Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Order list 20.1.2021 07u9Uxttb5ltGU.exe

Overview

General Information

Sample Name:Order list 20.1.2021 07u9Uxttb5ltGU.exe
Analysis ID:341280
MD5:8935c408c5650172e350acb92e7cc659
SHA1:69fbb8236dc958388bdaf65b986894365d6dae6b
SHA256:5fc84f25b331a01c87e4f7652a396a83403c0efc27cefeec6cea69b954a01040
Tags:exeNanoCoreRAT

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM_3
Yara detected Nanocore RAT
Hides that the sample has been downloaded from the Internet (zone.identifier)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • Order list 20.1.2021 07u9Uxttb5ltGU.exe (PID: 6148 cmdline: 'C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe' MD5: 8935C408C5650172E350ACB92E7CC659)
    • schtasks.exe (PID: 6124 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 4612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x365ee5:$x1: NanoCore.ClientPluginHost
    • 0x398705:$x1: NanoCore.ClientPluginHost
    • 0x365f22:$x2: IClientNetworkHost
    • 0x398742:$x2: IClientNetworkHost
    • 0x369a55:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x39c275:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x365c4d:$a: NanoCore
      • 0x365c5d:$a: NanoCore
      • 0x365e91:$a: NanoCore
      • 0x365ea5:$a: NanoCore
      • 0x365ee5:$a: NanoCore
      • 0x39846d:$a: NanoCore
      • 0x39847d:$a: NanoCore
      • 0x3986b1:$a: NanoCore
      • 0x3986c5:$a: NanoCore
      • 0x398705:$a: NanoCore
      • 0x365cac:$b: ClientPlugin
      • 0x365eae:$b: ClientPlugin
      • 0x365eee:$b: ClientPlugin
      • 0x3984cc:$b: ClientPlugin
      • 0x3986ce:$b: ClientPlugin
      • 0x39870e:$b: ClientPlugin
      • 0x20509e:$c: ProjectData
      • 0x2700be:$c: ProjectData
      • 0x365dd3:$c: ProjectData
      • 0x3985f3:$c: ProjectData
      • 0x3667da:$d: DESCrypto
      Process Memory Space: Order list 20.1.2021 07u9Uxttb5ltGU.exe PID: 6148JoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe, ProcessId: 5040, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe' , ParentImage: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe, ParentProcessId: 6148, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp', ProcessId: 6124

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Multi AV Scanner detection for domain / URLShow sources
        Source: cool.gotdns.chVirustotal: Detection: 8%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\gIZSEI.exeReversingLabs: Detection: 13%
        Multi AV Scanner detection for submitted fileShow sources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeReversingLabs: Detection: 13%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORY

        Compliance:

        barindex
        Detected unpacking (overwrites its own PE header)Show sources
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeUnpacked PE file: 1.2.Order list 20.1.2021 07u9Uxttb5ltGU.exe.f0000.0.unpack
        Uses 32bit PE filesShow sources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49721 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49722 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49725 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49728 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49729 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49730 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49738 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49743 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49753 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49754 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49755 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49756 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49757 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49764 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49769 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49776 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49777 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49778 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49779 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49780 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49781 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49782 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49783 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49784 -> 185.19.85.136:7451
        Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.4:49785 -> 185.19.85.136:7451
        Source: global trafficTCP traffic: 192.168.2.4:49721 -> 185.19.85.136:7451
        Source: Joe Sandbox ViewIP Address: 185.19.85.136 185.19.85.136
        Source: Joe Sandbox ViewASN Name: DATAWIRE-ASCH DATAWIRE-ASCH
        Source: unknownDNS traffic detected: queries for: cool.gotdns.ch
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/DataSet.xsd

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORY

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Initial sample is a PE file and has a suspicious nameShow sources
        Source: initial sampleStatic PE information: Filename: Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025522601_2_02552260
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025531601_2_02553160
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025504801_2_02550480
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025518101_2_02551810
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_02550FA01_2_02550FA0
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025522501_2_02552250
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025512431_2_02551243
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025512481_2_02551248
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025552781_2_02555278
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025552681_2_02555268
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_0255305F1_2_0255305F
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025540111_2_02554011
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025540201_2_02554020
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025530C61_2_025530C6
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025556F81_2_025556F8
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025556E81_2_025556E8
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025504701_2_02550470
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025554701_2_02555470
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025554801_2_02555480
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025518081_2_02551808
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025559181_2_02555918
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_025559281_2_02555928
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_02550EFF1_2_02550EFF
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DFDF901_2_07DFDF90
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DFD6701_2_07DFD670
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DF62D01_2_07DF62D0
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DF62C01_2_07DF62C0
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DF02BD1_2_07DF02BD
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DF00401_2_07DF0040
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_07DF001D1_2_07DF001D
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: gIZSEI.exe.1.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeBinary or memory string: OriginalFilename vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668577002.0000000008570000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668577002.0000000008570000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000000.647808282.00000000000F2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIResourceGroveler.exeD vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668411012.0000000008470000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668122449.0000000007C80000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamePositiveSign.dll< vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000004.00000003.672084955.0000000001002000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameToolsClientPlugin.dll4 vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000004.00000000.658830993.00000000006C2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIResourceGroveler.exeD vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeBinary or memory string: OriginalFilenameIResourceGroveler.exeD vs Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: classification engineClassification label: mal100.troj.evad.winEXE@6/8@26/2
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile created: C:\Users\user\AppData\Roaming\gIZSEI.exeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4612:120:WilError_01
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeMutant created: \Sessions\1\BaseNamedObjects\nDnmOR
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{47128c17-dc06-470e-8718-2173a7e3bbbd}
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile created: C:\Users\user\AppData\Local\Temp\tmpE60F.tmpJump to behavior
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeReversingLabs: Detection: 13%
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile read: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe 'C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess created: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic file information: File size 1741312 > 1048576
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x18be00
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

        Data Obfuscation:

        barindex
        Detected unpacking (changes PE section rights)Show sources
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeUnpacked PE file: 1.2.Order list 20.1.2021 07u9Uxttb5ltGU.exe.f0000.0.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;
        Detected unpacking (overwrites its own PE header)Show sources
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeUnpacked PE file: 1.2.Order list 20.1.2021 07u9Uxttb5ltGU.exe.f0000.0.unpack
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_000F3C1E push edx; retf 1_2_000F3C26
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_000F3332 pushad ; ret 1_2_000F3335
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_02556393 push edx; retf 1_2_02556395
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeCode function: 1_2_02557B32 push dword ptr [edi+65h]; retf 1_2_02557B51
        Source: initial sampleStatic PE information: section name: .text entropy: 7.07883915605
        Source: initial sampleStatic PE information: section name: .text entropy: 7.07883915605
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile created: C:\Users\user\AppData\Roaming\gIZSEI.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile opened: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM_3Show sources
        Source: Yara matchFile source: 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Order list 20.1.2021 07u9Uxttb5ltGU.exe PID: 6148, type: MEMORY
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWindow / User API: threadDelayed 1914Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWindow / User API: threadDelayed 7527Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWindow / User API: foregroundWindowGot 635Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWindow / User API: foregroundWindowGot 756Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe TID: 6168Thread sleep time: -49582s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe TID: 1584Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe TID: 4240Thread sleep time: -6456360425798339s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668122449.0000000007C80000.00000004.00000001.sdmpBinary or memory string: TQiQemUI.resources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.668122449.0000000007C80000.00000004.00000001.sdmpBinary or memory string: TQiQemUI@
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeMemory written: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeProcess created: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
        Source: C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORY

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: Order list 20.1.2021 07u9Uxttb5ltGU.exe, 00000004.00000003.672084955.0000000001002000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Process Injection111Masquerading1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsScheduled Task/Job1Virtualization/Sandbox Evasion3LSASS MemorySecurity Software Discovery221Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion3SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection111NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol1Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsFile and Directory Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing21DCSyncSystem Information Discovery12Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Order list 20.1.2021 07u9Uxttb5ltGU.exe14%ReversingLabsWin32.Trojan.Generic

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\gIZSEI.exe14%ReversingLabsWin32.Trojan.Generic

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        1.2.Order list 20.1.2021 07u9Uxttb5ltGU.exe.f0000.0.unpack100%AviraHEUR/AGEN.1134873Download File

        Domains

        SourceDetectionScannerLabelLink
        cool.gotdns.ch8%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://tempuri.org/DataSet.xsd0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        cool.gotdns.ch
        		185.19.85.136
        		truetrueunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameOrder list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpfalse
          		high
          http://tempuri.org/DataSet.xsdOrder list 20.1.2021 07u9Uxttb5ltGU.exe, 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		unknown

          Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public

          IPDomainCountryFlagASNASN NameMalicious
          185.19.85.136
          		unknownSwitzerland
          		48971DATAWIRE-ASCHtrue

          Private

          IP
          192.168.2.1

          General Information

          Joe Sandbox Version:31.0.0 Red Diamond
          Analysis ID:341280
          Start date:19.01.2021
          Start time:07:49:49
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 7m 26s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:Order list 20.1.2021 07u9Uxttb5ltGU.exe
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:19
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@6/8@26/2
          EGA Information:Failed
          HDC Information:
          • Successful, ratio: 2.3% (good quality ratio 1%)
          • Quality average: 32%
          • Quality standard deviation: 39%
          HCA Information:
          • Successful, ratio: 99%
          • Number of executed functions: 32
          • Number of non-executed functions: 15
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Found application associated with file extension: .exe
          Warnings:
          Show All
          • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
          • Excluded IPs from analysis (whitelisted): 104.42.151.234, 104.43.139.144, 51.104.139.180, 92.122.213.194, 92.122.213.247, 2.20.142.210, 2.20.142.209, 52.254.96.93, 20.54.26.129, 52.147.198.201, 13.64.90.137, 52.255.188.83
          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, bn2eap.displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, skypedataprdcoleus16.cloudapp.net, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, skypedataprdcolwus16.cloudapp.net, au-bg-shim.trafficmanager.net
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          07:50:39API Interceptor1431x Sleep call for process: Order list 20.1.2021 07u9Uxttb5ltGU.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
          185.19.85.136DHL AWD 3374687886,pdf.exeGet hashmaliciousBrowse
            Documento AWB DHL 3374687886.exeGet hashmaliciousBrowse
              DHL 3374687886,PDF.exeGet hashmaliciousBrowse
                Shipping Document PL& BL 960.exeGet hashmaliciousBrowse
                  Gitco_Inquiry _List.exeGet hashmaliciousBrowse
                    HMPEX_PO201120112.exeGet hashmaliciousBrowse
                      Unimac_Project_ORDER 10177_R29.exeGet hashmaliciousBrowse
                        Y4Taap3cTy.exeGet hashmaliciousBrowse
                          JEmT3ndkrV.exeGet hashmaliciousBrowse

