971 CET497337008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.255091906 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.432614088 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:05.432706118 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.498070955 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.685544968 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:05.696146011 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.874502897 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:05.939752102 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:05.963788033 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:06.192636967 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:06.279073954 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:06.291858912 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:06.469624043 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:06.470040083 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:06.698626995 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:06.704914093 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:06.882781982 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:06.938766003 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:07.031702042 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:07.209479094 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:07.251264095 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:07.368786097 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:07.596800089 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:07.596960068 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:07.825083017 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:08.554908037 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:08.782661915 CET700849740185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:09.540651083 CET497407008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:11.550267935 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:11.728275061 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:11.728396893 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:11.730225086 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:11.920542002 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:11.920962095 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.098640919 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.142270088 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.166100979 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.393886089 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.483237028 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.532915115 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.550103903 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.710454941 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.711091995 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.778203964 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.778646946 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.938663960 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:12.938812971 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:12.956598997 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:13.001720905 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:13.117008924 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:13.158241987 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:13.576443911 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:13.580708027 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:13.809263945 CET700849743185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:14.581068039 CET497437008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:16.610744953 CET497447008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:16.788536072 CET700849744185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:16.788786888 CET497447008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:16.804811001 CET497447008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:16.983325005 CET700849744185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:19.004093885 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:19.185426950 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:19.188224077 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:19.211441994 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:19.397911072 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:19.398596048 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:19.589860916 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:19.590137959 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:19.822482109 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:19.822704077 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:20.053761959 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:20.151448011 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:20.165297985 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:20.343483925 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:20.344902992 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:20.536906004 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:20.537085056 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:20.730794907 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:20.732022047 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:20.960314989 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:21.581068993 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:21.755517006 CET700849745185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:21.755664110 CET497457008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:23.598642111 CET497467008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:23.776356936 CET700849746185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:23.777015924 CET497467008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:23.777790070 CET497467008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:23.955487013 CET700849746185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:25.973782063 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.151371002 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:26.151670933 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.153197050 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.370954037 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:26.376534939 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.554267883 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:26.582511902 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.760227919 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:26.761399984 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:26.988960028 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:27.131103992 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:27.133306980 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:27.311650038 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:27.313225031 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:27.491305113 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:27.491400003 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:27.583111048 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:27.669955969 CET700849747185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:27.670030117 CET497477008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:29.612901926 CET497487008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:32.612776041 CET497487008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:32.790313005 CET700849748185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:32.790631056 CET497487008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:32.791896105 CET497487008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:32.969611883 CET700849748185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:34.974078894 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.151773930 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.152076006 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.152800083 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.343014002 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.343552113 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.521557093 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.526006937 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.754014015 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.754230022 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.852125883 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.895298004 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:35.932297945 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:35.932523966 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:36.161989927 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:36.162245035 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:36.340060949 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:36.394819021 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:36.572550058 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:36.594461918 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:36.822051048 CET700849749185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:37.583313942 CET497497008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:39.598962069 CET497507008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:39.776397943 CET700849750185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:39.776527882 CET497507008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:39.812263012 CET497507008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:39.990056038 CET700849750185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:42.006915092 CET497517008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:42.193236113 CET700849751185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:42.193382978 CET497517008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:42.194545031 CET497517008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:42.372101068 CET700849751185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:53.523480892 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:53.701122999 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:53.701246023 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:53.707190037 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:53.893321991 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:53.893399954 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:54.120846987 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:54.121150017 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:54.298790932 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:54.304052114 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:54.531954050 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:54.652229071 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:54.653459072 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:54.831087112 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:54.831219912 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:55.059132099 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:55.059287071 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:55.236948967 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:55.286449909 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:55.464550018 CET700849755185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:55.505436897 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:55.756413937 CET497557008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:57.772783995 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:57.950351000 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:57.950483084 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:57.951013088 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:58.137031078 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:58.137376070 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:58.314927101 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:58.316669941 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:58.546236992 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:58.636693954 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:58.638479948 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:58.816051960 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:58.816206932 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:59.044713974 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:59.045372009 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:59.223277092 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:59.271320105 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:59.449295044 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:26:59.506184101 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:26:59.772444963 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:00.001533985 CET700849756185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:00.772089958 CET497567008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:02.790051937 CET497577008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:02.967538118 CET700849757185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:02.967789888 CET497577008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:02.968926907 CET497577008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:03.146359921 CET700849757185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:05.228029013 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:05.405497074 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:05.405740976 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:05.406466961 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:05.593292952 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:05.626384974 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:05.803944111 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:05.804203987 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:06.030939102 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.031250000 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:06.258795977 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.339401960 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.341630936 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:06.519640923 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.522124052 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:06.699593067 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.699738026 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:06.877185106 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:06.877284050 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:07.104825020 CET700849758185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:07.788305998 CET497587008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:09.805713892 CET497597008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:09.983319044 CET700849759185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:09.984205008 CET497597008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:09.984239101 CET497597008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:10.162312984 CET700849759185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:12.183505058 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:12.361001015 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:12.361505985 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:12.361814976 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:12.589660883 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:12.872139931 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:12.872700930 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:13.050482988 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:13.053539038 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:13.367974043 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:13.368268013 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:13.637155056 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:13.638364077 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:13.815718889 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:13.817065001 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:13.994678020 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:13.995193958 