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            DATAWIRE-ASCHFACTURAS-1-2021.vbsGet hashmaliciousBrowse
                            • 185.19.85.143
                            DHL AWD 3374687886,pdf.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            Documento AWB DHL 3374687886.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            xpmcQRN870.exeGet hashmaliciousBrowse
                            • 185.19.85.135
                            Pokana2021011357.docGet hashmaliciousBrowse
                            • 185.19.85.135
                            DHL 3374687886,PDF.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            Shipping Document PL& BL 960.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            CERERE DE COTARE.exeGet hashmaliciousBrowse
                            • 185.19.85.153
                            NEW ORDERS.exeGet hashmaliciousBrowse
                            • 185.19.85.146
                            PO#5176866.exeGet hashmaliciousBrowse
                            • 185.19.85.153
                            _Remittance_.exeGet hashmaliciousBrowse
                            • 185.19.85.133
                            i_Remittance.exeGet hashmaliciousBrowse
                            • 185.19.85.133
                            vale-remittance.exeGet hashmaliciousBrowse
                            • 185.19.85.133
                            Gitco_Inquiry _List.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            2020RFQ4883995737588375877.exeGet hashmaliciousBrowse
                            • 185.19.85.155
                            PO-IMG-00WDE21-00SW12-1102DD.exeGet hashmaliciousBrowse
                            • 185.19.85.183
                            RemittanceCopy.jsGet hashmaliciousBrowse
                            • 185.19.85.181
                            Gray_Sample_pictures001029D7FE46G.exeGet hashmaliciousBrowse
                            • 185.19.85.183
                            HMPEX_PO201120112.exeGet hashmaliciousBrowse
                            • 185.19.85.136
                            MC20200603.exeGet hashmaliciousBrowse
                            • 185.19.85.149

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Order list 20.1.2021 07u9Uxttb5ltGU.exe.log
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):1314
                            Entropy (8bit):5.350128552078965
                            Encrypted:false
                            SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                            MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                            SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                            SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                            SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                            Malicious:true
                            Reputation:high, very likely benign file
                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                            C:\Users\user\AppData\Local\Temp\tmpE60F.tmp
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1639
                            Entropy (8bit):5.1752158804126145
                            Encrypted:false
                            SSDEEP:24:2dH4+SEqC/S7hblNMFp//rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBGPtn:cbhK79lNQR/rydbz9I3YODOLNdq32
                            MD5:26FDC12F4303E1CE02877707F93D1711
                            SHA1:E48011B6254C2B4689027136EA674E8560E6E371
                            SHA-256:555888AB668D8D97930E68EF519AD14F4ACA94562210A1EFB2BAF09C86512B14
                            SHA-512:FDB839496AF269748BED58D1215144494CA96CA06696A8D677CAC306D25030BC2F3209E02072DCBFF71695440BC03877F9F2356B2CD02798F5C0CA18B27DD328
                            Malicious:true
                            Reputation:low
                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):1392
                            Entropy (8bit):7.024371743172393
                            Encrypted:false
                            SSDEEP:24:IQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUtvd7xCFhwUuQnybgCUt4:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/f
                            MD5:E78C6686C5A1A9CB0724F84DEA9A75F0
                            SHA1:80E61D5BDC7AF293362024781DA66BEA9D370FF9
                            SHA-256:FBE0B513511C00AC3B7169E1BCFB675CFD708B249365D724269C23FAC1184967
                            SHA-512:FF3835238CAEA26D8800B56901AB962ACD2FA390F955C4A8A15B5817AAB7642D105538CF63938D218567501477FB4B23C2834F22CBC8BA0002C7BCACB2875637
                            Malicious:false
                            Reputation:low
                            Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.
                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:Non-ISO extended-ASCII text, with no line terminators
                            Category:dropped
                            Size (bytes):8
                            Entropy (8bit):3.0
                            Encrypted:false
                            SSDEEP:3:6ujx:Ft
                            MD5:D57F6F8719FAFDD38D9BBB21A60AD9E0
                            SHA1:547C1104C41BF4E65F0C633D711660B39D23C553
                            SHA-256:2C684325E720A99735382667245820FC61C73CE32BE40C4BA78EA80971A3CFCF
                            SHA-512:5438C76F099D073A3AF8951B26DE379276CB1C95CF99F88AD3DAAE6DF7687000B848151E5DD22CA5BC6C6E1110B1B51DC081EE07AF9AEF42F251A314EBA33859
                            Malicious:true
                            Reputation:low
                            Preview: ...F..H
                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\settings.bin
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):40
                            Entropy (8bit):5.153055907333276
                            Encrypted:false
                            SSDEEP:3:9bzY6oRDT6P2bfVn1:RzWDT621
                            MD5:4E5E92E2369688041CC82EF9650EDED2
                            SHA1:15E44F2F3194EE232B44E9684163B6F66472C862
                            SHA-256:F8098A6290118F2944B9E7C842BD014377D45844379F863B00D54515A8A64B48
                            SHA-512:1B368018907A3BC30421FDA2C935B39DC9073B9B1248881E70AD48EDB6CAA256070C1A90B97B0F64BBE61E316DBB8D5B2EC8DBABCD0B0B2999AB50B933671ECB
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: 9iH...}Z.4..f.~a........~.~.......3.U.
                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):327432
                            Entropy (8bit):7.99938831605763
                            Encrypted:true
                            SSDEEP:6144:oX44S90aTiB66x3Pl6nGV4bfD6wXPIZ9iBj0UeprGm2d7Tm:LkjYGsfGUc9iB4UeprKdnm
                            MD5:7E8F4A764B981D5B82D1CC49D341E9C6
                            SHA1:D9F0685A028FB219E1A6286AEFB7D6FCFC778B85
                            SHA-256:0BD3AAC12623520C4E2031C8B96B4A154702F36F97F643158E91E987D317B480
                            SHA-512:880E46504FCFB4B15B86B9D8087BA88E6C4950E433616EBB637799F42B081ABF6F07508943ECB1F786B2A89E751F5AE62D750BDCFFDDF535D600CF66EC44E926
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview: pT..!..W..G.J..a.).@.i..wpK.so@...5.=.^..Q.oy.=e@9.B...F..09u"3.. 0t..RDn_4d.....E...i......~...|..fX_...Xf.p^......>a..$...e.6:7d.(a.A...=.)*.....{B.[...y%.*..i.Q.<..xt.X..H.. ..HF7g...I.*3.{.n....L.y;i..s-....(5i...........J.5b7}..fK..HV..,...0.... ....n.w6PMl.......v."".v.......#..X.a....../...cC...i..l{>5n.._+.e.d'...}...[..../...D.t..GVp.zz......(...o......b...+`J.{....hS1G.^*I..v&.jm.#u..1..Mg!.E..U.T.....6.2>...6.l.K.w"o..E..."K%{....z.7....<...,....]t.:.....[.Z.u...3X8.QI..j_.&..N..q.e.2...6.R.~..9.Bq..A.v.6.G..#y.....O....Z)G...w..E..k(....+..O..........Vg.2xC......O...jc.....z..~.P...q../.-.'.h.._.cj.=..B.x.Q9.pu.|i4...i...;O...n.?.,. ....v?.5}.OY@.dG|<.._[.69@.2..m..I..oP=...xrK.?............b..5....i&...l.c\b}..Q..O+.V.mJ.....pz....>F.......H...6$...d...|m...N..1.R..B.i..........$....$........CY}..$....r.....H...8...li.....7 P......?h....R.iF..6...q(.@LI.s..+K.....?m..H....*. l..&<}....`|.B....3.....I..o...u1..8i=.z.W..7
                            C:\Users\user\AppData\Roaming\gIZSEI.exe
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):1741312
                            Entropy (8bit):7.044200529220029
                            Encrypted:false
                            SSDEEP:24576:RJEl7t/bYfqiY11a8gPgYUGwTNIg7Esbz1A6bagTRyvN:7ElBzYfqiww9gYUnTOcEsf1XJTR
                            MD5:8935C408C5650172E350ACB92E7CC659
                            SHA1:69FBB8236DC958388BDAF65B986894365D6DAE6B
                            SHA-256:5FC84F25B331A01C87E4F7652A396A83403C0EFC27CEFEEC6CEA69B954A01040
                            SHA-512:55312234692BBD6E2B60128350A32E02D2D8AFFBAA154280B5F080044039F14660114483BAAF81BAA940122AA4B04A7A247CA5DF02EF7CA993D287B8C6DFDD5E
                            Malicious:true
                            Antivirus:
                            • Antivirus: ReversingLabs, Detection: 14%
                            Reputation:low
                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*.`..............P.................. ........@.. ....................................@.....................................W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......(>..........B....4..............................................w|E~}l....J.b.NtF...e.:..%.......:...w.........^.V.3l......u......1.....1x....t..3.3n..`S.l.e...lDT.4[.2?...o.U...@G..h..et..8..3..A.n....k...Z....QQ7.....H.....N(V...G.V.{.?...N.P+6...?.=.C...rU;....Wv.Js...2q.zh.C....!....;]..0.....~._.O..AsD:...pZ.H..........eD...?.Pds..T.?...p4...Yg.5.......1.5=.....Y..i.............T...h&.J....z..pa~.UF..HdK.o|..' ..<..A.........}..&u....4..."...A]..K9
                            C:\Users\user\AppData\Roaming\gIZSEI.exe:Zone.Identifier
                            Process:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:false
                            Reputation:high, very likely benign file
                            Preview: [ZoneTransfer]....ZoneId=0

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):7.044200529220029
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            • Win32 Executable (generic) a (10002005/4) 49.78%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            • DOS Executable Generic (2002/1) 0.01%
                            File name:Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            File size:1741312
                            MD5:8935c408c5650172e350acb92e7cc659
                            SHA1:69fbb8236dc958388bdaf65b986894365d6dae6b
                            SHA256:5fc84f25b331a01c87e4f7652a396a83403c0efc27cefeec6cea69b954a01040
                            SHA512:55312234692bbd6e2b60128350a32e02d2d8affbaa154280b5f080044039f14660114483baaf81baa940122aa4b04a7a247ca5df02ef7ca993d287b8c6dfdd5e
                            SSDEEP:24576:RJEl7t/bYfqiY11a8gPgYUGwTNIg7Esbz1A6bagTRyvN:7ElBzYfqiww9gYUnTOcEsf1XJTR
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*.`..............P.................. ........@.. ....................................@................................

                            File Icon

                            Icon Hash:4fa1acacaca9254f

                            Static PE Info

                            General

                            Entrypoint:0x58dd0e
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x60062AA5 [Tue Jan 19 00:41:09 2021 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:v4.0.30319
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0x18dcb40x57.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x18e0000x1cfd0.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1ac0000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000x18bd140x18be00False0.613764751737data7.07883915605IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .rsrc0x18e0000x1cfd00x1d000False0.284979458513data5.23332295466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0x1ac0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_ICON0x18e2200x42aaPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                            RT_ICON0x1924cc0x10828dBase III DBT, version number 0, next free block index 40
                            RT_ICON0x1a2cf40x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                            RT_ICON0x1a6f1c0x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                            RT_ICON0x1a94c40x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1089400558, next used block 1089400558
                            RT_ICON0x1aa56c0x468GLS_BINARY_LSB_FIRST
                            RT_GROUP_ICON0x1aa9d40x5adata
                            RT_VERSION0x1aaa300x3b4data
                            RT_MANIFEST0x1aade40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Version Infos

                            DescriptionData
                            Translation0x0000 0x04b0
                            LegalCopyrightCopyright 2019 Principle Pleasure
                            Assembly Version7.20.17.0
                            InternalNameIResourceGroveler.exe
                            FileVersion7.20.17.0
                            CompanyName
                            LegalTrademarks
                            CommentsPrinciple Pleasure
                            ProductNameRecord Bgy System
                            ProductVersion7.20.17.0
                            FileDescriptionRecord Bgy System
                            OriginalFilenameIResourceGroveler.exe

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            01/19/21-07:50:47.391360TCP2025019ET TROJAN Possible NanoCore C2 60B497217451192.168.2.4185.19.85.136
                            01/19/21-07:50:54.760816TCP2025019ET TROJAN Possible NanoCore C2 60B497227451192.168.2.4185.19.85.136
                            01/19/21-07:51:01.352160TCP2025019ET TROJAN Possible NanoCore C2 60B497257451192.168.2.4185.19.85.136
                            01/19/21-07:51:07.310601TCP2025019ET TROJAN Possible NanoCore C2 60B497287451192.168.2.4185.19.85.136
                            01/19/21-07:51:13.744730TCP2025019ET TROJAN Possible NanoCore C2 60B497297451192.168.2.4185.19.85.136
                            01/19/21-07:51:20.604711TCP2025019ET TROJAN Possible NanoCore C2 60B497307451192.168.2.4185.19.85.136
                            01/19/21-07:51:27.840868TCP2025019ET TROJAN Possible NanoCore C2 60B497387451192.168.2.4185.19.85.136
                            01/19/21-07:51:34.284086TCP2025019ET TROJAN Possible NanoCore C2 60B497437451192.168.2.4185.19.85.136
                            01/19/21-07:51:41.520045TCP2025019ET TROJAN Possible NanoCore C2 60B497537451192.168.2.4185.19.85.136
                            01/19/21-07:51:47.214796TCP2025019ET TROJAN Possible NanoCore C2 60B497547451192.168.2.4185.19.85.136
                            01/19/21-07:51:53.279687TCP2025019ET TROJAN Possible NanoCore C2 60B497557451192.168.2.4185.19.85.136
                            01/19/21-07:52:00.336225TCP2025019ET TROJAN Possible NanoCore C2 60B497567451192.168.2.4185.19.85.136
                            01/19/21-07:52:06.320462TCP2025019ET TROJAN Possible NanoCore C2 60B497577451192.168.2.4185.19.85.136
                            01/19/21-07:52:13.317495TCP2025019ET TROJAN Possible NanoCore C2 60B497647451192.168.2.4185.19.85.136
                            01/19/21-07:52:18.262032TCP2025019ET TROJAN Possible NanoCore C2 60B497697451192.168.2.4185.19.85.136
                            01/19/21-07:52:25.288563TCP2025019ET TROJAN Possible NanoCore C2 60B497767451192.168.2.4185.19.85.136
                            01/19/21-07:52:31.305836TCP2025019ET TROJAN Possible NanoCore C2 60B497777451192.168.2.4185.19.85.136
                            01/19/21-07:52:37.275244TCP2025019ET TROJAN Possible NanoCore C2 60B497787451192.168.2.4185.19.85.136
                            01/19/21-07:52:44.259420TCP2025019ET TROJAN Possible NanoCore C2 60B497797451192.168.2.4185.19.85.136
                            01/19/21-07:52:51.314375TCP2025019ET TROJAN Possible NanoCore C2 60B497807451192.168.2.4185.19.85.136
                            01/19/21-07:52:57.513870TCP2025019ET TROJAN Possible NanoCore C2 60B497817451192.168.2.4185.19.85.136
                            01/19/21-07:53:04.457835TCP2025019ET TROJAN Possible NanoCore C2 60B497827451192.168.2.4185.19.85.136
                            01/19/21-07:53:11.456831TCP2025019ET TROJAN Possible NanoCore C2 60B497837451192.168.2.4185.19.85.136
                            01/19/21-07:53:17.525829TCP2025019ET TROJAN Possible NanoCore C2 60B497847451192.168.2.4185.19.85.136
                            01/19/21-07:53:24.554457TCP2025019ET TROJAN Possible NanoCore C2 60B497857451192.168.2.4185.19.85.136