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:14.173505068 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:14.173702002 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:14.467892885 CET700849760185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:15.148288012 CET497607008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:17.165610075 CET497617008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:17.343317032 CET700849761185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:17.343539953 CET497617008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:17.353864908 CET497617008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:17.531868935 CET700849761185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:19.554364920 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:19.732295990 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:19.732412100 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:19.733942986 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:19.948935986 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:19.991651058 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:20.169591904 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:20.170243025 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:20.348140001 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:20.348418951 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:20.638125896 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:20.638195992 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:20.937333107 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:21.043123007 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:21.044194937 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:21.180264950 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:21.222172022 CET700849762185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:21.223216057 CET497627008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:23.205482006 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:23.383399963 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:23.383533001 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:23.387264013 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:23.572865009 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:23.573312998 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:23.751085043 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:23.753807068 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:24.067898989 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:24.195785046 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:24.253878117 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:24.305864096 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:24.485306978 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:24.485492945 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:24.663605928 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:24.665646076 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:24.843686104 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:24.847553015 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:25.025527000 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:25.070147991 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:25.195903063 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:25.467407942 CET700849763185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:26.180228949 CET497637008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:28.200005054 CET497647008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:28.379375935 CET700849764185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:28.382374048 CET497647008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:28.383228064 CET497647008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:28.561678886 CET700849764185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:30.571882010 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:30.750086069 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:30.751266003 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:30.751789093 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:30.941245079 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:30.941618919 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.119452953 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.121184111 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.349380970 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.352045059 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.434237957 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.476975918 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.529900074 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.531303883 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.759119034 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.759277105 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:31.936724901 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:31.977109909 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:32.154740095 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:32.211359024 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:32.233634949 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:32.461646080 CET700849765185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:33.243340969 CET497657008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:35.259941101 CET497667008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:35.437613964 CET700849766185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:35.437736034 CET497667008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:35.439084053 CET497667008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:35.616837025 CET700849766185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:37.636159897 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:37.813893080 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:37.813993931 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:37.818429947 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.018774033 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.020404100 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.202852011 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.208502054 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.436939955 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.437246084 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.529975891 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.586874008 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.614942074 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.615689039 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:38.844964027 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:38.845122099 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:39.023061991 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:39.071320057 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:39.244863033 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:39.255211115 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:39.305701971 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:39.471893072 CET700849767185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:40.228257895 CET497677008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:42.246143103 CET497687008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:42.423809052 CET700849768185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:42.425182104 CET497687008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:42.426469088 CET497687008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:42.604437113 CET700849768185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:44.638343096 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:44.816063881 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:44.818839073 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:44.819936037 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.006726980 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.009352922 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.188134909 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.206031084 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.434098959 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.436573029 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.527482986 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.574640036 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.614541054 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.614746094 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:45.842166901 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:45.842498064 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:46.020687103 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:46.077490091 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:46.256313086 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:46.304847956 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:46.398004055 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:46.625847101 CET700849769185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:47.387376070 CET497697008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:49.402425051 CET497737008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:49.579849005 CET700849773185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:49.583770990 CET497737008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:49.584348917 CET497737008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:49.761816025 CET700849773185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:51.781265020 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:51.958914042 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:51.960488081 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:51.961256981 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:52.150023937 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.154186010 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:52.332285881 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.335511923 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:52.563085079 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.563273907 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:52.670304060 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.741292000 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.741436005 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:52.919429064 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:52.922202110 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:53.150979996 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:53.151699066 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:53.329682112 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:53.421456099 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:53.531127930 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:53.599231005 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:53.733413935 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:53.759500027 CET700849777185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:54.547100067 CET497777008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:56.563147068 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:56.740712881 CET700849782185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:56.740835905 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:56.741497993 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:56.927855015 CET700849782185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:56.930531979 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:57.108597040 CET700849782185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:57.110023975 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:57.287767887 CET700849782185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:57.327410936 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:57.505620003 CET700849782185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:27:57.508157015 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:27:57.546716928 CET497827008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:00.491889954 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:00.669799089 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:00.669910908 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:00.670459986 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:00.859600067 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:00.860832930 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:01.038757086 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:01.042613029 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:01.270473957 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:01.355878115 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:01.356795073 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:01.534337044 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:01.535595894 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:01.763324976 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:01.763417959 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:01.941693068 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:02.030935049 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:02.209019899 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:02.328016043 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:02.486005068 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:02.715017080 CET700849783185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:03.531641960 CET497837008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:05.548028946 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:05.725538969 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:05.727121115 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:05.727600098 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:05.913836002 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:05.914341927 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:06.092056990 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:06.140908003 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:06.319009066 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:06.322350979 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:06.549634933 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:06.667542934 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:06.668044090 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:06.845659971 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:06.850213051 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:07.028031111 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:07.028203964 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:07.205857992 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:07.250138998 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:08.961111069 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:09.016027927 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:10.927824974 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:10.969183922 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:15.972486019 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:16.016444921 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:17.958126068 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:18.001106024 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:20.973077059 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:21.016854048 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:25.973582983 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:26.017364025 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:26.195086002 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:26.236131907 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:30.974438906 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:31.017864943 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:34.011961937 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:34.065038919 CET497847008192.168.2.5185.244.38.210
                                                Jan 10, 2021 08:28:35.975296974 CET700849784185.244.38.210192.168.2.5
                                                Jan 10, 2021 08:28:36.018131971 CET497847008192.168.2.5185.244.38.210