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 19, 2021 07:50:47.200128078 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:47.344275951 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:47.344770908 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:47.391360044 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:47.596051931 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:47.596093893 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:47.609293938 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:47.755491972 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:47.793704987 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:47.986874104 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:47.987035990 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.100265980 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.100301027 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.100366116 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.100408077 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.100434065 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.100461960 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.100496054 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.102679968 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.142199039 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.240861893 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.240906954 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.241035938 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.241056919 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.241188049 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.241420984 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.255206108 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.255338907 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.255446911 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.255461931 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.255712986 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.255772114 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.363406897 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.363503933 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.363585949 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.363617897 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.366002083 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.366239071 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.377692938 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.377872944 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.378000021 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.378612041 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.378954887 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.379349947 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.406094074 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406163931 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406344891 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.406395912 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406518936 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406722069 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406729937 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.406775951 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.406897068 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.407572031 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.407605886 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.408358097 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.495733023 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.495769024 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.495881081 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.496220112 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.496340036 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.497419119 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.556272030 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.556310892 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.556334972 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.556593895 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.557759047 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.557883024 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.557997942 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558056116 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.558068991 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.558111906 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558248043 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558331013 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558480024 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558511019 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.558603048 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558712006 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.558736086 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558800936 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.558959007 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.559015989 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.559024096 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.559727907 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.559993029 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560117960 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560200930 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560220957 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.560322046 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560439110 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560456991 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.560600996 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560666084 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560684919 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.560800076 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560919046 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.560939074 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.561043024 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.561160088 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.561250925 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.561280966 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.561420918 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.561474085 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.562942028 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.635416985 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.635457993 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.635490894 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.636771917 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.636800051 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.638611078 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.638642073 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.638792992 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.639061928 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.639153004 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.639175892 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.639242887 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.716406107 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716480017 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716540098 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716607094 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716660976 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.716825962 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716881037 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.716881037 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.717304945 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.732922077 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.732995987 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.733047962 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.733109951 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.733133078 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.733236074 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.733320951 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.733608961 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.733701944 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.734280109 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.734462976 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.734581947 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.734618902 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.734704018 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.734805107 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.734817028 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.736062050 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.736177921 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.736592054 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.736783981 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.736866951 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.736990929 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737092972 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737179041 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.737449884 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737521887 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737596035 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.737653971 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737761974 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.737844944 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.737925053 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.738133907 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.738209963 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.738409042 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.780397892 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.786684990 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.786715984 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.786736965 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.787049055 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.787134886 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.787152052 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.787168980 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.787234068 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.787672997 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.788320065 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791624069 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791659117 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791685104 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791707993 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791726112 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791733980 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791734934 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791758060 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791785955 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791810036 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791830063 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791831017 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791834116 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791851997 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791873932 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791896105 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791918993 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791939974 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.791965008 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791970015 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.791973114 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.842308998 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.874109030 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.885962963 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886169910 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886328936 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886419058 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.886471033 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886545897 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.886563063 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886676073 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.886697054 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.886743069 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886871099 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.886871099 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.887028933 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.887068987 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.887089014 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.887109041 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.890893936 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.902740955 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.908358097 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.909739971 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.909794092 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.909921885 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.909953117 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.911534071 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.911576033 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.911652088 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.911669970 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.911782026 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.911951065 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.912029982 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.912173033 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.913252115 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.913408995 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.913496971 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.913517952 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.913608074 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.913743019 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.915249109 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.915472031 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.915630102 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.915790081 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.915851116 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.917548895 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.917567015 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.917586088 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.922363997 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.922410965 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.922549009 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.922622919 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.922646999 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.922652960 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.922677040 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.922801971 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.922836065 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.922883987 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923065901 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923150063 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923180103 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923213005 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923353910 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923460960 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923480034 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923573017 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923703909 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923739910 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923764944 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923791885 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.923870087 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923882961 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.923885107 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.924076080 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.924151897 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.924177885 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.924189091 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.924312115 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.924364090 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.927170992 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.946630955 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.946716070 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.946763992 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.946801901 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.946842909 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.946949959 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.946981907 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.947283030 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.947577000 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.973808050 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.973872900 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:48.973953962 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:48.973990917 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.050708055 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.050802946 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.050806046 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.050924063 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.051474094 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052028894 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052105904 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.052212000 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052318096 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052421093 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052453995 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.052613974 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052828074 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.052841902 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.052923918 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.053153992 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.078562975 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.078610897 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.078727961 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.078841925 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.078874111 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.078890085 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.078968048 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.080804110 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.082552910 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.082731009 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.082783937 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.082792997 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.082839012 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.082948923 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.083206892 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.083237886 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.083372116 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.083420038 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.083548069 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.083766937 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.083900928 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.117928028 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.120558023 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.120671034 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.120734930 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.120810986 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.120893002 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.120929003 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.120995045 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121129036 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121277094 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121330023 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.121455908 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121505976 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.121659040 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121778965 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.121819973 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.121927023 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122015953 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122057915 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.122430086 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122505903 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.122575998 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122731924 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122857094 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.122900009 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.122963905 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123090029 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123234987 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123311996 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.123341084 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.123429060 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123562098 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123647928 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123687983 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.123749018 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.123842001 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.124123096 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.125006914 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.125117064 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.125158072 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.170414925 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.208698988 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.208769083 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.208808899 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.208848953 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.211040020 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.211127996 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.246143103 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246205091 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246260881 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.246299982 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246402979 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246459007 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.246534109 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246649027 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.246706009 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.253197908 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253264904 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253304005 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253324032 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.253407955 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253475904 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.253524065 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253601074 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253670931 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.253786087 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253829956 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.253885031 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.253995895 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.254132032 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.254190922 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.254267931 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255197048 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255247116 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255275011 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.255390882 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255455971 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.255569935 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255705118 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.255760908 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.255779028 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.256429911 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.256500959 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.258280993 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.258325100 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.258413076 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.258496046 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.258718967 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.258788109 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.258838892 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.258928061 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.259005070 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.259098053 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.259469032 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.259532928 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.259603977 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.259676933 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.259735107 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.286075115 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286137104 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286175013 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286191940 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.286211967 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286262989 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.286313057 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286557913 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286612988 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.286710978 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286781073 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.286838055 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.287102938 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287189960 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287241936 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.287305117 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287587881 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287625074 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287642956 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.287751913 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.287803888 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.316886902 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.316952944 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317023993 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.317109108 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317281008 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317357063 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.317435980 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317471027 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317497969 CET745149721185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:49.317601919 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:49.902863979 CET497217451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:54.047602892 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:54.207758904 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:54.207977057 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:54.760816097 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:54.974468946 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:54.995930910 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.156836033 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.157062054 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.374712944 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.374865055 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.582546949 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.694113970 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.749049902 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.804862976 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.902637005 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.952121019 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:55.974276066 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:55.974385023 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:56.128263950 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:56.128384113 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:56.263282061 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:56.263398886 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:56.438513041 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:56.438762903 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:50:56.644552946 CET745149722185.19.85.136192.168.2.4
                            Jan 19, 2021 07:50:57.090225935 CET497227451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.212697029 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.350542068 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:01.350661993 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.352159977 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.511622906 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:01.511945009 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.654722929 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:01.656356096 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:01.860469103 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:01.978163958 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:01.979435921 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:02.136279106 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:02.136574984 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:02.269905090 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:02.271605968 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:02.399907112 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:02.452687025 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:02.595278978 CET745149725185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:02.640202999 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:03.032196045 CET497257451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.142126083 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.309849024 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:07.309989929 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.310600996 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.502594948 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:07.503005028 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.633271933 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:07.634852886 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:07.826457024 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:07.924683094 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:07.926747084 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.073940039 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:08.074074984 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.269609928 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:08.269706011 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.280992031 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:08.328176022 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.454890966 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:08.455004930 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.461447001 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:08.515670061 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:08.627343893 CET745149728185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:09.197638035 CET497287451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:13.586179972 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:13.734482050 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:13.734592915 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:13.744729996 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:13.895279884 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:13.918068886 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:13.918440104 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:14.082659006 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.083877087 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:14.279537916 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.279680967 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:14.389337063 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.421314955 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.422624111 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:14.615535975 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.616187096 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:14.815982103 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:14.922558069 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:15.081095934 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:15.125636101 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:15.189182043 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:15.360949039 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:15.797136068 CET745149729185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:15.922563076 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:16.188894987 CET497297451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:20.462842941 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:20.604104042 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:20.604207993 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:20.604711056 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:20.838397026 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:20.838663101 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:20.970057011 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:20.971174955 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.166184902 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.245569944 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.295624971 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.344845057 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.407922029 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.415952921 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.623864889 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.623956919 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.772525072 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.814615965 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:21.940170050 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:21.985589027 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:22.260273933 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:22.287005901 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:22.543958902 CET745149730185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:23.270050049 CET497307451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:27.695858002 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:27.840037107 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:27.840244055 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:27.840867996 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.042953968 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.043409109 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.179214001 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.191484928 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.309673071 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.361084938 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.470860004 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.509330034 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.648578882 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.649940968 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:28.823573112 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:28.823815107 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:29.008755922 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:29.008848906 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:29.137444973 CET745149738185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:29.204868078 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:29.760854006 CET497387451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.120814085 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.269102097 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:34.270832062 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.284085989 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.475456953 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:34.527153969 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:34.527566910 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.686289072 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:34.687380075 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:34.891120911 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:34.942394018 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:35.009064913 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:35.085160017 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:35.085280895 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:35.244046926 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:35.244379997 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:35.409835100 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:35.409925938 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:35.545792103 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:35.643044949 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:35.958911896 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:36.194013119 CET745149743185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:37.047483921 CET497437451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:41.220748901 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:41.353779078 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:41.353970051 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:41.520045042 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:41.677026987 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:41.679272890 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:41.911647081 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:41.955962896 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.043823957 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.211390018 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:42.211474895 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.330166101 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:42.377866030 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.405126095 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:42.510215998 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:42.512145042 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.774612904 CET745149753185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:42.774718046 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:42.941391945 CET497537451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.041781902 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.213717937 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:47.213932037 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.214796066 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.384139061 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:47.395271063 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.531234026 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:47.581768036 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.618540049 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:47.845532894 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:47.935518026 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:47.961134911 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:48.095489025 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:48.095598936 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:48.303438902 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:48.303827047 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:48.457256079 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:48.503443003 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:48.636384010 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:48.690910101 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:48.868300915 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:49.026160002 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:49.040199995 CET745149754185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:49.040329933 CET497547451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.128340960 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.278839111 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:53.278940916 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.279686928 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.462120056 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:53.462475061 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.643649101 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:53.645145893 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:53.836489916 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:53.960205078 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:53.961312056 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:54.118573904 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:54.118695021 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:54.333655119 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:54.334029913 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:54.470304012 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:54.519805908 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:54.637090921 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:54.691437960 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:55.035868883 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:51:55.232484102 CET745149755185.19.85.136192.168.2.4
                            Jan 19, 2021 07:51:56.035974026 CET497557451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.171427011 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.333172083 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:00.335519075 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.336225033 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.516895056 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:00.521929979 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.686533928 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:00.689431906 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:00.858974934 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:00.910794973 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:01.052158117 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:01.080058098 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:01.129457951 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:01.260767937 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:01.262665987 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:01.458163977 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:01.504513979 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:01.647191048 CET745149756185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:01.692080975 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:02.036339045 CET497567451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.132888079 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.310458899 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:06.310585976 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.320461988 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.532979012 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:06.533369064 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.693912029 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:06.700512886 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:06.892859936 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.036897898 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.060517073 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.115137100 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.183379889 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.187153101 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.370167971 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.371191025 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.513547897 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.567569971 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.707463026 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.755018950 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:07.876624107 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:07.926857948 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:08.036791086 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:08.083805084 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:08.130177021 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:08.233947992 CET745149757185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:09.037827969 CET497577451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.171785116 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.316092014 CET745149764185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:13.316273928 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.317495108 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.519218922 CET745149764185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:13.568113089 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.731833935 CET745149764185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:13.732163906 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:13.889925003 CET745149764185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:13.891524076 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:14.037703991 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:14.091370106 CET745149764185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:14.091515064 CET497647451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.137242079 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.259310961 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.261540890 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.262032032 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.401859045 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.402216911 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.545527935 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.560149908 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.747911930 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.836133003 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.837225914 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:18.962161064 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:18.963706017 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:19.096333027 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:19.100187063 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:19.233149052 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:19.287312031 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:20.038883924 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:20.235059023 CET745149769185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:21.038481951 CET497697451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.157934904 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.287190914 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:25.287444115 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.288563013 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.494811058 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:25.495155096 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.758176088 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:25.761228085 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:25.952766895 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:26.006592035 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:26.070188999 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:26.160327911 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:26.209753036 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:26.289717913 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:26.289868116 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:26.459100008 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:26.506587029 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:26.670610905 CET745149776185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:26.725305080 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:27.038700104 CET497767451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.161398888 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.305115938 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:31.305234909 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.305835962 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.525218964 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:31.569472075 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.582124949 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.723850965 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:31.769769907 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:31.930959940 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:31.975825071 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.059828043 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.125308037 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:32.178949118 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.200259924 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:32.200352907 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.409481049 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:32.409610987 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.544646978 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:32.585170031 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:32.748444080 CET745149777185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:32.803960085 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:33.041838884 CET497777451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.150175095 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.274326086 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.274492025 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.275243998 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.431521893 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.431849003 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.561717033 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.565545082 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.760663033 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.852210999 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.866436005 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:37.975512028 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:37.977832079 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:38.100558043 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:38.100847960 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:38.245320082 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:38.288865089 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:39.040275097 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:39.208457947 CET745149778185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:40.040029049 CET497787451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.145138979 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.258470058 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.258759022 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.259419918 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.433059931 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.433816910 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.562611103 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.564472914 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.769681931 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.855108023 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.856307983 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:44.992619991 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:44.997416019 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:45.149662971 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:45.149769068 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:45.328399897 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:45.383101940 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:46.040163994 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:46.225781918 CET745149779185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:47.040981054 CET497797451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.178328037 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.312508106 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:51.313663960 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.314374924 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.524818897 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:51.525177956 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.657162905 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:51.661628962 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:51.813659906 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:51.943594933 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:51.945168972 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:52.066787958 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:52.069125891 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:52.271203041 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:52.273057938 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:52.418272972 CET745149780185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:52.461805105 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:53.181574106 CET497807451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.290138960 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.510615110 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:57.512914896 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.513870001 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.643419981 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:57.644519091 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.802285910 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:57.803725004 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:57.984034061 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.097404003 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.098258972 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:58.240586996 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.241508007 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:58.419644117 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.420799017 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:58.552001953 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.602950096 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:58.741828918 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:52:58.791115999 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:59.199476957 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:52:59.376293898 CET745149781185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:00.197813034 CET497817451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:04.299089909 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:04.456906080 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:04.457138062 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:04.457834959 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:04.607273102 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:04.610208988 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:04.775985003 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:04.800753117 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:05.014004946 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.111521006 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.115129948 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:05.243145943 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.246366024 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:05.427494049 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.428630114 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:05.601645947 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.650397062 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:05.777048111 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:05.824076891 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:06.206814051 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:06.422141075 CET745149782185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:07.231795073 CET497827451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:11.330837011 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:11.455823898 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:11.456140995 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:11.456830978 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:11.652462959 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:11.660336018 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:11.798394918 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:11.821974993 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:12.001527071 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.160711050 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.163079977 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:12.297094107 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.298705101 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:12.529329062 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.529618025 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:12.686069012 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.729167938 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:12.872900963 CET745149783185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:12.916727066 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:13.292592049 CET497837451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.394052982 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.525166035 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:17.525249958 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.525829077 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.670209885 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:17.671967983 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.813560963 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:17.818269014 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:17.991142988 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:18.067154884 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:18.069415092 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:18.221663952 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:18.223292112 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:18.347958088 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:18.348053932 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:18.555640936 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:18.600853920 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:19.308500051 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:19.620326042 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:19.964135885 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:20.292795897 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:20.300822973 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:20.300856113 CET745149784185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:20.301043034 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:20.301094055 CET497847451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:24.405123949 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:24.552422047 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:24.553740978 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:24.554456949 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:24.738744974 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:24.741425991 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:24.900414944 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:24.948947906 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:25.117575884 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:25.119909048 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:25.304353952 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:25.308949947 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:25.395211935 CET745149785185.19.85.136192.168.2.4
                            Jan 19, 2021 07:53:25.395740986 CET497857451192.168.2.4185.19.85.136
                            Jan 19, 2021 07:53:29.385476112 CET497867451192.168.2.4185.19.85.136

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Jan 19, 2021 07:50:33.439085960 CET6529853192.168.2.48.8.8.8
                            Jan 19, 2021 07:50:33.497582912 CET53652988.8.8.8192.168.2.4
                            Jan 19, 2021 07:50:34.822033882 CET5912353192.168.2.48.8.8.8
                            Jan 19, 2021 07:50:34.878926039 CET53591238.8.8.8192.168.2.4
                            Jan 19, 2021 07:50:47.090461969 CET5453153192.168.2.48.8.8.8
                            Jan 19, 2021 07:50:47.152731895 CET53545318.8.8.8192.168.2.4
                            Jan 19, 2021 07:50:53.973232031 CET4971453192.168.2.48.8.8.8
                            Jan 19, 2021 07:50:54.034387112 CET53497148.8.8.8192.168.2.4
                            Jan 19, 2021 07:50:59.614392042 CET5802853192.168.2.48.8.8.8
                            Jan 19, 2021 07:50:59.664474964 CET53580288.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:01.139107943 CET5309753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:01.195585012 CET53530978.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:04.887340069 CET4925753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:05.811196089 CET6238953192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:05.875787020 CET4925753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:06.815979004 CET6238953192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:06.875248909 CET53623898.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:06.876454115 CET4925753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:06.937066078 CET53492578.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:07.087359905 CET4991053192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:07.135196924 CET53499108.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:13.528394938 CET5585453192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:13.584745884 CET53558548.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:20.350526094 CET6454953192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:20.406888962 CET53645498.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:21.798362970 CET6315353192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:21.855885029 CET53631538.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:22.514637947 CET5299153192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:22.613488913 CET53529918.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:23.486267090 CET5370053192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:23.566497087 CET53537008.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:23.773998976 CET5172653192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:23.838339090 CET53517268.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:24.570322990 CET5679453192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:24.626552105 CET53567948.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:25.499701977 CET5653453192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:25.556174994 CET53565348.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:26.501979113 CET5662753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:26.552752018 CET53566278.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:27.635762930 CET5662153192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:27.662904978 CET6311653192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:27.694797039 CET53566218.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:27.719813108 CET53631168.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:29.231795073 CET6407853192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:29.290724993 CET53640788.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:31.755481958 CET6480153192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:31.811820030 CET53648018.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:33.436482906 CET6172153192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:33.492866993 CET53617218.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:34.058247089 CET5125553192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:34.119842052 CET53512558.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:34.372250080 CET6152253192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:34.433628082 CET53615228.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:37.465224981 CET5233753192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:37.523499966 CET53523378.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:37.844856024 CET5504653192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:37.892827034 CET53550468.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:38.699158907 CET4961253192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:38.747292995 CET53496128.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:39.525033951 CET4928553192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:39.573904991 CET53492858.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:41.164343119 CET5060153192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:41.217613935 CET53506018.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:46.980333090 CET6087553192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:47.039541960 CET53608758.8.8.8192.168.2.4
                            Jan 19, 2021 07:51:53.068682909 CET5644853192.168.2.48.8.8.8
                            Jan 19, 2021 07:51:53.127065897 CET53564488.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:00.094484091 CET5917253192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:00.155435085 CET53591728.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:06.075536013 CET6242053192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:06.131798983 CET53624208.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:07.854959011 CET6057953192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:07.902884007 CET53605798.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:09.874206066 CET5018353192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:09.946219921 CET53501838.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:10.103743076 CET6153153192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:10.154392958 CET53615318.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:10.950565100 CET4922853192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:11.001297951 CET53492288.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:11.879450083 CET5979453192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:11.935806990 CET53597948.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:12.763459921 CET5591653192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:12.811623096 CET53559168.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:13.109258890 CET5275253192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:13.170758009 CET53527528.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:13.538729906 CET6054253192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:13.597917080 CET53605428.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:14.342592955 CET6068953192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:14.401134014 CET53606898.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:17.065999031 CET6420653192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:17.113924980 CET53642068.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:17.869931936 CET5090453192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:17.918083906 CET53509048.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:18.079467058 CET5752553192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:18.135664940 CET53575258.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:18.747370958 CET5381453192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:18.795670033 CET53538148.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:19.614914894 CET5341853192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:19.662883997 CET53534188.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:20.412235022 CET6283353192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:20.460144997 CET53628338.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:21.187096119 CET5926053192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:21.237788916 CET53592608.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:22.171420097 CET4994453192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:22.219074965 CET53499448.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:22.950644016 CET6330053192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:22.998507977 CET53633008.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:25.099489927 CET6144953192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:25.155678034 CET53614498.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:31.103212118 CET5127553192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:31.159454107 CET53512758.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:37.087351084 CET6349253192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:37.149038076 CET53634928.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:44.087116957 CET5894553192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:44.143927097 CET53589458.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:51.129041910 CET6077953192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:51.177094936 CET53607798.8.8.8192.168.2.4
                            Jan 19, 2021 07:52:57.229067087 CET6401453192.168.2.48.8.8.8
                            Jan 19, 2021 07:52:57.288357973 CET53640148.8.8.8192.168.2.4
                            Jan 19, 2021 07:53:04.241309881 CET5709153192.168.2.48.8.8.8
                            Jan 19, 2021 07:53:04.297863007 CET53570918.8.8.8192.168.2.4
                            Jan 19, 2021 07:53:11.266027927 CET5590453192.168.2.48.8.8.8
                            Jan 19, 2021 07:53:11.328566074 CET53559048.8.8.8192.168.2.4
                            Jan 19, 2021 07:53:17.334252119 CET5210953192.168.2.48.8.8.8
                            Jan 19, 2021 07:53:17.392471075 CET53521098.8.8.8192.168.2.4
                            Jan 19, 2021 07:53:24.345340014 CET5445053192.168.2.48.8.8.8
                            Jan 19, 2021 07:53:24.403909922 CET53544508.8.8.8192.168.2.4
                            Jan 19, 2021 07:53:29.325831890 CET4937453192.168.2.48.8.8.8
                            Jan 19, 2021 07:53:29.384881020 CET53493748.8.8.8192.168.2.4

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Jan 19, 2021 07:50:47.090461969 CET192.168.2.48.8.8.80xdb52Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:50:53.973232031 CET192.168.2.48.8.8.80x4dc3Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:01.139107943 CET192.168.2.48.8.8.80x5504Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:07.087359905 CET192.168.2.48.8.8.80xd323Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:13.528394938 CET192.168.2.48.8.8.80x8d5aStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:20.350526094 CET192.168.2.48.8.8.80xd67bStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:27.635762930 CET192.168.2.48.8.8.80x9dbdStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:34.058247089 CET192.168.2.48.8.8.80xe9e4Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:41.164343119 CET192.168.2.48.8.8.80xb69eStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:46.980333090 CET192.168.2.48.8.8.80x5e8eStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:53.068682909 CET192.168.2.48.8.8.80xdf2cStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:00.094484091 CET192.168.2.48.8.8.80xf2c9Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:06.075536013 CET192.168.2.48.8.8.80x9fbaStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:13.109258890 CET192.168.2.48.8.8.80xceb4Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:18.079467058 CET192.168.2.48.8.8.80x1eccStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:25.099489927 CET192.168.2.48.8.8.80xdec2Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:31.103212118 CET192.168.2.48.8.8.80x2a85Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:37.087351084 CET192.168.2.48.8.8.80x3011Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:44.087116957 CET192.168.2.48.8.8.80x3d4dStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:51.129041910 CET192.168.2.48.8.8.80x3699Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:57.229067087 CET192.168.2.48.8.8.80x7f79Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:04.241309881 CET192.168.2.48.8.8.80xa1Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:11.266027927 CET192.168.2.48.8.8.80xfb68Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:17.334252119 CET192.168.2.48.8.8.80x71ebStandard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:24.345340014 CET192.168.2.48.8.8.80xad5Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:29.325831890 CET192.168.2.48.8.8.80x9360Standard query (0)cool.gotdns.chA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Jan 19, 2021 07:50:47.152731895 CET8.8.8.8192.168.2.40xdb52No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:50:54.034387112 CET8.8.8.8192.168.2.40x4dc3No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:01.195585012 CET8.8.8.8192.168.2.40x5504No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:07.135196924 CET8.8.8.8192.168.2.40xd323No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:13.584745884 CET8.8.8.8192.168.2.40x8d5aNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:20.406888962 CET8.8.8.8192.168.2.40xd67bNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:27.694797039 CET8.8.8.8192.168.2.40x9dbdNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:34.119842052 CET8.8.8.8192.168.2.40xe9e4No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:41.217613935 CET8.8.8.8192.168.2.40xb69eNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:47.039541960 CET8.8.8.8192.168.2.40x5e8eNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:51:53.127065897 CET8.8.8.8192.168.2.40xdf2cNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:00.155435085 CET8.8.8.8192.168.2.40xf2c9No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:06.131798983 CET8.8.8.8192.168.2.40x9fbaNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:13.170758009 CET8.8.8.8192.168.2.40xceb4No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:18.135664940 CET8.8.8.8192.168.2.40x1eccNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:25.155678034 CET8.8.8.8192.168.2.40xdec2No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:31.159454107 CET8.8.8.8192.168.2.40x2a85No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:37.149038076 CET8.8.8.8192.168.2.40x3011No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:44.143927097 CET8.8.8.8192.168.2.40x3d4dNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:51.177094936 CET8.8.8.8192.168.2.40x3699No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:52:57.288357973 CET8.8.8.8192.168.2.40x7f79No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:04.297863007 CET8.8.8.8192.168.2.40xa1No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:11.328566074 CET8.8.8.8192.168.2.40xfb68No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:17.392471075 CET8.8.8.8192.168.2.40x71ebNo error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:24.403909922 CET8.8.8.8192.168.2.40xad5No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)
                            Jan 19, 2021 07:53:29.384881020 CET8.8.8.8192.168.2.40x9360No error (0)cool.gotdns.ch185.19.85.136A (IP address)IN (0x0001)

                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            Analysis Process: Order list 20.1.2021 07u9Uxttb5ltGU.exe PID: 6148 Parent PID: 5932

                            General

                            Start time:07:50:37
                            Start date:19/01/2021
                            Path:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe'
                            Imagebase:0xf0000
                            File size:1741312 bytes
                            MD5 hash:8935C408C5650172E350ACB92E7CC659
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.662843036.000000000276B000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.664198703.0000000003F65000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                            Reputation:low