                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532 Parent PID: 5584

                                                General

                                                Start time:08:25:16
                                                Start date:10/01/2021
                                                Path:C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\user\Desktop\Scan_00059010189_ ref. 004118379411_ pdf.exe'
                                                Imagebase:0x760000
                                                File size:352256 bytes
                                                MD5 hash:106117A9928B774AA6BBB657F275DE53
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.233831964.0000000003A04000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: RegAsm.exe PID: 5764 Parent PID: 4532

                                                General

                                                Start time:08:25:17
                                                Start date:10/01/2021
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                Imagebase:0x7f0000
                                                File size:64616 bytes
                                                MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 4392 Parent PID: 5764

                                                General

                                                Start time:08:25:22
                                                Start date:10/01/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmpE5CB.tmp'
                                                Imagebase:0x390000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 408 Parent PID: 4392

                                                General

                                                Start time:08:25:28
                                                Start date:10/01/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 5436 Parent PID: 5764

                                                General

                                                Start time:08:25:29
                                                Start date:10/01/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp606.tmp'
                                                Imagebase:0x390000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 3536 Parent PID: 5436

                                                General

                                                Start time:08:25:29
                                                Start date:10/01/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: RegAsm.exe PID: 6028 Parent PID: 904

                                                General

                                                Start time:08:25:30
                                                Start date:10/01/2021
                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe 0
                                                Imagebase:0x7ff797770000
                                                File size:64616 bytes
                                                MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 4944 Parent PID: 6028

                                                General

                                                Start time:08:25:31
                                                Start date:10/01/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 4948 Parent PID: 904

                                                General

                                                Start time:08:25:31
                                                Start date:10/01/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                                Imagebase:0x7c0000
                                                File size:64616 bytes
                                                MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Antivirus matches:
                                                • Detection: 0%, Metadefender, Browse
                                                • Detection: 0%, ReversingLabs
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 5352 Parent PID: 4948

                                                General

                                                Start time:08:25:31
                                                Start date:10/01/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: dhcpmon.exe PID: 5644 Parent PID: 3472

                                                General

                                                Start time:08:25:33
                                                Start date:10/01/2021
                                                Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                                Imagebase:0xe90000
                                                File size:64616 bytes
                                                MD5 hash:6FD7592411112729BF6B1F2F6C34899F
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Reputation:moderate

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 1624 Parent PID: 5644

                                                General

                                                Start time:08:25:34
                                                Start date:10/01/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: Scan_00059010189_ ref. 004118379411_ pdf.exe PID: 4532 Parent PID: 5584 Scan_00059010189_ ref. 004118379411_ pdf.exeCOMMON

                                                  Executed Functions

                                                  Function 01117EBD, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 325processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0111818F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID: 5H$5H
                                                  • API String ID: 963392458-1752349424
                                                  • Opcode ID: 0758ab9d6ee468434c432992c9ca75ad4fda14d5147c17947fa48084d3e33e0d
                                                  • Instruction ID: 7f9f71e2d336f2a8bfe8ef9612fe1ca771bb500987d5251b2ef4eddaae7f795f
                                                  • Opcode Fuzzy Hash: 0758ab9d6ee468434c432992c9ca75ad4fda14d5147c17947fa48084d3e33e0d
                                                  • Instruction Fuzzy Hash: BEC13571D0026D8FDF24DFA8C880BEEBBB1BB49314F0085A9E519B7244DB749A85CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117EC8, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321processCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0111818F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: CreateProcess
                                                  • String ID: 5H$5H
                                                  • API String ID: 963392458-1752349424
                                                  • Opcode ID: 212ed3348d2d41f857429dde314c919017335be7fc4c3d7ccd9809684fb65069
                                                  • Instruction ID: 8a3b9ca8727f6b03bcbb629fabe37197bb7647ed2f95b301105d3d89aff9d3f4
                                                  • Opcode Fuzzy Hash: 212ed3348d2d41f857429dde314c919017335be7fc4c3d7ccd9809684fb65069
                                                  • Instruction Fuzzy Hash: 89C12571D0026D8FDF24DFA8C880BEEBBB1BB49314F0085A9E519B7244DB749A85CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117AA8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01117B83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID: 5H
                                                  • API String ID: 3559483778-216627897
                                                  • Opcode ID: 47dcd5bb8774bc8932372c627b7098b0741fa0e32ec9ab83b1cae4f0869a1a18
                                                  • Instruction ID: 6b82ac4c5c81b02cd9acf40631f63cf905b2591556fdfd8b4d8281af030caa1e
                                                  • Opcode Fuzzy Hash: 47dcd5bb8774bc8932372c627b7098b0741fa0e32ec9ab83b1cae4f0869a1a18
                                                  • Instruction Fuzzy Hash: C641A9B5D042589FCF04CFA9D984AEEFBF1BB49314F14902AE918B7240D739AA45CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117AB0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 116injectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01117B83
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessWrite
                                                  • String ID: 5H
                                                  • API String ID: 3559483778-216627897
                                                  • Opcode ID: 8fd3f3e7fe442483852f50968c084c9fa9bbb8c6167d3319bc96b7c101647dbd
                                                  • Instruction ID: 6404bb0afffcc4becce73f08e383ea19ca6385a77d7d3b1956f0fc015c2595b6
                                                  • Opcode Fuzzy Hash: 8fd3f3e7fe442483852f50968c084c9fa9bbb8c6167d3319bc96b7c101647dbd
                                                  • Instruction Fuzzy Hash: 494188B5D052589FCF04CFA9D984AEEFBF1BB49314F14902AE918B7240D738AA45CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117C30, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01117CEA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID: 5H
                                                  • API String ID: 1726664587-216627897
                                                  • Opcode ID: de3fd2084209c9c7ed0a7ceb9d96d393413226e7e10fa91ae62e45e6fe275e4f