                            Chronological Activities

                            Analysis Process: schtasks.exe PID: 6124 Parent PID: 6148

                            General

                            Start time:07:50:41
                            Start date:19/01/2021
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\gIZSEI' /XML 'C:\Users\user\AppData\Local\Temp\tmpE60F.tmp'
                            Imagebase:0xa40000
                            File size:185856 bytes
                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 4612 Parent PID: 6124

                            General

                            Start time:07:50:42
                            Start date:19/01/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff724c50000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high

                            Chronological Activities

                            Analysis Process: Order list 20.1.2021 07u9Uxttb5ltGU.exe PID: 5040 Parent PID: 6148

                            General

                            Start time:07:50:42
                            Start date:19/01/2021
                            Path:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\Desktop\Order list 20.1.2021 07u9Uxttb5ltGU.exe
                            Imagebase:0x6c0000
                            File size:1741312 bytes
                            MD5 hash:8935C408C5650172E350ACB92E7CC659
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Reputation:low

                            Chronological Activities

                            Disassembly

                            Code Analysis

                            Reset < >

                              Analysis Process: Order list 20.1.2021 07u9Uxttb5ltGU.exe PID: 6148 Parent PID: 5932 Order list 20.1.2021 07u9Uxttb5ltGU.exeCOMMON