                                                  • Instruction ID: 0fa9b74287afe003731bf7cb9c3f1820d22bdaa457d8862535a46764d1b69b5a
                                                  • Opcode Fuzzy Hash: de3fd2084209c9c7ed0a7ceb9d96d393413226e7e10fa91ae62e45e6fe275e4f
                                                  • Instruction Fuzzy Hash: 6141A9B5D042589FCF14CFA9D980AEEFBB1BB09310F14902AE915B7340D735A946CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117C38, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 01117CEA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: MemoryProcessRead
                                                  • String ID: 5H
                                                  • API String ID: 1726664587-216627897
                                                  • Opcode ID: 950aa40abf3e9d45a4e904dbac78fea582dcb8d4a1c22b0f9a22333b1cd48d7d
                                                  • Instruction ID: 9adb34f1e6b437955b5f7424a5b9ec29c79284e8cc295128498ed6610ba5258e
                                                  • Opcode Fuzzy Hash: 950aa40abf3e9d45a4e904dbac78fea582dcb8d4a1c22b0f9a22333b1cd48d7d
                                                  • Instruction Fuzzy Hash: 6341A8B5D042589FCF14CFAAD980AEEFBB1BB09310F10A02AE815B7340D735A945CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117928, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 011179DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID: 5H
                                                  • API String ID: 4275171209-216627897
                                                  • Opcode ID: ffa4209f26cb526d3f867ed631fa2c3ae827ed6942aaf96e62e9be2fa5eda331
                                                  • Instruction ID: 423db01d5731cc08ac081618e15b0af90a57b9348cb77ead5ac12cfdb400803a
                                                  • Opcode Fuzzy Hash: ffa4209f26cb526d3f867ed631fa2c3ae827ed6942aaf96e62e9be2fa5eda331
                                                  • Instruction Fuzzy Hash: 8F31A9B9D042989FCF14CFA9D980ADEFBB1BB49310F10902AE915B7340D735A946CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117930, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 101memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 011179DA
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: AllocVirtual
                                                  • String ID: 5H
                                                  • API String ID: 4275171209-216627897
                                                  • Opcode ID: 84c7e6b01710c999af1313f4327faffbaad4196a43ba5e40859bfe48f2777cb8
                                                  • Instruction ID: ca68fac8dcc7c31ef99a1eba702644a075811cbffd9e697466169cc62841c573
                                                  • Opcode Fuzzy Hash: 84c7e6b01710c999af1313f4327faffbaad4196a43ba5e40859bfe48f2777cb8
                                                  • Instruction Fuzzy Hash: CE3198B9D042589FCF14CFA9D980ADEFBB1BB49310F10902AE915B7300D735A946CF65
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117740, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 011177F7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID: 5H
                                                  • API String ID: 1591575202-216627897
                                                  • Opcode ID: ac9cf5c94150682fee73748ae957e9c44dc39104eb13f5603064a535063ccba8
                                                  • Instruction ID: a61073d88cf53d668dbf0660a2f192fccbf75d57a967e0a2f49034d81ffe21b6
                                                  • Opcode Fuzzy Hash: ac9cf5c94150682fee73748ae957e9c44dc39104eb13f5603064a535063ccba8
                                                  • Instruction Fuzzy Hash: 7541CBB4D002589FDB14CFA9D984AEEFBF1AF49314F14802AE415B7340D738A945CF64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117748, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 94threadinjectionCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SetThreadContext.KERNELBASE(?,?), ref: 011177F7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: ContextThread
                                                  • String ID: 5H
                                                  • API String ID: 1591575202-216627897
                                                  • Opcode ID: c33914f79d6f94b6c6d7482485c2f3d1b52a28718bc0cd102a1715ee22a7a7da
                                                  • Instruction ID: 7789abe70decab3075b7b8309cf5fe3d3a9f2a69cfaedc5a50651e55010fc7a7
                                                  • Opcode Fuzzy Hash: c33914f79d6f94b6c6d7482485c2f3d1b52a28718bc0cd102a1715ee22a7a7da
                                                  • Instruction Fuzzy Hash: D631BAB4D002589FCB14CFAAD984AEEFBF1AB49314F14802AE414B7340D738A949CFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117621, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResumeThread.KERNELBASE(?), ref: 011176A6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID: 5H
                                                  • API String ID: 947044025-216627897
                                                  • Opcode ID: 30c3cf44232f8653e3bca531cc2814126b2f86c335aa934a01dafbb413a42814
                                                  • Instruction ID: d1ff0209fe1b764e664dd08153748c685aaeb43a50b8b3ccbbd53400dbad4b15
                                                  • Opcode Fuzzy Hash: 30c3cf44232f8653e3bca531cc2814126b2f86c335aa934a01dafbb413a42814
                                                  • Instruction Fuzzy Hash: 1C31CAB4D002589FDF14CFAAD980AEEFBB0AF49314F14942AE815B7340DB35A945CFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01117628, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73threadCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • ResumeThread.KERNELBASE(?), ref: 011176A6
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID: ResumeThread
                                                  • String ID: 5H
                                                  • API String ID: 947044025-216627897
                                                  • Opcode ID: 8c9f31b2cce60a74de52c0f452048209cfa0cdb0e6daf74ae53dfef23bd3db8c
                                                  • Instruction ID: a9d363ff82da9af72157ece2a9c7a5618f8a17eb649495723b3272b46d2c4ea6
                                                  • Opcode Fuzzy Hash: 8c9f31b2cce60a74de52c0f452048209cfa0cdb0e6daf74ae53dfef23bd3db8c
                                                  • Instruction Fuzzy Hash: A331D9B4D002589FDF14CFAAD980AEEFBB4AF49314F14942AE814B7300DB34A905CFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 01111811, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: w
                                                  • API String ID: 0-476252946
                                                  • Opcode ID: f09d251857fbd8783507895b80c8d1ebc57f06a4e843ddf1ab638c14b3445e17
                                                  • Instruction ID: 27e46522be74069cbb6a4b50f6286cfa54d30f603917c49af7291ed935e2519c
                                                  • Opcode Fuzzy Hash: f09d251857fbd8783507895b80c8d1ebc57f06a4e843ddf1ab638c14b3445e17
                                                  • Instruction Fuzzy Hash: 3E413FB1E156188BEB5CCF6B8D4039EFAF7AFC8200F14C1BAD91CA6259EB3045468F55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01111820, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID: w
                                                  • API String ID: 0-476252946
                                                  • Opcode ID: d41e37286524883d644d15bbd97e4aaf75b9d4727ec20b169cdfafb803d3049e
                                                  • Instruction ID: ca3f80b4592471dc396fe1960882974d0f0101e39e5289ac06a7de5094d02d51
                                                  • Opcode Fuzzy Hash: d41e37286524883d644d15bbd97e4aaf75b9d4727ec20b169cdfafb803d3049e
                                                  • Instruction Fuzzy Hash: B24120B1E156188BEB5CCF6B8D4078EFAF7AFC8200F14D1BAD51CA6259DB3005468F55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01110682, Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54e731df72e85d3ab1362075f1c31d94a6423abd063db42f306a93d1f21f2d54
                                                  • Instruction ID: dafdc9cca6e569551637bc2d2adad7598303f8dcae5788848dbd757abb5f8fa6
                                                  • Opcode Fuzzy Hash: 54e731df72e85d3ab1362075f1c31d94a6423abd063db42f306a93d1f21f2d54
                                                  • Instruction Fuzzy Hash: 7291D930F043188BDB5C9F75986467EBAB7AFCD315B06882DE40AE7789EF3488458752
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 011115B1, Relevance: .1, Instructions: 149COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b7597c5c4b3a5c1a40481800b0030403b4fa347c1c1482aca73d275ecfdf5168
                                                  • Instruction ID: afeed42035a7e9e46fe0a4359f9d975bc5c8ad3245d35ed06ee1853330df423d
                                                  • Opcode Fuzzy Hash: b7597c5c4b3a5c1a40481800b0030403b4fa347c1c1482aca73d275ecfdf5168
                                                  • Instruction Fuzzy Hash: 30517570D042898FDB54EF76D89079EBBF2FB89304F05C929D204AB268EF74594A8F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 011115C0, Relevance: .1, Instructions: 146COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.233589517.0000000001110000.00000040.00000001.sdmp, Offset: 01110000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9ade872ab2da66eb859323f057a384f97b3d81db37877b1a5395a9e3047fb8d3
                                                  • Instruction ID: 8c2d6c92b191d33540962cf9d018542b7b8823bcf349ab59b20b456511b4714f
                                                  • Opcode Fuzzy Hash: 9ade872ab2da66eb859323f057a384f97b3d81db37877b1a5395a9e3047fb8d3
                                                  • Instruction Fuzzy Hash: 80516670D042898FDB54DF76D89079DBBF2EB89304F05C939D204AB268EF74594A8F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: RegAsm.exe PID: 6028 Parent PID: 904 RegAsm.exeCOMMON