                              Executed Functions

                              Function 0255305F, Relevance: 2.9, Strings: 2, Instructions: 366COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: >2}>$GL5P
                              • API String ID: 0-4135944830
                              • Opcode ID: 8fbbd390b07c7e2c357bdfb7ebaf698d7e544d092ceae550661ba14cea412192
                              • Instruction ID: 8c2a21de477ec651580b065eed3016bfabc0a4affc3b1f1b0f733a9d957e791c
                              • Opcode Fuzzy Hash: 8fbbd390b07c7e2c357bdfb7ebaf698d7e544d092ceae550661ba14cea412192
                              • Instruction Fuzzy Hash: EDF1F570D0425AEFCB05CFA5C8A54AEFBB2FF86340B55D496C805AB211D734EA46CF98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 025530C6, Relevance: 2.9, Strings: 2, Instructions: 351COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: >2}>$GL5P
                              • API String ID: 0-4135944830
                              • Opcode ID: 46501368fcf59d2c9a55ab4d75872014d426acee200418c2d8640471b1964452
                              • Instruction ID: f250de52141dd4d6e2a67ffcaadd039e9a852f09ba5f7d490f6fd3dc40e9c287
                              • Opcode Fuzzy Hash: 46501368fcf59d2c9a55ab4d75872014d426acee200418c2d8640471b1964452
                              • Instruction Fuzzy Hash: A2E1F670D0425AEFCB05CFA5C8948AEFBB2FF8A340B55D496C805AB215C734EA46CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02553160, Relevance: 2.8, Strings: 2, Instructions: 296COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: >2}>$GL5P
                              • API String ID: 0-4135944830
                              • Opcode ID: 492195f53cf56ca26ac980cb8c1175a511b1b0f1b36aceb986ba2a5310716832
                              • Instruction ID: f48506a132760fd6dece0af770f3e20541ab27f0f8f095181963d32f55cf7bdd
                              • Opcode Fuzzy Hash: 492195f53cf56ca26ac980cb8c1175a511b1b0f1b36aceb986ba2a5310716832
                              • Instruction Fuzzy Hash: 49D13C70D0421AEFCB05CFA5C8918AEFBB2FF89340B51D596D81AAB314D7349A46CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02552260, Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: M+"
                              • API String ID: 0-3390909290
                              • Opcode ID: 97683c8959b9e597e2eee5b4fc7d4ff5a907dd8bd25f67ae2fd6e3d1f35fa122
                              • Instruction ID: dafd260a9fa8927637b517b5d3c1e9acfb7a664265c124c237da4bfa37b1ccd3
                              • Opcode Fuzzy Hash: 97683c8959b9e597e2eee5b4fc7d4ff5a907dd8bd25f67ae2fd6e3d1f35fa122
                              • Instruction Fuzzy Hash: 6221E5B1E006188BDB18CFABD9502DEFBB7BFC9310F14C16AD908A6228DB741A55CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02552250, Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: M+"
                              • API String ID: 0-3390909290
                              • Opcode ID: 7859876434745a275e011cb52426002ee0cb6b34f9f1f4aaa2c7085a8d9444d4
                              • Instruction ID: d923392924b0fb09b4715ade24034ab64ea85ad0035213fecf698d07ca0af720
                              • Opcode Fuzzy Hash: 7859876434745a275e011cb52426002ee0cb6b34f9f1f4aaa2c7085a8d9444d4
                              • Instruction Fuzzy Hash: 66211AB1E006588BDB18CFA7D9542DEBBF3AFC9300F14C16AD808AB268DB740946CF41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DFDF90, Relevance: .4, Instructions: 359COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d8f708c0c7241a7e41bd8efd331794c3470234076bcc225e38d084591748ad6
                              • Instruction ID: 7b19f6c1887ae0f9ea504e3fe82cb4bf4d5dfcda46c6c6b90c8c2b88739f90f9
                              • Opcode Fuzzy Hash: 1d8f708c0c7241a7e41bd8efd331794c3470234076bcc225e38d084591748ad6
                              • Instruction Fuzzy Hash: 32D1C2B17007058FDB55EB7AC8507AEB7F7AF89600F1544AED246CB2A0DB35E901CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02550EFF, Relevance: .2, Instructions: 247COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1cc871133e4793256102f67ebba8d29b58a94d26f576e832770c12d4ff07ae67
                              • Instruction ID: 483cf938d53204103ee5895470fe2c358ad16758ff61032939377a195f780ce7
                              • Opcode Fuzzy Hash: 1cc871133e4793256102f67ebba8d29b58a94d26f576e832770c12d4ff07ae67
                              • Instruction Fuzzy Hash: 2BA14A74D042589FCB04CFA5C8A4AEEFFF6FF89300F14846AD945AB255D734A906CB68
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF62D0, Relevance: .2, Instructions: 245COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fb1db53266ca206d021c28bed7cd68d4215d2082c0e3c3604b86794b90a676ec
                              • Instruction ID: c95ff1d9fc3368e23d281fdb35bb6975249d79b9cf09aca5cecee5914248bc36
                              • Opcode Fuzzy Hash: fb1db53266ca206d021c28bed7cd68d4215d2082c0e3c3604b86794b90a676ec
                              • Instruction Fuzzy Hash: 40A153B0E092198BDB04DFA9C44469EFBF2AF89300F16D129DA19BBB49D734D941CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF62C0, Relevance: .2, Instructions: 210COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dedb4b3946d99d48fc61f0ba1815866d98b8770b136fa9ea3981c686b81e2c80
                              • Instruction ID: 20494a3f02ad0128a81617fa022296184e5920bb529ea531909c94f7b32e830e
                              • Opcode Fuzzy Hash: dedb4b3946d99d48fc61f0ba1815866d98b8770b136fa9ea3981c686b81e2c80
                              • Instruction Fuzzy Hash: 1E8133B4E09219CFDB04DFA9C44469EFBF2AB89300F15D12ADA19BB748E7349945CF11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02550FA0, Relevance: .2, Instructions: 189COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d4e0dc783b4c82092f80976c94282955ed0e936115808cc2d0dec22f3a259723
                              • Instruction ID: 8c542e801dbd5acf3b14c639eadefec8efade3b821ee2fee91fe9d9036cd7d3b
                              • Opcode Fuzzy Hash: d4e0dc783b4c82092f80976c94282955ed0e936115808cc2d0dec22f3a259723
                              • Instruction Fuzzy Hash: 1981C274E006198FCB08CFE9C8946AEFBB2FF88300F10942AD919BB254D7749946CF55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02551810, Relevance: .1, Instructions: 149COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 17aa86ecdb2394380980354262455bb5c6fbb864da85e135cb1ece2aaf2c7db3
                              • Instruction ID: edd9e6e88585fe9d7e3440d6074aeb8172d469a4cebf1bbef3884fa0749f0ff7
                              • Opcode Fuzzy Hash: 17aa86ecdb2394380980354262455bb5c6fbb864da85e135cb1ece2aaf2c7db3
                              • Instruction Fuzzy Hash: 46510770E05619CBDB08CFA6D5506AEFFF2FB88310F14D46AD91AA7254D7388A41CF58
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02551808, Relevance: .1, Instructions: 147COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e5771e91fc4688e4ce289679de4cac22b5c11c45b173d686b9f559e97f67814
                              • Instruction ID: 1f6611829cfe531f188d6c524beb00ee9a92212fd65240b83d775b19578a48a4
                              • Opcode Fuzzy Hash: 4e5771e91fc4688e4ce289679de4cac22b5c11c45b173d686b9f559e97f67814
                              • Instruction Fuzzy Hash: 68510770E056198FDB08CFAAD5506AEFFF2FB89310F14D46AD51AA7264D7388A018F54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DFD670, Relevance: .1, Instructions: 120COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c1176f9f08bd326dabda143a3b81d4d3d80215b50e4d321a771b3e3ca47f0b8d
                              • Instruction ID: 295d48ec20d68f5de02ab1a4e7587a6bf9f013e97e82de1bacf58e175f101c3e
                              • Opcode Fuzzy Hash: c1176f9f08bd326dabda143a3b81d4d3d80215b50e4d321a771b3e3ca47f0b8d
                              • Instruction Fuzzy Hash: EA417BB0E15218DFCB04CFA5D8A46EDFBB2BB8A310F15A42AD54AB7354D7388805CF24
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02550480, Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4fa4eed6a36deaca42654f91cf885606a9a6186a6da27a9350e4349809987c24
                              • Instruction ID: 30f80475b89775bab9c7a162b0fa3e924cfc16f5f4fc795e67b6b82bcba7eeac
                              • Opcode Fuzzy Hash: 4fa4eed6a36deaca42654f91cf885606a9a6186a6da27a9350e4349809987c24
                              • Instruction Fuzzy Hash: 7131C671E046189BEB58CFAAD85079EBBB3FFC8301F14D5AAD508A6264EB301A458F51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02550470, Relevance: .1, Instructions: 72COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c9daaef850e8d6ecb8744a355c7b077c6d6badfd9e5df2dceed8e951095f3170
                              • Instruction ID: d5cbf14fc636ada8b2ded90027efdaf9cc55dd8a22ffca24d23ef528e61389bc
                              • Opcode Fuzzy Hash: c9daaef850e8d6ecb8744a355c7b077c6d6badfd9e5df2dceed8e951095f3170
                              • Instruction Fuzzy Hash: 1F31FC71E056189FDB18CFABD81069EBBF3AFC9300F14C1BAC508AA264EB3009458F11
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF81D2, Relevance: 1.8, APIs: 1, Instructions: 330processCOMMON
                              Download Yara Rule
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07DF849F
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 1bdf664913c300e76aa3c54c8d24cdf810a8edc4775ff14665efce0859800202
                              • Instruction ID: de2d31b040f25334e547ea38d85483df5cc7bd21a98fe5aeecd4143536eb4ca0
                              • Opcode Fuzzy Hash: 1bdf664913c300e76aa3c54c8d24cdf810a8edc4775ff14665efce0859800202
                              • Instruction Fuzzy Hash: 3FC114B1D042299FDF20CFA4C880BEDBBB1BF49304F0195A9D949B7250DB749A85DF92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF81D8, Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                              Download Yara Rule
                              APIs
                              • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07DF849F
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: CreateProcess
                              • String ID:
                              • API String ID: 963392458-0
                              • Opcode ID: 75f4c3529a2ced834d9ebbf29c409072d1c9e2b19de01dd47b0ae46181229af3
                              • Instruction ID: 1efc203258804a54f6ed732c019486bcf5545b6c257839b2dfc89146437b11c0
                              • Opcode Fuzzy Hash: 75f4c3529a2ced834d9ebbf29c409072d1c9e2b19de01dd47b0ae46181229af3
                              • Instruction Fuzzy Hash: 3CC113B1D002298FDF20CFA4C880BEDBBB1BF49304F0195A9D949B7250DB749A85DF92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7E48, Relevance: 1.6, APIs: 1, Instructions: 122injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DF7F23
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 265f0188ce75ece658d8c00fcda55354af899fd70433dac75e973d08a93f1b93
                              • Instruction ID: 6382fb5f5ef88bc6274b30a4570e158583f4c8a5f44edfdf68a887e1f046695c
                              • Opcode Fuzzy Hash: 265f0188ce75ece658d8c00fcda55354af899fd70433dac75e973d08a93f1b93
                              • Instruction Fuzzy Hash: 6C41A9B5D052589FCF00CFA9D984AEEFBF1BB49314F14902AE918B7200D774AA45CBA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7E50, Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                              Download Yara Rule
                              APIs
                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DF7F23
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MemoryProcessWrite
                              • String ID:
                              • API String ID: 3559483778-0
                              • Opcode ID: 13c6ad24a8b92d1d803699e6aa30992609cb3a54809fe81f73c112b1ba29c031
                              • Instruction ID: cce7b4534b091da54c88ea02be5641365a9e31c62fcb4c64af67fd92d29bf75c
                              • Opcode Fuzzy Hash: 13c6ad24a8b92d1d803699e6aa30992609cb3a54809fe81f73c112b1ba29c031
                              • Instruction Fuzzy Hash: 8C4199B5D052589FCF00CFA9D984AEEFBF1BB49314F14902AE914B7200D774AA45CB64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7FA0, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DF805A
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 12cdb138c67bbebc5df0f3aa4967bab30b8c9aa236c420344a0b1a413cf64dd1
                              • Instruction ID: 2a945d01d49285d0e74047efa80b9c0bf4b87626ececf1183c94276eaad2dfdc
                              • Opcode Fuzzy Hash: 12cdb138c67bbebc5df0f3aa4967bab30b8c9aa236c420344a0b1a413cf64dd1
                              • Instruction Fuzzy Hash: 7341BAB9D042589FCF10CFA9D884AEEFBB1FB49320F10942AE915B7200C775A945CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0255F160, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0255F22B
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 63b0319c3849f3bba683ae0680b20b322a029b78de054ab83b1682b6eb3a9900
                              • Instruction ID: 3d14a0e6150216537308581f18ecd77f230ff3eff460c42938c9ae33a4effa4b
                              • Opcode Fuzzy Hash: 63b0319c3849f3bba683ae0680b20b322a029b78de054ab83b1682b6eb3a9900
                              • Instruction Fuzzy Hash: B14154B9D002589FCF00CFA9D984ADEBBF5BB49310F14906AE918BB310D375A955CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7FA8, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                              Download Yara Rule
                              APIs
                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07DF805A
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MemoryProcessRead
                              • String ID:
                              • API String ID: 1726664587-0
                              • Opcode ID: 3fdd1e2bca3aab4926a7ae6f5fddbd0e89925ba64c5cc82643e97806b8a631eb
                              • Instruction ID: 940de0ed762c51889af5aa0c0f542e0b6ab9c096829316aab3d60434007613bd
                              • Opcode Fuzzy Hash: 3fdd1e2bca3aab4926a7ae6f5fddbd0e89925ba64c5cc82643e97806b8a631eb
                              • Instruction Fuzzy Hash: 9F41A8B5D042589FCF10CFA9D884AEEFBB1BB49310F14942AE915B7300C775A945CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7D2A, Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07DF7DDA
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: 449051272b7a70fd0ac3ea74d04070db9754cef3bf7698eb0bdb0c9a61219144
                              • Instruction ID: 5f61967f5e8e7c2fb40ebcad084a0f7d09a2a1b99721672dae6d3dfeaf1f26e9
                              • Opcode Fuzzy Hash: 449051272b7a70fd0ac3ea74d04070db9754cef3bf7698eb0bdb0c9a61219144
                              • Instruction Fuzzy Hash: 21319BB5D042589FCF10CFA9D884ADEFBB1BB49320F14902AE915B7300D775A946CF55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7D30, Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07DF7DDA
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: AllocVirtual
                              • String ID:
                              • API String ID: 4275171209-0
                              • Opcode ID: bddd26189043050fc0a967dfd530f4ce317033d40b4a1fbd29aee15cb4471465
                              • Instruction ID: fa48ccf545d47234a2066f5eaed6c6e52a1af9f1b3b232ca30d8a82f0fcba938
                              • Opcode Fuzzy Hash: bddd26189043050fc0a967dfd530f4ce317033d40b4a1fbd29aee15cb4471465