                                                  Executed Functions

                                                  Function 0127189D, Relevance: 1.7, APIs: 1, Instructions: 169COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SearchPathW.KERNEL32(?,?,?,?,00000000,00000000), ref: 01271A4B
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.268660135.0000000001270000.00000040.00000001.sdmp, Offset: 01270000, based on PE: false
                                                  Similarity
                                                  • API ID: PathSearch
                                                  • String ID:
                                                  • API String ID: 2203818243-0
                                                  • Opcode ID: 7b7554dc94b018375978824e9664197d531c1f0f619841d4068a46ffa3130935
                                                  • Instruction ID: 6bf2e2610015c73f1e83564c16deaa139f23a85e5114cf188d4bd896e0ad0a27
                                                  • Opcode Fuzzy Hash: 7b7554dc94b018375978824e9664197d531c1f0f619841d4068a46ffa3130935
                                                  • Instruction Fuzzy Hash: FE712370D10219DFDB24CFA9C98469EBBF1BF48314F25812AE919AB350DB34A946CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 012718A8, Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • SearchPathW.KERNEL32(?,?,?,?,00000000,00000000), ref: 01271A4B
                                                  Memory Dump Source
                                                  • Source File: 00000008.00000002.268660135.0000000001270000.00000040.00000001.sdmp, Offset: 01270000, based on PE: false
                                                  Similarity
                                                  • API ID: PathSearch
                                                  • String ID:
                                                  • API String ID: 2203818243-0
                                                  • Opcode ID: d52adc5dc3d4755310971a672b74e450c03e58b8ed879655392b109f5d3885e8
                                                  • Instruction ID: 81d0ff96e02dd1de18ccfe5a119da9f023e5f240de172ad08ffd52d6d3de785a
                                                  • Opcode Fuzzy Hash: d52adc5dc3d4755310971a672b74e450c03e58b8ed879655392b109f5d3885e8
                                                  • Instruction Fuzzy Hash: AB712470E10219DFDB24CF99C98469EBBF1BF48314F25812EE919AB350DB34A946CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Analysis Process: dhcpmon.exe PID: 5644 Parent PID: 3472 dhcpmon.exeCOMMON