                              • Instruction Fuzzy Hash: 313198B4D042589FCF10CFA9D884ADEFBB1BB49320F14902AE915B7300D775A946CF54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02558058, Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02558107
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: 3c7d3e3d0a16c40065a8dcea2cd6c71a98efaa607d84dd19d6b2b176411f3bf3
                              • Instruction ID: 30b647f01a070ae285f150c25ad7a2d9b19111205180948a11a2d46345a4677b
                              • Opcode Fuzzy Hash: 3c7d3e3d0a16c40065a8dcea2cd6c71a98efaa607d84dd19d6b2b176411f3bf3
                              • Instruction Fuzzy Hash: 753197B5D042589FCB10CFA9D884ADEFBB0BB4A310F14906AE815B7210D774A985CFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7C00, Relevance: 1.6, APIs: 1, Instructions: 98threadinjectionCOMMON
                              Download Yara Rule
                              APIs
                              • SetThreadContext.KERNELBASE(?,?), ref: 07DF7CB7
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: ContextThread
                              • String ID:
                              • API String ID: 1591575202-0
                              • Opcode ID: e60012fb37abb325188e7060e74f0624187ef50123954f9bbc310659e9394021
                              • Instruction ID: 1f9e4453e33715489f3c37b157c85fdf6ed20b658bf374aabdbc8e7acdbff6ef
                              • Opcode Fuzzy Hash: e60012fb37abb325188e7060e74f0624187ef50123954f9bbc310659e9394021
                              • Instruction Fuzzy Hash: A341BDB5D002589FDB10CFA9D884AEEFBF1BB49324F14802AE814B7240D778A985CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7C08, Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                              Download Yara Rule
                              APIs
                              • SetThreadContext.KERNELBASE(?,?), ref: 07DF7CB7
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: ContextThread
                              • String ID:
                              • API String ID: 1591575202-0
                              • Opcode ID: efeebd55d59dc7d621f7f02bb970df5b77509d58a007b5137f569e1926b56664
                              • Instruction ID: 73326537c6efe381c24030dba15cf1b01458dfad7f17bd2b0325792936836a20
                              • Opcode Fuzzy Hash: efeebd55d59dc7d621f7f02bb970df5b77509d58a007b5137f569e1926b56664
                              • Instruction Fuzzy Hash: 3431ACB5D012589FDB10CFA9D884AEEFBF1BF49324F14802AE415B7240D778A945CF94
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02558060, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                              Download Yara Rule
                              APIs
                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02558107
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID: ProtectVirtual
                              • String ID:
                              • API String ID: 544645111-0
                              • Opcode ID: fb528226bdf8e917a311ee0b0541c9233e0062116209fbb8e60f1a7acdb80367
                              • Instruction ID: 59ecca46156b3e0d219cd6a967035b6b0de080dbe615f77a94bb936b3e4655dd
                              • Opcode Fuzzy Hash: fb528226bdf8e917a311ee0b0541c9233e0062116209fbb8e60f1a7acdb80367
                              • Instruction Fuzzy Hash: 423197B9D042589FCB10CFA9D884ADEFBF0BB09310F14902AE815B7310D774A985CF64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DFC600, Relevance: 1.6, APIs: 1, Instructions: 89windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 07DFC6A3
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 7f08fe4574e933e76291b4e3c37b864dd4540e1b18f4a115ecabce97cdd9933d
                              • Instruction ID: 1fd0ca1aee9155ab1bc3b4ac393c273f6f440c89f57331a4701a78e33172308e
                              • Opcode Fuzzy Hash: 7f08fe4574e933e76291b4e3c37b864dd4540e1b18f4a115ecabce97cdd9933d
                              • Instruction Fuzzy Hash: 713188B9D04258AFCB10CFA9D584ADEFBF4EB49320F14901AE818B7310D775A945CFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DFC608, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 07DFC6A3
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 29160440db7d0fdb883dc627d0f6ef4eb9427c85f313105953a7b8249b36fd1d
                              • Instruction ID: a2ab0d11562b1697b095303fb19adbf4ca4ceca0401f4ae0445a656b84c0c917
                              • Opcode Fuzzy Hash: 29160440db7d0fdb883dc627d0f6ef4eb9427c85f313105953a7b8249b36fd1d
                              • Instruction Fuzzy Hash: 563167B9D04258AFCB10CFA9D584ADEFBF4BB49310F14902AE818BB310D775A945CFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7B12, Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                              Download Yara Rule
                              APIs
                              • ResumeThread.KERNELBASE(?), ref: 07DF7B96
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: e61455ee5bcdaadc44ffd54e3f0ca580bed8531e7b73bdf5dad8a0734dd82339
                              • Instruction ID: b767b60f4dcc8dcca60e74ef897f0aee3b6c16d8f54feb46579c12b3dac16629
                              • Opcode Fuzzy Hash: e61455ee5bcdaadc44ffd54e3f0ca580bed8531e7b73bdf5dad8a0734dd82339
                              • Instruction Fuzzy Hash: DC31CBB4D05218AFDB10CFA9D484ADEFBB5AF49324F14942AE915B7300C775A845CFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF7B18, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                              Download Yara Rule
                              APIs
                              • ResumeThread.KERNELBASE(?), ref: 07DF7B96
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID: ResumeThread
                              • String ID:
                              • API String ID: 947044025-0
                              • Opcode ID: ca5d7cb1800477eea1c6bd45eabfa4841d52d6ef2873b514e1f7d372d308df61
                              • Instruction ID: 78321ce84ca41a4ef83a8dc34e7a83ef0db0ff38babeefc6b1756addfdccc069
                              • Opcode Fuzzy Hash: ca5d7cb1800477eea1c6bd45eabfa4841d52d6ef2873b514e1f7d372d308df61
                              • Instruction Fuzzy Hash: 1D31CAB4D002189FCF10CFA9D884ADEFBB4BB49324F14942AE815B7300C774A805CFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 07DF001D, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: H
                              • API String ID: 0-2852464175
                              • Opcode ID: e1b8299d60c92a197aaf4c441316a68daf0abe7004724ab11b06b0b70bb5d9c8
                              • Instruction ID: 12585c79e5ebcfbc3b83c3a963722e20c556233b58e518f9800c52d3e6a0c1af
                              • Opcode Fuzzy Hash: e1b8299d60c92a197aaf4c441316a68daf0abe7004724ab11b06b0b70bb5d9c8
                              • Instruction Fuzzy Hash: BF5182B2E056588BEB1CCF679D4138AFBF3AFC5210F18C1BAC54DAA225DB3009858F55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555268, Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: Mq5
                              • API String ID: 0-864719729
                              • Opcode ID: 0c15c39a3ee3764d8d3cf02e2b7fd6556eeda9fa6e5072c222c5907e6056cb2f
                              • Instruction ID: 99c8cabb672b4c5247dc08202887da96e9f07f48808a3a7a2e04fbf8c10528db
                              • Opcode Fuzzy Hash: 0c15c39a3ee3764d8d3cf02e2b7fd6556eeda9fa6e5072c222c5907e6056cb2f
                              • Instruction Fuzzy Hash: C041E670D0421ADFCB08CFAAC4905AEFBF2BF89300F64D46AC815A7255E7349A51CF95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF0040, Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: H
                              • API String ID: 0-2852464175
                              • Opcode ID: 500b9d798bc9a3db23a6ba2b02f2c18828d03be7c022eb0b4611b8e7abd4e8fc
                              • Instruction ID: efee759b185b476b85be9ce0ff3a83061cb9dc8d83d00cd8de36f3741503f4ed
                              • Opcode Fuzzy Hash: 500b9d798bc9a3db23a6ba2b02f2c18828d03be7c022eb0b4611b8e7abd4e8fc
                              • Instruction Fuzzy Hash: B24130B1E056588BEB5CCF6BCD4138EFAF7AFC9200F14C1BA854DAA215EB3009858F15
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555278, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: Mq5
                              • API String ID: 0-864719729
                              • Opcode ID: 6ed9839c594e25e29ba114651b32dfcd7c0f25d43a4500ed51fd04faf2e34fed
                              • Instruction ID: 61b7dae250d0910d257a9a8cb4ec6c09187fd246e1426d2f08bce3378cc6576e
                              • Opcode Fuzzy Hash: 6ed9839c594e25e29ba114651b32dfcd7c0f25d43a4500ed51fd04faf2e34fed
                              • Instruction Fuzzy Hash: 3241D9B0D0461ADBCB08CFAAC4505AEFBF2BF88300F64D46AC915B7254E7349A51CF98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02551248, Relevance: .2, Instructions: 246COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2e2ebb3037b19792ffe7225a63f9283a72be3240fb22882cc8bd7db4751bd5bd
                              • Instruction ID: da6ff2f53d06978163c70f25222314a30aa5f9f0366c9ac48fdee3fe5893cd4d
                              • Opcode Fuzzy Hash: 2e2ebb3037b19792ffe7225a63f9283a72be3240fb22882cc8bd7db4751bd5bd
                              • Instruction Fuzzy Hash: BBB12C70E0061ACFCB44DFA8D880A9DFBB2FF88311F119525D919AB355DB70A946CF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02551243, Relevance: .2, Instructions: 245COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 48afbd06ed515d1ccc8a2481c96e09078db275a54428f8263e4af6ff66e2b4e0
                              • Instruction ID: 72a6041a02c27317fe0df5d20fb0b3356897369d186a878902d1c25b05e403f4
                              • Opcode Fuzzy Hash: 48afbd06ed515d1ccc8a2481c96e09078db275a54428f8263e4af6ff66e2b4e0
                              • Instruction Fuzzy Hash: 67B12E70E0061ACFCB44DFA8D880A9DFBB2FF84311F119525D919AB355DB70A946CF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07DF02BD, Relevance: .2, Instructions: 224COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.668247815.0000000007DF0000.00000040.00000001.sdmp, Offset: 07DF0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5cb139857b617d13e53b39f0ff69530b7dbcbbaa3183b9123d56a60ab876db4a
                              • Instruction ID: 473bf25d3c8edf60300c267efa023c24311fc81fc910687cd30c846f0c7b8bd9
                              • Opcode Fuzzy Hash: 5cb139857b617d13e53b39f0ff69530b7dbcbbaa3183b9123d56a60ab876db4a
                              • Instruction Fuzzy Hash: FBC18EB0E116688BDB74DF29C985B8CBBF6FB48204F1181D9D25CA7206D7309E9ACF44
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02554020, Relevance: .2, Instructions: 190COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bdadf2e1a7a15801e028c7915a3239767437692ca4ea307ba11e9589ab77be16
                              • Instruction ID: 215334ad8b5c30cb702cde024abe2c480778f9dc91c4ff42873cb27a61225cc4
                              • Opcode Fuzzy Hash: bdadf2e1a7a15801e028c7915a3239767437692ca4ea307ba11e9589ab77be16
                              • Instruction Fuzzy Hash: 3C81F274A15219CFCB04CFA9C5849AEFBF1FF89350F24996AD415AB324D334AA82CF54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02554011, Relevance: .2, Instructions: 189COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 216d71027d320cfd563a6e6fee68c59f90c92b5944b443e3fb4044f4f0349029
                              • Instruction ID: 03c5ba07b68225cbc2275fe3b631e57f7cabc17d0490a190f92f07f81dd4fd3a
                              • Opcode Fuzzy Hash: 216d71027d320cfd563a6e6fee68c59f90c92b5944b443e3fb4044f4f0349029
                              • Instruction Fuzzy Hash: B0810374A15219CFCB04CFA9C5809AEFBF2FF89350F24856AD415EB225D334AA82CF55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555470, Relevance: .2, Instructions: 168COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b8125e42ba96afff263a788d46c909fd82e51e56f741b1e64758e398d15f9548
                              • Instruction ID: e08f00fb4b1bce50d80e03b2d4bfea6300ca585a3bb8f2db042e8db7d0639297
                              • Opcode Fuzzy Hash: b8125e42ba96afff263a788d46c909fd82e51e56f741b1e64758e398d15f9548
                              • Instruction Fuzzy Hash: 4361F774E05219CFCB04CFAAC5905DEFBF2FF89210F68946AD805B7264E3349A41CB69
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555480, Relevance: .2, Instructions: 167COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ba9d7ec96a8642509934a48e0423247229892225a7f27c2e1a79ab5d0f71afa
                              • Instruction ID: 27f3c4f4cb94cade1a9519b51f6cd4163ad8ed44a9abddd13325d91b6aa1a6f7
                              • Opcode Fuzzy Hash: 3ba9d7ec96a8642509934a48e0423247229892225a7f27c2e1a79ab5d0f71afa
                              • Instruction Fuzzy Hash: 7B61E574E05219DFCB04CFAAC5905DEFBF2FF88211F64942AD815B7264E3349A41CB69
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 025556F8, Relevance: .1, Instructions: 126COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63c0a897886475945c11035de910f0a7ca118d4e282e96e8dff24f85aadc7a6d
                              • Instruction ID: 5aa9f66e35f74470de33f0bcd4359be7d26f91bd0f89c4e60b3fd59672faadab
                              • Opcode Fuzzy Hash: 63c0a897886475945c11035de910f0a7ca118d4e282e96e8dff24f85aadc7a6d
                              • Instruction Fuzzy Hash: 09510A70D1521ADBCB08CF95C9915AEFBF2FF88340F64D46AC905AB214E7349A41CF98
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 025556E8, Relevance: .1, Instructions: 125COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b6488eed67a7f13d34bd123db51311c35a72beb729cdc099ae9f6fb03a85cc1f
                              • Instruction ID: de577213c2d028013a23fcbe59867c89fdfe5c4c6adc04219272897477de35f2
                              • Opcode Fuzzy Hash: b6488eed67a7f13d34bd123db51311c35a72beb729cdc099ae9f6fb03a85cc1f
                              • Instruction Fuzzy Hash: DF512B70D0520ADFCB08CFA5C9915AEFBF2BF89340F64D46AC505AB254E7349A41CF99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555928, Relevance: .1, Instructions: 106COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 892378b21d8823351e5fa77e2ac4328ce7c5b8623699fdde10c83901434cdcc0
                              • Instruction ID: 292a4f915274b7285b45539f52d7301dc879fba5d2c82117a747705ec8bc7d81
                              • Opcode Fuzzy Hash: 892378b21d8823351e5fa77e2ac4328ce7c5b8623699fdde10c83901434cdcc0
                              • Instruction Fuzzy Hash: 00414E71E016188BEB58CF6B9D4479EFAF3BFC9301F14C1BAC50CA6224DB701A858E51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02555918, Relevance: .1, Instructions: 103COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.662212567.0000000002550000.00000040.00000001.sdmp, Offset: 02550000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 47b52e1ec9ccbc95509f1ab4cdf47fec2da3bd991890222951a87e05d0592f6c
                              • Instruction ID: ac5270b4717e58966433a960b703f4b9ed7de065adb96dd6614ed3b0b6d88085
                              • Opcode Fuzzy Hash: 47b52e1ec9ccbc95509f1ab4cdf47fec2da3bd991890222951a87e05d0592f6c
                              • Instruction Fuzzy Hash: 14413971E056598BEB58CF6B8D4479EFAF3BFC9200F14C1BA850CAA265EB3019858F51
                              Uniqueness

                              Uniqueness Score: -1.00%