                                                  Executed Functions

                                                  Function 016F0A30, Relevance: .4, Instructions: 439COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fd79c3f8bef559062c9c9cf2f5a2e78b2d7bd3549ea0e314a28d0e28c138b04e
                                                  • Instruction ID: d31d5e09f56f6e27d1ef1e478d11bf8c63e4c539a9abfaab5bcfebbc61b9c583
                                                  • Opcode Fuzzy Hash: fd79c3f8bef559062c9c9cf2f5a2e78b2d7bd3549ea0e314a28d0e28c138b04e
                                                  • Instruction Fuzzy Hash: BC02B230B012459FCB51DF68C8909AEB7F2FF84304B15856DE606AB356DB31EC46CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F05B0, Relevance: .3, Instructions: 310COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de8a206245d1860c08eb9c691e9a732f125aca8e86f4bcde6fcac07b4b133827
                                                  • Instruction ID: cc97849783388ba1e68434dd8f414b9fbcd044a17f29d36070100d0062d19b2d
                                                  • Opcode Fuzzy Hash: de8a206245d1860c08eb9c691e9a732f125aca8e86f4bcde6fcac07b4b133827
                                                  • Instruction Fuzzy Hash: AED18B34705245CFD725DF28DC44A297BA3FF88344F1084A8EA428B366EB35EC51CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F04B0, Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f218633b19acbcf43762f243904f46fd40666cc3b7ae46171e6eadb54a12b52b
                                                  • Instruction ID: 2bf280af241dde971a76b20494164fd50ef4449873523eab321cacd41f2fd59b
                                                  • Opcode Fuzzy Hash: f218633b19acbcf43762f243904f46fd40666cc3b7ae46171e6eadb54a12b52b
                                                  • Instruction Fuzzy Hash: 27213A347152408FC789EB78D5589AD37E2AFC921931101A9E906CF772DB36DC4ACB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F1098, Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5e67fac087a97e2df6a12d2f335b9fbc397e31a96b1b7f0f69107314f5b1d0ab
                                                  • Instruction ID: 22ce279148467ede6e7ba338354cd2fa1d2bd3ce471a8b6606c682a2aaac2da7
                                                  • Opcode Fuzzy Hash: 5e67fac087a97e2df6a12d2f335b9fbc397e31a96b1b7f0f69107314f5b1d0ab
                                                  • Instruction Fuzzy Hash: 8311C831B041189FC754DBB4E8555EEBB75EF85244F1040BAD649DB750DF319D02CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F1028, Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 144e7d03ea6b685467137b14ee7a988cca515fa4fc4e9a57823a1c322872d226
                                                  • Instruction ID: b2a4cda8a369efbc81e19b517cedcce796c1adf734e641a2d53d9a7b7c24d96d
                                                  • Opcode Fuzzy Hash: 144e7d03ea6b685467137b14ee7a988cca515fa4fc4e9a57823a1c322872d226
                                                  • Instruction Fuzzy Hash: B5F0A7327142285FC7686BB99C605BF63E9EFC5324711047EE51ADB744DE714C0643D4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F0468, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5c21b935bc1464e597ec9f017a6ce9c14bbe1e2627bba8e0664865a74bc4086a
                                                  • Instruction ID: ec4701121ac63bdfa65238b97e739f2b1db259b25cc49a4536204f87a4a408d3
                                                  • Opcode Fuzzy Hash: 5c21b935bc1464e597ec9f017a6ce9c14bbe1e2627bba8e0664865a74bc4086a
                                                  • Instruction Fuzzy Hash: F5E09233A04109AF9B14DFA9EC484DEBFFDEB88561B108067F009D2214EF3094608B80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F0457, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ee496aa27f61d825c6f30e3368c02e6b9ce727d071ba019334bfed81940aff39
                                                  • Instruction ID: 8de3eb2e1b0ee30153c0e07862f136401cbb3b212a8d0148561800e586d77078
                                                  • Opcode Fuzzy Hash: ee496aa27f61d825c6f30e3368c02e6b9ce727d071ba019334bfed81940aff39
                                                  • Instruction Fuzzy Hash: 2DF09B31A15249DFD755CFB9DC455DEBFF9EF45260B1081BBE809E3111E63055118711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F1145, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dd3822ddece601d5ece284b2456f27d6f389ea5e74e84b44c9d8f9efb298ef1
                                                  • Instruction ID: c2d4057320ab10b33103209754b6a70647cee26e19311aa5c69c8cb162ac0a5f
                                                  • Opcode Fuzzy Hash: 8dd3822ddece601d5ece284b2456f27d6f389ea5e74e84b44c9d8f9efb298ef1
                                                  • Instruction Fuzzy Hash: 32E02630B001449BC764E778F8446EE6395DB89258F00463CC806A7750CF280C854BA6
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F0FE0, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 73de2fdfd3b6d02c757b06c32ea982d7091dfb108d7ed37958ccdf138124812f
                                                  • Instruction ID: 557c9e8c03993217f3a1491cf0a8da08ce705d92d9e23a1301c7bd04359ac784
                                                  • Opcode Fuzzy Hash: 73de2fdfd3b6d02c757b06c32ea982d7091dfb108d7ed37958ccdf138124812f
                                                  • Instruction Fuzzy Hash: 5EE08630605280CFD715CB78FC689947F70DF46255F1501DDE44697263D7694844CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F1095, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 59cbd4aac01f2252206b3f67a0076e8df8e5170ad83e899b21107de48da0c46b
                                                  • Instruction ID: ce115434a062120c71aeb6abd7953e62376dad9df2982ce52723c56c9d6be21f
                                                  • Opcode Fuzzy Hash: 59cbd4aac01f2252206b3f67a0076e8df8e5170ad83e899b21107de48da0c46b
                                                  • Instruction Fuzzy Hash: CDC01231A10114EB5B2497B87D064ED7B649A422A1714027DDD09E7240DB5449258792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 016F1190, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 0000000C.00000002.271718407.00000000016F0000.00000040.00000001.sdmp, Offset: 016F0000, based on PE: false
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2304427afbb52c478640c34eda2422f971348831710542a3d5e2fc3efa46fd54
                                                  • Instruction ID: eae7c7ec23ff889e824fadde3df6a54a18fafbae4b7290e736c7262111634186
                                                  • Opcode Fuzzy Hash: 2304427afbb52c478640c34eda2422f971348831710542a3d5e2fc3efa46fd54
                                                  • Instruction Fuzzy Hash: 2DC0120418A2C08FC3025B7A5C304883F305E862A834A81EEC0808A8A3E61D0429E729
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions