Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report AIC7VMxudf.exe

Overview

General Information

Sample Name:AIC7VMxudf.exe
Analysis ID:383611
MD5:d14d623ad514f6ef05fb94541868b29c
SHA1:d5a787167ab02d7fd194fccb1f6335c8927702ad
SHA256:ff6ac9d2d223f204f998eb31cf4dc2045bee3ba86f481d8cea7a8b24a2ebf889
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Hides that the sample has been downloaded from the Internet (zone.identifier)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • AIC7VMxudf.exe (PID: 4872 cmdline: 'C:\Users\user\Desktop\AIC7VMxudf.exe' MD5: D14D623AD514F6EF05FB94541868B29C)
    • schtasks.exe (PID: 2044 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 4928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegSvcs.exe (PID: 6136 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
    • RegSvcs.exe (PID: 6100 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 2867A3817C9245F7CF518524DFD18F28)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x4a6cd:$x1: NanoCore.ClientPluginHost
    • 0x281d7d:$x1: NanoCore.ClientPluginHost
    • 0x4a70a:$x2: IClientNetworkHost
    • 0x281dba:$x2: IClientNetworkHost
    • 0x4e23d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x2858ed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x4a435:$a: NanoCore
      • 0x4a445:$a: NanoCore
      • 0x4a679:$a: NanoCore
      • 0x4a68d:$a: NanoCore
      • 0x4a6cd:$a: NanoCore
      • 0x281ae5:$a: NanoCore
      • 0x281af5:$a: NanoCore
      • 0x281d29:$a: NanoCore
      • 0x281d3d:$a: NanoCore
      • 0x281d7d:$a: NanoCore
      • 0x4a494:$b: ClientPlugin
      • 0x4a696:$b: ClientPlugin
      • 0x4a6d6:$b: ClientPlugin
      • 0x281b44:$b: ClientPlugin
      • 0x281d46:$b: ClientPlugin
      • 0x281d86:$b: ClientPlugin
      • 0x4a5bb:$c: ProjectData
      • 0x281c6b:$c: ProjectData
      • 0x38c022:$c: ProjectData
      • 0x426a42:$c: ProjectData
      • 0x4afc2:$d: DESCrypto
      Process Memory Space: AIC7VMxudf.exe PID: 4872Nanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0x119f48:$x1: NanoCore.ClientPluginHost
      • 0x19898e:$x1: NanoCore.ClientPluginHost
      • 0x119fa9:$x2: IClientNetworkHost
      • 0x1989ef:$x2: IClientNetworkHost
      • 0x11f3ae:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0x12d320:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0x19ddf4:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0x1abd66:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      Click to see the 3 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.AIC7VMxudf.exe.3efabf0.4.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xe38d:$x1: NanoCore.ClientPluginHost
      • 0xe3ca:$x2: IClientNetworkHost
      • 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      0.2.AIC7VMxudf.exe.3efabf0.4.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xe105:$x1: NanoCore Client.exe
      • 0xe38d:$x2: NanoCore.ClientPluginHost
      • 0xf9c6:$s1: PluginCommand
      • 0xf9ba:$s2: FileCommand
      • 0x1086b:$s3: PipeExists
      • 0x16622:$s4: PipeCreated
      • 0xe3b7:$s5: IClientLoggingHost
      0.2.AIC7VMxudf.exe.3efabf0.4.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        0.2.AIC7VMxudf.exe.3efabf0.4.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
        • 0xe0f5:$a: NanoCore
        • 0xe105:$a: NanoCore
        • 0xe339:$a: NanoCore
        • 0xe34d:$a: NanoCore
        • 0xe38d:$a: NanoCore
        • 0xe154:$b: ClientPlugin
        • 0xe356:$b: ClientPlugin
        • 0xe396:$b: ClientPlugin
        • 0xe27b:$c: ProjectData
        • 0xec82:$d: DESCrypto
        • 0x1664e:$e: KeepAlive
        • 0x1463c:$g: LogClientMessage
        • 0x10837:$i: get_Connected
        • 0xefb8:$j: #=q
        • 0xefe8:$j: #=q
        • 0xf004:$j: #=q
        • 0xf034:$j: #=q
        • 0xf050:$j: #=q
        • 0xf06c:$j: #=q
        • 0xf09c:$j: #=q
        • 0xf0b8:$j: #=q
        0.2.AIC7VMxudf.exe.2c868c4.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          Click to see the 3 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: NanoCoreShow sources
          Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 6100, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
          Sigma detected: Scheduled temp file as task from temp locationShow sources
          Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\AIC7VMxudf.exe' , ParentImage: C:\Users\user\Desktop\AIC7VMxudf.exe, ParentProcessId: 4872, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp', ProcessId: 2044

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Multi AV Scanner detection for domain / URLShow sources
          Source: nassiru1144.ddns.netVirustotal: Detection: 8%Perma Link
          Multi AV Scanner detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Roaming\TqksXQmEOtil.exeVirustotal: Detection: 51%Perma Link
          Source: C:\Users\user\AppData\Roaming\TqksXQmEOtil.exeMetadefender: Detection: 27%Perma Link
          Source: C:\Users\user\AppData\Roaming\TqksXQmEOtil.exeReversingLabs: Detection: 68%
          Multi AV Scanner detection for submitted fileShow sources
          Source: AIC7VMxudf.exeVirustotal: Detection: 51%Perma Link
          Source: AIC7VMxudf.exeMetadefender: Detection: 27%Perma Link
          Source: AIC7VMxudf.exeReversingLabs: Detection: 68%
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE
          Source: AIC7VMxudf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: AIC7VMxudf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 4x nop then add dword ptr [ebp-0Ch], 01h0_2_02A56E10

          Networking:

          barindex
          Uses dynamic DNS servicesShow sources
          Source: unknownDNS query: name: nassiru1144.ddns.net
          Source: global trafficTCP traffic: 192.168.2.3:49712 -> 194.5.98.250:1012
          Source: global trafficTCP traffic: 192.168.2.3:49721 -> 79.134.225.30:1012
          Source: Joe Sandbox ViewIP Address: 194.5.98.250 194.5.98.250
          Source: Joe Sandbox ViewIP Address: 79.134.225.30 79.134.225.30
          Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownTCP traffic detected without corresponding DNS query: 194.5.98.250
          Source: unknownDNS traffic detected: queries for: nassiru1144.ddns.net
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

          E-Banking Fraud:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 0_2_02A5A7B00_2_02A5A7B0
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 0_2_02A588E10_2_02A588E1
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 0_2_02A570C00_2_02A570C0
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 0_2_02A5B4F00_2_02A5B4F0
          Source: AIC7VMxudf.exeBinary or memory string: OriginalFilename vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDurmu_ vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000000.194606267.0000000000692000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIMoniker.exeB vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000002.208258506.00000000063F0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000002.208258506.00000000063F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000002.208143709.0000000006300000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exe, 00000000.00000002.207993430.0000000005CA0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDebuggerHiddenAttribute.dllX vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exeBinary or memory string: OriginalFilenameIMoniker.exeB vs AIC7VMxudf.exe
          Source: AIC7VMxudf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
          Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
          Source: classification engineClassification label: mal100.troj.evad.winEXE@8/7@16/3
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile created: C:\Users\user\AppData\Roaming\TqksXQmEOtil.exeJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeMutant created: \Sessions\1\BaseNamedObjects\KbxxSk
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4928:120:WilError_01
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{c58032b4-d173-4ca1-842f-62ce41b0e6f4}
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile created: C:\Users\user\AppData\Local\Temp\tmp819D.tmpJump to behavior
          Source: AIC7VMxudf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: AIC7VMxudf.exeBinary or memory string: Select * from Customers;
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: INSERT INTO PublisherMembershipCondition VALUES(@modelo, @fabricante, @ano, @cor);
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: Select * from PublisherMembershipCondition WHERE modelo=@modelo;zDeu erro na execu
          Source: AIC7VMxudf.exeVirustotal: Detection: 51%
          Source: AIC7VMxudf.exeMetadefender: Detection: 27%
          Source: AIC7VMxudf.exeReversingLabs: Detection: 68%
          Source: AIC7VMxudf.exeString found in binary or memory: Freight:/frmActionOrderReception-Add Stock to Inventory{Update OrderReceptions Set Status = 'APPROVED', ChangedBy = '
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile read: C:\Users\user\Desktop\AIC7VMxudf.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\AIC7VMxudf.exe 'C:\Users\user\Desktop\AIC7VMxudf.exe'
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp'
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp'Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: AIC7VMxudf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: AIC7VMxudf.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: AIC7VMxudf.exeStatic file information: File size 1182208 > 1048576
          Source: AIC7VMxudf.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x11bc00
          Source: AIC7VMxudf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

          Data Obfuscation:

          barindex
          .NET source code contains method to dynamically call methods (often used by packers)Show sources
          Source: AIC7VMxudf.exe, FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true)
          Source: TqksXQmEOtil.exe.0.dr, FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true)
          Source: 0.2.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true)
          Source: 0.0.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true)
          .NET source code contains potential unpackerShow sources
          Source: AIC7VMxudf.exe, FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: TqksXQmEOtil.exe.0.dr, FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.2.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 0.0.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeCode function: 0_2_006951AC push es; retf 0000h0_2_00695377
          Source: initial sampleStatic PE information: section name: .text entropy: 7.31668862644
          Source: initial sampleStatic PE information: section name: .text entropy: 7.31668862644
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile created: C:\Users\user\AppData\Roaming\TqksXQmEOtil.exeJump to dropped file

          Boot Survival:

          barindex
          Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp'

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.2c868c4.1.raw.unpack, type: UNPACKEDPE
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 6738Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2762Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: foregroundWindowGot 782Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: foregroundWindowGot 652Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exe TID: 3412Thread sleep time: -100494s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exe TID: 4972Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeThread delayed: delay time: 100494Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp'Jump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeQueries volume information: C:\Users\user\Desktop\AIC7VMxudf.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\AIC7VMxudf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

          Stealing of Sensitive Information:

          barindex
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Detected Nanocore RatShow sources
          Source: AIC7VMxudf.exe, 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Source: RegSvcs.exe, 00000005.00000003.273833459.0000000005DD6000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
          Yara detected Nanocore RATShow sources
          Source: Yara matchFile source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Process Injection11Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsCommand and Scripting Interpreter2Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsScheduled Task/Job1Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection11NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing21DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          AIC7VMxudf.exe51%VirustotalBrowse
          AIC7VMxudf.exe32%MetadefenderBrowse
          AIC7VMxudf.exe69%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Roaming\TqksXQmEOtil.exe51%VirustotalBrowse
          C:\Users\user\AppData\Roaming\TqksXQmEOtil.exe32%MetadefenderBrowse
          C:\Users\user\AppData\Roaming\TqksXQmEOtil.exe69%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          nassiru1144.ddns.net8%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          nassiru1144.ddns.net
          		79.134.225.30
          		truetrueunknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpfalse
            		high
            https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssAIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmpfalse
              		high

              Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public

              IPDomainCountryFlagASNASN NameMalicious
              194.5.98.250
              		unknownNetherlands
              		208476DANILENKODEfalse
              79.134.225.30
              		nassiru1144.ddns.netSwitzerland
              		6775FINK-TELECOM-SERVICESCHtrue

              Private

              IP
              192.168.2.1

              General Information

              Joe Sandbox Version:31.0.0 Emerald
              Analysis ID:383611
              Start date:08.04.2021
              Start time:02:46:16
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 7m 0s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:AIC7VMxudf.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:27
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@8/7@16/3
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 0.1% (good quality ratio 0.1%)
              • Quality average: 61.2%
              • Quality standard deviation: 30.2%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 9
              • Number of non-executed functions: 0
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              Warnings:
              Show All
              • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
              • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 168.61.161.212, 40.88.32.150, 52.147.198.201, 13.64.90.137, 52.255.188.83, 20.82.210.154, 23.54.113.104, 23.10.249.26, 23.10.249.43, 20.54.26.129, 20.82.209.183
              • Excluded domains from analysis (whitelisted): skypedataprdcolwus17.cloudapp.net, arc.msn.com.nsatc.net, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus15.cloudapp.net, skypedataprdcoleus17.cloudapp.net, blobcollector.events.data.trafficmanager.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net
              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              02:47:02API Interceptor1x Sleep call for process: AIC7VMxudf.exe modified
              02:47:06API Interceptor1054x Sleep call for process: RegSvcs.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
              194.5.98.250IpEtbpwMpM.exeGet hashmaliciousBrowse
                LOT 15 - Transfer Manifest.xlsxGet hashmaliciousBrowse
                  F8ZoCqWINT.exeGet hashmaliciousBrowse
                    xxRtA2mCLA.exeGet hashmaliciousBrowse
                      w6LWFElNpK.exeGet hashmaliciousBrowse
                        wxcV2YuXBj.exeGet hashmaliciousBrowse
                          Ref 19117030.xlsxGet hashmaliciousBrowse
                            PO_SRL2020426.xlsxGet hashmaliciousBrowse
                              FztmRe1Bcb.exeGet hashmaliciousBrowse
                                79.134.225.30Payment Confirmation.exeGet hashmaliciousBrowse
                                  JOIN.exeGet hashmaliciousBrowse
                                    Itinerary.pdf.exeGet hashmaliciousBrowse
                                      vVH0wIFYFd.exeGet hashmaliciousBrowse
                                        GWee9QSphp.exeGet hashmaliciousBrowse
                                          s7pnYY2USl.jarGet hashmaliciousBrowse
                                            s7pnYY2USl.jarGet hashmaliciousBrowse
                                              SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exeGet hashmaliciousBrowse
                                                Import and Export Regulation.xlsxGet hashmaliciousBrowse
                                                  BBdzKOGQ36.exeGet hashmaliciousBrowse
                                                    BL.exeGet hashmaliciousBrowse
                                                      Payment Invoice.exeGet hashmaliciousBrowse
                                                        Payment Invoice.pdf.exeGet hashmaliciousBrowse
                                                          Inquiries_scan_011023783591374376585.exeGet hashmaliciousBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                                            ASN

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            DANILENKODEn4CeZTejKM.exeGet hashmaliciousBrowse
                                                            • 194.5.98.9
                                                            New Order request Ref E100-#3175704534,pdf.e.exeGet hashmaliciousBrowse
                                                            • 194.5.97.14
                                                            PO-#3175704534,PDF.exeGet hashmaliciousBrowse
                                                            • 194.5.97.14
                                                            Evgp2DqQha.exeGet hashmaliciousBrowse
                                                            • 194.5.98.107
                                                            Payment Copy #6578965432.exeGet hashmaliciousBrowse
                                                            • 194.5.98.52
                                                            PO SKP 149684.jarGet hashmaliciousBrowse
                                                            • 194.5.98.48
                                                            4EPXPkicIL.exeGet hashmaliciousBrowse
                                                            • 194.5.97.158
                                                            xoxd454e9q.exeGet hashmaliciousBrowse
                                                            • 194.5.97.158
                                                            1VzQLgPeAlfHSHQ.exeGet hashmaliciousBrowse
                                                            • 194.5.97.214
                                                            XJ1lVmdiCi.exeGet hashmaliciousBrowse
                                                            • 194.5.97.237
                                                            QUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exeGet hashmaliciousBrowse
                                                            • 194.5.98.182
                                                            Revised invoice30032021.exeGet hashmaliciousBrowse
                                                            • 194.5.98.145
                                                            QUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exeGet hashmaliciousBrowse
                                                            • 194.5.98.182
                                                            Vp0VO1U2oo.exeGet hashmaliciousBrowse
                                                            • 194.5.98.107
                                                            IpEtbpwMpM.exeGet hashmaliciousBrowse
                                                            • 194.5.98.250
                                                            LOT 15 - Transfer Manifest.xlsxGet hashmaliciousBrowse
                                                            • 194.5.98.250
                                                            2df27f1a3505dbd0995188d49c253f5bc53c0e994954c.exeGet hashmaliciousBrowse
                                                            • 194.5.98.107
                                                            1AQz4ua1TU.exeGet hashmaliciousBrowse
                                                            • 194.5.98.107
                                                            5YjMB4pzS4.exeGet hashmaliciousBrowse
                                                            • 194.5.98.49
                                                            F8ZoCqWINT.exeGet hashmaliciousBrowse
                                                            • 194.5.98.250
                                                            FINK-TELECOM-SERVICESCH9mm case for ROYAL METAL INDUSTRIES 3milmonth Specification drawings.exeGet hashmaliciousBrowse
                                                            • 79.134.225.21
                                                            PO50164.exeGet hashmaliciousBrowse
                                                            • 79.134.225.79
                                                            Fast color scan to a PDFfile_1_20210331084231346.pdf.exeGet hashmaliciousBrowse
                                                            • 79.134.225.102
                                                            n7dIHuG3v6.exeGet hashmaliciousBrowse
                                                            • 79.134.225.92
                                                            F6JT4fXIAQ.exeGet hashmaliciousBrowse
                                                            • 79.134.225.92
                                                            order_inquiry2094.xls.exeGet hashmaliciousBrowse
                                                            • 79.134.225.102
                                                            5H957qLghX.exeGet hashmaliciousBrowse
                                                            • 79.134.225.25
                                                            yBio5dWAOl.exeGet hashmaliciousBrowse
                                                            • 79.134.225.7
                                                            wDIaJji4Vv.exeGet hashmaliciousBrowse
                                                            • 79.134.225.7
                                                            DkZY1k3y9F.exeGet hashmaliciousBrowse
                                                            • 79.134.225.23
                                                            hbvo9thTAX.exeGet hashmaliciousBrowse
                                                            • 79.134.225.7
                                                            SCAN ORDER DOC 040202021.exeGet hashmaliciousBrowse
                                                            • 79.134.225.71
                                                            Waybill Doc_pdf.exeGet hashmaliciousBrowse
                                                            • 79.134.225.92
                                                            gfcYixSdyD.exeGet hashmaliciousBrowse
                                                            • 79.134.225.71
                                                            cJtVGjtNGZ.exeGet hashmaliciousBrowse
                                                            • 79.134.225.40
                                                            Transferwise beneficiary detailspdf.exeGet hashmaliciousBrowse
                                                            • 79.134.225.22
                                                            NS 001 DOP IPS ORIENTATIONS.docGet hashmaliciousBrowse
                                                            • 79.134.225.73
                                                            cp.msi.exeGet hashmaliciousBrowse
                                                            • 79.134.225.109
                                                            ot.msiGet hashmaliciousBrowse
                                                            • 79.134.225.109
                                                            dd.exeGet hashmaliciousBrowse
                                                            • 79.134.225.109

                                                            JA3 Fingerprints

                                                            No context

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AIC7VMxudf.exe.log
                                                            Process:C:\Users\user\Desktop\AIC7VMxudf.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:modified
                                                            Size (bytes):706
                                                            Entropy (8bit):5.342604339328228
                                                            Encrypted:false
                                                            SSDEEP:12:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21q1KDLI4Mq92n4M9XKbbDLI4MWuPJKiUrRt:MLUE4K5E4Ks2E1qE4x84qXKDE4KhK3Vt
                                                            MD5:5DDFC467AB8C44DEA19603E0ECDA810D
                                                            SHA1:BE369FE7C7D3A4D32886C1BA7319FCA14BA40776
                                                            SHA-256:AE759C8FFA5038FC35A1F3C27EC1401909248A05E207CD940CBEF821E02B5A59
                                                            SHA-512:A242206D3D83E5242E09F82677C4C4D9A9E400354607B8F749195E8BE383EA1F31DE62D5123C5197BE78812856955772D6302588A104BB16A0977713A155439E
                                                            Malicious:true
                                                            Reputation:moderate, very likely benign file
                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..
                                                            C:\Users\user\AppData\Local\Temp\tmp819D.tmp
                                                            Process:C:\Users\user\Desktop\AIC7VMxudf.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):1645
                                                            Entropy (8bit):5.193797103861353
                                                            Encrypted:false
                                                            SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBrBtn:cbh47TlNQ//rydbz9I3YODOLNdq3V
                                                            MD5:80385303CD5BBCE7CD306E0FF332C35E
                                                            SHA1:5E8C4EFC88C2264B00BE4D82F84D8D71A7AB7EB3
                                                            SHA-256:4B279EFC48FB03FD795202AD7753334967CA327D611CC0E04B569EFE3C30101A
                                                            SHA-512:A6E9A8B7E3AFF34D2ECFE1794E4B2D677427288A57D5D1B6832ECE9697AA17397E38D061E01A74FF5B7B6E00A947D7B3A82D188730DD1DD611AE074E0FD9AA5A
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat
                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):864
                                                            Entropy (8bit):7.012278113302776
                                                            Encrypted:false
                                                            SSDEEP:24:IQnybgCyHJ5lQnybgCyHJ5lQnybgCyHJ5lQnybgCyHJ5i:IkR5lkR5lkR5lkR5i
                                                            MD5:281F575A1418DE9976BA07B4A58F860B
                                                            SHA1:275A3E5F9E5064B8DE30E3AC1C089109C2FE22D6
                                                            SHA-256:3736A2E2E6F777CACC098F9B7F7B5770A045B4952AEC6182448E730D116A0B5B
                                                            SHA-512:ED86C8051D8F47DA5DD1C6AA637278CA014E9DBB0AEE5B3D194446F38B5C411DE37AF5A909998AFE930326A7A4CF4632BCAE85E5AC6D145E2E9EC784F64B95D6
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|XGj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h.P.vY.........S.5.6.C4..E.Y.|........).zs...w.gl..\.G..J.M.vES.0....P.:..6...T....+5.1............r.P.V..+..(.*2d.f... ..q.. 7iO.+..c.....!.'.*..mL|X
                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            File Type:ISO-8859 text
                                                            Category:dropped
                                                            Size (bytes):8
                                                            Entropy (8bit):3.0
                                                            Encrypted:false
                                                            SSDEEP:3:GP:W
                                                            MD5:BCF72E34F695DA2FE3C6859FB39A68CF
                                                            SHA1:5CC167E48BC3C14D9FCF8A9DBB906FAE3554BCF4
                                                            SHA-256:DB15F8F0FDFB3CAF164B7EE5114BFA58E21F1012CE187B093C6316BF1F0D6565
                                                            SHA-512:F0985CC1CE4BF8DBECF6DC4019C69AB9D2BCE3B50451DD2A03759BB8C00365576FABFC7E3B6847AF191E4898B317309B80A741BE863DAD3B84419829B672AB79
                                                            Malicious:true
                                                            Reputation:low
                                                            Preview: 7..Es..H
                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\storage.dat
                                                            Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            File Type:data
                                                            Category:dropped
                                                            Size (bytes):327928
                                                            Entropy (8bit):7.999564270615327
                                                            Encrypted:true
                                                            SSDEEP:6144:EV615kOliaxupZQLNJLtpAUVmDkva49avhcpi4sXZCKnQhi2dDBSjYh:4615HtupZQLNJLvAdDkxDgXePph
                                                            MD5:78E439043BA0679B60222A2ADF210FA6
                                                            SHA1:3321C991EB442CD04F8AE4AC446FFD3A0EC2F693
                                                            SHA-256:B39C660B6B9393FE0DA45B730B6BFA7C7780A20EB196890F57500D9F91E76408
                                                            SHA-512:82E4B6765204E7A33CF7BED5B261BA658043E6343FFBFD0FEF29883377D1EE8CAA64B60D48C281B4598FB01D1146EFEA5DCECB4A41BE0B25DDA013AD263B221B
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview: ..,!..LJy..5<...9....!..?.AJ.._l..Px.9g..._t...].....t../...a.k.Z3.H...o..>.6.x.E.....hBu*.#.Z..v..).#..x...hI..e...B-<.J0...o...]....%......51.h..G{.u.|*r..xs.d..#....).&.e.3..6.V+....d......!..v...)Y......pe...c.mW.....O.X...>.[......w^.0.&Z.^5se.(..1 Zq.....G.`y.F.f..T[k.^.fj.o.~...t.=..[...zU8_..b...%......J.6._..._!{.c... .8...^........^.,|...7T.c.._X/n..Fd.M>.=..Cmwd.%N.S.-..jk!.B.q>S...7.h....?sa.S@..3...G.B.M..Q.f..b....j..0y.i&..$...LIq}&..8F.........m........=..5O.g...}"4......z.q.b.Am.A1."]".....C..F..9.2.u.DL..s.=^.s.@..k.c>.u...rw.W.E....Jn..........$...C...0../.l.M...D._.K.d.2...|...T....1.....g.-x.........U$.I.n...e..|J...AVU.v.I..3.7%&.6.......)....@f......}TR...g]W8x..."...{.H.....gS,..@.).......L...K7.'V.42...~.b..q.j.V.1...V..`.NW*].l6A...c.<..5..'..u...i...*...L..'..!.cD..m...3~....As.@+....'&..\4_...6..t.jq2IK.K.2..E&.K..wi9...enm.7...0.EVG.Ab....S...(%.of.b.?.J..;."0....0u.%.M....(a...A.LEn....P.z.x.3.8....G.....MT.:
                                                            C:\Users\user\AppData\Roaming\TqksXQmEOtil.exe
                                                            Process:C:\Users\user\Desktop\AIC7VMxudf.exe
                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):1182208
                                                            Entropy (8bit):7.2992351228535135
                                                            Encrypted:false
                                                            SSDEEP:12288:phwL5gPTbbOgk79rgPe0Fe2AltwWyT1oJbwkMhRouR1+xsvqdEPKyBKpBr/LTn:p9I7fGXWyxoE6uREsvqCdK7T
                                                            MD5:D14D623AD514F6EF05FB94541868B29C
                                                            SHA1:D5A787167AB02D7FD194FCCB1F6335C8927702AD
                                                            SHA-256:FF6AC9D2D223F204F998EB31CF4DC2045BEE3BA86F481D8CEA7A8B24A2EBF889
                                                            SHA-512:44D7E0CA90A31BA45378445AF292D1E3DA2EDC7FB2B774BBB35D519E33DA5DA20E3D4A9253BC8916B8D7AFA94EB16974B899C0927BE45941EAC8167D39439812
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Virustotal, Detection: 51%, Browse
                                                            • Antivirus: Metadefender, Detection: 32%, Browse
                                                            • Antivirus: ReversingLabs, Detection: 69%
                                                            Reputation:low
                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....``..............P......L......".... ........@.. .......................`............@.....................................O........H...................@....................................................... ............... ..H............text...(.... ...................... ..`.rsrc....H.......J..................@..@.reloc.......@......................@..B........................H.........................................................................(....*&..(.....*.s.........s ........s!........s"........s#........*...0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0...........~....o'....+..*.0...........~....o(....+..*&..()....*...0..<........~.....(*.....,!r...p.....(+...o,...s-............~.....+..*.0...........~.....+..*".......*.0...........(....r...p~....o.....+..*...0..<........~.....(*.....,!r7..p.....(+
                                                            C:\Users\user\AppData\Roaming\TqksXQmEOtil.exe:Zone.Identifier
                                                            Process:C:\Users\user\Desktop\AIC7VMxudf.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:false
                                                            Reputation:high, very likely benign file
                                                            Preview: [ZoneTransfer]....ZoneId=0

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                            Entropy (8bit):7.2992351228535135
                                                            TrID:
                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                            • Windows Screen Saver (13104/52) 0.07%
                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                            File name:AIC7VMxudf.exe
                                                            File size:1182208
                                                            MD5:d14d623ad514f6ef05fb94541868b29c
                                                            SHA1:d5a787167ab02d7fd194fccb1f6335c8927702ad
                                                            SHA256:ff6ac9d2d223f204f998eb31cf4dc2045bee3ba86f481d8cea7a8b24a2ebf889
                                                            SHA512:44d7e0ca90a31ba45378445af292d1e3da2edc7fb2b774bbb35d519e33da5da20e3d4a9253bc8916b8d7afa94eb16974b899c0927be45941eac8167d39439812
                                                            SSDEEP:12288:phwL5gPTbbOgk79rgPe0Fe2AltwWyT1oJbwkMhRouR1+xsvqdEPKyBKpBr/LTn:p9I7fGXWyxoE6uREsvqCdK7T
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....``..............P......L......".... ........@.. .......................`............@................................

                                                            File Icon

                                                            Icon Hash:e9e8d8943a9df936

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x51db22
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                            Time Stamp:0x6060F7AD [Sun Mar 28 21:39:57 2021 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:v4.0.30319
                                                            OS Version Major:4
                                                            OS Version Minor:0
                                                            File Version Major:4
                                                            File Version Minor:0
                                                            Subsystem Version Major:4
                                                            Subsystem Version Minor:0
                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                            Entrypoint Preview

                                                            Instruction
                                                            jmp dword ptr [00402000h]
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al
                                                            add byte ptr [eax], al

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x11dad00x4f.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x11e0000x48d8.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x1240000xc.reloc
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x20000x11bb280x11bc00False0.655929928414data7.31668862644IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                            .rsrc0x11e0000x48d80x4a00False0.552892736486data5.25809431394IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                            .reloc0x1240000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            RT_ICON0x11e1000x4228dBase III DBT, version number 0, next free block index 40
                                                            RT_GROUP_ICON0x1223380x14data
                                                            RT_VERSION0x12235c0x37cdata
                                                            RT_MANIFEST0x1226e80x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                            Imports

                                                            DLLImport
                                                            mscoree.dll_CorExeMain

                                                            Version Infos

                                                            DescriptionData
                                                            Translation0x0000 0x04b0
                                                            LegalCopyrightCopyright 2021 Handy Dan
                                                            Assembly Version1.1.0.0
                                                            InternalNameIMoniker.exe
                                                            FileVersion1.1.0.0
                                                            CompanyNameHandy Dan
                                                            LegalTrademarks
                                                            Comments2002 Honda S-MX
                                                            ProductNamePassengerService
                                                            ProductVersion1.1.0.0
                                                            FileDescriptionPassengerService
                                                            OriginalFilenameIMoniker.exe

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Apr 8, 2021 02:47:06.840564013 CEST497121012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:06.878880024 CEST101249712194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:07.383434057 CEST497121012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:07.422149897 CEST101249712194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:07.930614948 CEST497121012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:07.968980074 CEST101249712194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:12.025633097 CEST497131012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:12.063585043 CEST101249713194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:12.571551085 CEST497131012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:12.610152006 CEST101249713194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:13.118459940 CEST497131012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:13.156709909 CEST101249713194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:17.167402029 CEST497161012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:17.205554962 CEST101249716194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:17.712423086 CEST497161012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:17.750607014 CEST101249716194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:18.259725094 CEST497161012192.168.2.3194.5.98.250
                                                            Apr 8, 2021 02:47:18.298007965 CEST101249716194.5.98.250192.168.2.3
                                                            Apr 8, 2021 02:47:22.396223068 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:22.598064899 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:22.598198891 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:22.626696110 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:22.856774092 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:22.956831932 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.009783983 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.042960882 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.295963049 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.296076059 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.570842981 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.570974112 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.853091955 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.886234999 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.886564970 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.886658907 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.889122963 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895214081 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895253897 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895286083 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895323038 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895350933 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895386934 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895385981 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.895411015 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:23.895415068 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.895420074 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:23.895683050 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.104693890 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.109807014 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.109949112 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.110122919 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.111001015 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.111042976 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.111119032 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.112234116 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.112283945 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.112365007 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.112382889 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.112603903 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.112859964 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.118292093 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.118467093 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.118573904 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.118654966 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.118724108 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.118727922 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.118787050 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.120322943 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.120486021 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.120570898 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.120872021 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.121140003 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.121218920 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.121402025 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.121541977 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.121588945 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.121615887 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.121639013 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.122600079 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.124032021 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.316298008 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.316354036 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.316549063 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.317137957 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.317416906 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.317558050 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.317684889 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.317914009 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.318003893 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.318749905 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.318790913 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.318892002 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.319561958 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.324621916 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.325728893 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.325773001 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.325896978 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.327254057 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.327672005 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.327821016 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.328212023 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.329463005 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.329596996 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.329653978 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.335971117 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336010933 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336049080 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336277962 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336317062 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336472988 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336601973 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336663961 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336699963 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336747885 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336848974 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.336890936 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.337249994 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.337291956 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.337431908 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.337474108 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.337920904 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.338084936 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.338329077 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.338888884 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.338956118 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.339734077 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.339850903 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.342216969 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.526909113 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.527201891 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.527348995 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.528893948 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.528934956 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.528973103 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529020071 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.529082060 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.529424906 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529495955 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.529558897 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529625893 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.529700041 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529742002 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529778957 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.529799938 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.531450987 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.531491995 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.531541109 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.531711102 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.531769991 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.531869888 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532028913 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532068014 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532104969 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.532315969 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532357931 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532385111 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.532489061 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532547951 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.532798052 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532839060 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.532905102 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.532978058 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.534406900 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.534502029 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.534574032 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.535000086 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.535085917 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.535399914 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.535664082 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.535727978 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.535828114 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.538523912 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.538564920 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.538613081 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.539155960 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.539318085 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.539324999 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.539906025 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.539988041 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.540045023 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.540154934 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.540216923 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.541249990 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.541435957 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.541507006 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.541721106 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.541831017 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.541896105 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.542160034 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.547765017 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.547805071 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.548033953 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.549005032 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.549047947 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.549168110 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.549976110 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.550074100 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.550117016 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.550237894 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.550316095 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.550642967 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.550708055 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.550779104 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.558516026 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.600025892 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.737518072 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.737564087 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.737667084 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.749728918 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.749772072 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.749840975 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.750030041 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750231028 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750272989 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750310898 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750327110 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.750379086 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.750410080 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750478983 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750534058 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.750597954 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750740051 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.750799894 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.750976086 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751346111 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751415968 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.751477003 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751621008 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751669884 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751688004 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.751739025 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.751796007 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.751862049 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.752032995 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.752084970 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.752104998 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.752208948 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.752274036 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.752347946 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.752414942 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.752979994 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.753041983 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.753220081 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.754040003 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.754112959 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.754303932 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.754662037 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.754750013 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.754843950 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.755748987 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.755796909 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.755829096 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.756761074 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.756838083 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.756855965 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.758251905 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.758294106 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.758327007 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.758982897 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.759049892 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.759314060 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.760510921 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.760590076 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.761442900 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.761482000 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.761523962 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.761548042 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.762262106 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.762339115 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.762348890 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.762942076 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.763020039 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.763200998 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.764626980 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.764678001 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.764759064 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.765153885 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.765196085 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.765225887 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.806816101 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.818356991 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.869281054 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.953037977 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953082085 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953120947 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953208923 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953246117 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953262091 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.953316927 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.953355074 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.953416109 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.953773022 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.954005003 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.954062939 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.954698086 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.956068993 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.956193924 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.968475103 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.968514919 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.968663931 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.969084978 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.969166040 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.969230890 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.969981909 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970094919 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970189095 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.970247030 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970283985 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970364094 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.970730066 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970767975 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970804930 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.970828056 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.971050024 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.971141100 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.971276999 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.971402884 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.971499920 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.971970081 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.972264051 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.972349882 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.972414970 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.972456932 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.972524881 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.972799063 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.973169088 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.973303080 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.973428011 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.973969936 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.974049091 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.974066019 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.974373102 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.974448919 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.974663019 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.974844933 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.974908113 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.975338936 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.975605965 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.975672960 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.977560997 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.977689981 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.977756023 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.978020906 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.978214025 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.978322029 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.978547096 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.978770018 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.978877068 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.979145050 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.979564905 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.979614019 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.979624033 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:24.979868889 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:24.979928017 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.003885031 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.056895971 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.073302031 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.073345900 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.073477030 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.104315996 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.157160997 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.157202959 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.157367945 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.170208931 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.170264006 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.170372009 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.170397997 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.170805931 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.170855999 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.170875072 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.170906067 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.171864986 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.171906948 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.171922922 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.171967983 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.172768116 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.172806978 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.172883987 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.173696995 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.173814058 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.173880100 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.173949957 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.174856901 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.174917936 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.175025940 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.175082922 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.177880049 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.177907944 CEST10124972179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:25.177956104 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:25.177987099 CEST497211012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:29.164849043 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:29.377720118 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:29.377841949 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:29.385838985 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:29.619868040 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:29.737968922 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:29.740791082 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.260441065 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.437450886 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.440767050 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.507653952 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.507992029 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.643135071 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.759785891 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.798352003 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.798407078 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.798477888 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.800370932 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.800673008 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.800734043 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.813378096 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.813462973 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.813606024 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.814055920 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.814096928 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.814217091 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:30.814405918 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.814599037 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:30.815468073 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.031987906 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.032044888 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.032083988 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.032131910 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.032191038 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.032246113 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.032490015 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.038386106 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.038440943 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.038530111 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.038546085 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.038606882 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.039973974 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.041538954 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.041584015 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.041665077 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.041908026 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.041971922 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.042059898 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.044847965 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045039892 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045104980 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.045273066 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045314074 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045346975 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.045375109 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045680046 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.045748949 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.046114922 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.046178102 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.167422056 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.264569044 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.264621019 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.264708996 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.264766932 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.264867067 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.264934063 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.264947891 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.264974117 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.268647909 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.274682045 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.274720907 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.274813890 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.275672913 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.275921106 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.276098967 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.278141022 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.278232098 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.278256893 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.279649973 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.279674053 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.279700994 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.279753923 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.280245066 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.280400038 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.280447960 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.281505108 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.281758070 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.281790972 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.281835079 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.281857014 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.292524099 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.292572975 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.292610884 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.292644978 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.292681932 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.292704105 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.293051004 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.293112040 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.293246031 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.293287039 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.293344021 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.293536901 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.293628931 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.293683052 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.294163942 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.294560909 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.294622898 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.294882059 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.295113087 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.295137882 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.295378923 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.295682907 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.295722008 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.295752048 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.295783997 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.296117067 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.296196938 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.296256065 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.296315908 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.296797991 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.296876907 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.302196026 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.302825928 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.303448915 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.303628922 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.303690910 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.303752899 CEST10124972979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:31.303792000 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:31.303812027 CEST497291012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:35.222177029 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:35.425376892 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:35.425534010 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:35.426006079 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:35.660865068 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:35.722826958 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:35.723156929 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:35.928272009 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:35.935110092 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.164541960 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.178046942 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.212944031 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.213114977 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.213859081 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.213911057 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.213970900 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.213989973 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.215219021 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.215260029 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.215339899 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.215373993 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.215692043 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.215733051 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.215759993 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.215776920 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.216003895 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.216067076 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.226627111 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.226691961 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.226783991 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.226835966 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.412843943 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.412904978 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.412996054 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.414994955 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.416134119 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.416198969 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.416222095 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.416960955 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.417043924 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.423572063 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.423614979 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.423680067 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.424050093 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.424951077 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.425020933 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.425232887 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.425425053 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.425487041 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.432941914 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.444797993 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.444911003 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.454925060 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.455087900 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.455171108 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.455477953 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.455883980 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.455921888 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.455950975 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.455981970 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.456036091 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.629327059 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.629452944 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.629501104 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.629633904 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.644006968 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.644141912 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.645004034 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.646400928 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.646480083 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.646646023 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.647177935 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.647270918 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.647562027 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.647665977 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.647758007 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.648967028 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.650021076 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.650135040 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.650242090 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.653557062 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.653597116 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.653664112 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.654926062 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655035973 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655112982 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.655189991 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655229092 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655266047 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655297041 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655318022 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.655332088 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.655594110 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.655903101 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.655934095 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.656105042 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.656183004 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.657133102 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.660974979 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.661200047 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.663248062 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.665517092 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.668575048 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.668728113 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.668795109 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.691973925 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.692195892 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.692374945 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.692800999 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.692884922 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.693087101 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.695703030 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.695754051 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.695795059 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.695835114 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.695892096 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.695916891 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.776664019 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.836549997 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.836616039 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.836817026 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.840131044 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.840174913 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.840251923 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.847714901 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.864461899 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.864576101 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.864660025 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.864855051 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.864892960 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.864954948 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.865870953 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.865982056 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.866488934 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.866727114 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.866885900 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.866956949 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.866966963 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.867041111 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.867127895 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.867646933 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.867711067 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.867856026 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.868783951 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.869124889 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.873922110 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.873964071 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.874062061 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.876902103 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.876939058 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.877135038 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.877214909 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.877346992 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.877413988 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.878242016 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.878282070 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.878436089 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.878727913 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.879015923 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.879167080 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.879245996 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.879894972 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.879987955 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.880714893 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.880975962 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.881020069 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.881089926 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.881428957 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.881496906 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.882539988 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.910341978 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.913268089 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.914844990 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.914908886 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.914973021 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.914999008 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.915049076 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915113926 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.915141106 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915200949 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.915247917 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915287971 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915386915 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.915782928 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915901899 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:36.915978909 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:36.975569010 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.041867018 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.041920900 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.042054892 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.042133093 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.042171001 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.042237043 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.042813063 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.042886019 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.067177057 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.067226887 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.067439079 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.067759037 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.067807913 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.067902088 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.068455935 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.068934917 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.068981886 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.069020987 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.069025040 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.069116116 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.077228069 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.077282906 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.077320099 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.077358007 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.077375889 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.077626944 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.077876091 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.077997923 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.078054905 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.078562975 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.078915119 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.078983068 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.079647064 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.079895020 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.080080986 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.080147028 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.081002951 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.081079960 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.081240892 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.081763983 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.081801891 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.081835032 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.082607031 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.082676888 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.086097002 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.086240053 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.086327076 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.086643934 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.086955070 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.087652922 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.087781906 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.087799072 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.087857008 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.089154005 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.089194059 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.089306116 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.089906931 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.089947939 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.090035915 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.091178894 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.114754915 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.114856958 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.114985943 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.116240978 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.116281986 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.116375923 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.116590977 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.116655111 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.117008924 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.117746115 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.117810011 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.117876053 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.124757051 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.124797106 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.124861956 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.167790890 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.250922918 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.250979900 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.251113892 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.252125025 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.252171993 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.252221107 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.252258062 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.252631903 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.252726078 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.252901077 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.252968073 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.266880035 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.266921043 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.267013073 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.268085003 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.268129110 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.268316984 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.268670082 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.268804073 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.268882990 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.277214050 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.277285099 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.277288914 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.277340889 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.277870893 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.277919054 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.278028011 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.279849052 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.279930115 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.279938936 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.280062914 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.280239105 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.280373096 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.280450106 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.283476114 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.283618927 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.283715963 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.286678076 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.286868095 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.287000895 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.287750006 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.287822008 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.287894011 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.287951946 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.290358067 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.290406942 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.290530920 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.290591002 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.290688038 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.290715933 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.290792942 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.291228056 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.291265965 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.291304111 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.291332006 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.291995049 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.292538881 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.292614937 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.293447018 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.293484926 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.293556929 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.293658018 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.293817043 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.293942928 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.294029951 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.295722008 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.295789957 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.295994997 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.296070099 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.317410946 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.317502022 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.317523956 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.317585945 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.317651987 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.317718029 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.325651884 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.325696945 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.325733900 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.325767994 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.325836897 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.326030970 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.326102018 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.326105118 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.326158047 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.326765060 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.326837063 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.372982979 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.373215914 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.457844973 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.457916975 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.458085060 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.458494902 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.458533049 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.458655119 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.459933043 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.459971905 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.460114956 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.460666895 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.467904091 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.468215942 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.469885111 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.469928026 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.469964981 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.470060110 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.470103979 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.470156908 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.470408916 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.474852085 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.475310087 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.478168011 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.478209019 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.478380919 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.478713989 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.479007959 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.479082108 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.479660988 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.479702950 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.479783058 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.487840891 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.487993956 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.488075018 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.488929033 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.488970995 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.489042044 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:37.489869118 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:37.573529005 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:38.079911947 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:38.167957067 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:38.348014116 CEST10124973379.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:38.348103046 CEST497331012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:42.222971916 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:42.419774055 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:42.419898033 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:42.432704926 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:42.665299892 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:42.747433901 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:42.747910976 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:42.967858076 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:42.969381094 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:43.254952908 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:43.255091906 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:43.530116081 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:43.749737978 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:43.964687109 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:44.156488895 CEST10124973579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:44.277196884 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:44.339719057 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:44.340773106 CEST497351012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:48.403906107 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:48.598020077 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:48.598172903 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:48.598726988 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:48.825553894 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:48.905592918 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:48.905841112 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:49.107793093 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:49.109282970 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:49.351824045 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:49.351924896 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:49.517693043 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:49.546556950 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:49.546789885 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:49.625046968 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:49.877275944 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:49.880204916 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:50.076601982 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:50.277760029 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:50.471726894 CEST10124973679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:50.574506998 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:50.581322908 CEST497361012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:54.682105064 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:54.876642942 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:54.876754999 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:54.877902031 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:55.122481108 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.169487000 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.169796944 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:55.394406080 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.396065950 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:55.661587954 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.661705971 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:55.789982080 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.840811014 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:55.872845888 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:55.873102903 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:56.108782053 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:56.108850956 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:56.216762066 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:56.262733936 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:56.363445044 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:56.456650972 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:56.457923889 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:56.692980051 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:56.693146944 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:47:56.928798914 CEST10124973879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:47:57.513618946 CEST497381012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:01.600761890 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:01.823577881 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:01.823734045 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:01.825138092 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:02.058757067 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.107737064 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.109652996 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:02.316776991 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.334830999 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:02.568133116 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.568259001 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:02.750840902 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.794353962 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:02.802125931 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:02.802350044 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:03.058903933 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:03.059215069 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:03.256313086 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:03.309945107 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:03.512554884 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:03.513895988 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:03.777370930 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:04.451786041 CEST10124973979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:04.497582912 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:04.513938904 CEST497391012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:08.568129063 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:08.762655020 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:08.762871027 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:08.774246931 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:09.005734921 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.064203024 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.064558029 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:09.273158073 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.325978994 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:09.559910059 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.592402935 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:09.672616005 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.718544960 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:09.792104006 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:09.794239998 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:10.022080898 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:10.022249937 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:10.216902018 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:10.263725996 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:10.458307028 CEST10124974879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:10.514960051 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:10.577243090 CEST497481012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:14.649853945 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:14.853713036 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:14.853838921 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:14.854345083 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:15.109747887 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.169146061 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.172529936 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:15.408400059 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.409487009 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:15.650547981 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.651410103 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:15.773205996 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.826594114 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:15.893353939 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:15.893542051 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:16.030723095 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:16.076664925 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:16.128724098 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:16.129235983 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:16.323503971 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:16.373523951 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:16.576471090 CEST10124974979.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:16.609369993 CEST497491012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:20.696825027 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:20.926824093 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:20.926987886 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:20.928065062 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:21.251712084 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.305288076 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.305869102 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:21.526211977 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.528842926 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:21.759768963 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.759972095 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:21.896317959 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.936805010 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:21.961980104 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:21.962277889 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.139813900 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:22.186511993 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.205540895 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:22.205626965 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.416862011 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:22.417088985 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.612869978 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:22.655317068 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.671878099 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:22.903084040 CEST10124975079.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:23.672503948 CEST497501012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:27.756140947 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:27.950942039 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:27.951083899 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:27.967833042 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:28.196564913 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.301637888 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.301913023 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:28.496805906 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.498776913 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:28.754863024 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.757566929 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:28.859972954 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.905807972 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:28.959981918 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:28.960247993 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:29.196067095 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:29.196175098 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:29.227463961 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:29.280885935 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:29.446829081 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:29.482357025 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:29.531140089 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:29.684573889 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:29.927828074 CEST10124975179.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:30.672565937 CEST497511012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:34.838129997 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:35.034003019 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:35.034113884 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:35.035037041 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:35.267563105 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:35.431780100 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:35.434345961 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:35.636765957 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:35.637810946 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:35.891936064 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:35.892178059 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:36.054860115 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:36.103022099 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:36.103224039 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:36.269233942 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:36.536436081 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:36.536658049 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:36.733407974 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:36.781575918 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:36.977302074 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:37.047125101 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:37.229435921 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:37.242726088 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:37.297107935 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:37.469640017 CEST10124975279.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:38.235497952 CEST497521012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:42.391802073 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:42.588862896 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:42.589132071 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:42.623716116 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:42.869461060 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:42.945282936 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:42.945558071 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:43.147110939 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:43.152945995 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:43.398446083 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:43.398525953 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:43.633799076 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:43.671272039 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:43.710180044 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:43.907299995 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:43.909107924 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:44.104722977 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:44.105246067 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:44.297744036 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:44.297915936 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:44.529593945 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:45.264484882 CEST10124975579.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:45.313416958 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:45.318082094 CEST497551012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:49.384838104 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:49.576031923 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:49.576204062 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:49.577172041 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:49.815567970 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:49.900036097 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:49.900774002 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:50.134701014 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:50.137212992 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:50.394326925 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:50.394571066 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:50.621624947 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:50.697657108 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:50.698864937 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:50.899689913 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:50.901534081 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:51.093086004 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:51.093461990 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:51.288600922 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:51.329847097 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:51.330677032 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:51.560612917 CEST10124975679.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:52.319515944 CEST497561012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:56.371097088 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:56.572726011 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:56.572916031 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:56.573426962 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:56.808573961 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:56.888773918 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:56.939491987 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:56.975883007 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:57.171930075 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:57.172223091 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:57.405127048 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:57.405282021 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:57.637263060 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:57.763684988 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:57.765439987 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:57.972460032 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:57.973582983 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:58.200570107 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:58.200702906 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:58.549143076 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:58.550610065 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:58.550834894 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:58.746829987 CEST10124975779.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:48:58.799215078 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:48:59.018441916 CEST497571012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:03.082211971 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:03.319736004 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:03.319945097 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:03.321326017 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:03.571230888 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:03.658489943 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:03.658809900 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:03.887531042 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:03.890188932 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:04.159569025 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:04.159828901 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:04.273917913 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:04.315256119 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:04.383732080 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:04.384073973 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:04.617727995 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:04.617949963 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:04.827552080 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:04.877749920 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:05.074929953 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:05.113614082 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:05.346997023 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:08.518076897 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:08.565694094 CEST497581012192.168.2.379.134.225.30
                                                            Apr 8, 2021 02:49:10.267402887 CEST10124975879.134.225.30192.168.2.3
                                                            Apr 8, 2021 02:49:10.315716028 CEST497581012192.168.2.379.134.225.30

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Apr 8, 2021 02:46:53.952297926 CEST5754453192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:53.966980934 CEST53575448.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:46:54.760468960 CEST5598453192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:54.774353027 CEST53559848.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:46:55.433089018 CEST6418553192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:55.446239948 CEST53641858.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:46:56.102468967 CEST6511053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:56.116492987 CEST53651108.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:46:57.156429052 CEST5836153192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:57.170727968 CEST53583618.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:46:58.091542959 CEST6349253192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:46:58.105937004 CEST53634928.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:14.745675087 CEST6083153192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:14.758429050 CEST53608318.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:16.099215984 CEST6010053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:16.111876011 CEST53601008.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:17.561136007 CEST5319553192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:17.573775053 CEST53531958.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:18.882030964 CEST5014153192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:18.894682884 CEST53501418.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:19.534041882 CEST5302353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:19.546690941 CEST53530238.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:21.730972052 CEST4956353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:21.744327068 CEST53495638.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:22.374803066 CEST5135253192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:22.388505936 CEST5934953192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:22.394206047 CEST53513528.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:22.400437117 CEST53593498.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:23.286155939 CEST5708453192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:23.300271034 CEST53570848.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:24.607961893 CEST5882353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:24.620454073 CEST53588238.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:25.267237902 CEST5756853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:25.279891968 CEST53575688.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:26.050910950 CEST5054053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:26.090246916 CEST53505408.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:28.152350903 CEST5436653192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:28.165757895 CEST53543668.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:29.144176960 CEST5303453192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:29.163738966 CEST53530348.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:33.189938068 CEST5776253192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:33.245075941 CEST53577628.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:35.207701921 CEST5543553192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:35.221071959 CEST53554358.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:38.098249912 CEST5071353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:38.116609097 CEST53507138.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:42.209163904 CEST5613253192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:42.221930027 CEST53561328.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:48.389548063 CEST5898753192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:48.402282953 CEST53589878.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:51.611351013 CEST5657953192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:51.626709938 CEST53565798.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:47:54.659351110 CEST6063353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:47:54.679435968 CEST53606338.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:01.586961985 CEST6129253192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:01.599728107 CEST53612928.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:04.910753012 CEST6361953192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:04.923286915 CEST53636198.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:08.500825882 CEST6493853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:08.514415979 CEST53649388.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:08.553947926 CEST6194653192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:08.567161083 CEST53619468.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:14.635277033 CEST6491053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:14.648689032 CEST53649108.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:20.674544096 CEST5212353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:20.694863081 CEST53521238.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:27.741358042 CEST5613053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:27.754797935 CEST53561308.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:34.736381054 CEST5633853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:34.835853100 CEST53563388.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:40.013205051 CEST5942053192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:40.025350094 CEST53594208.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:41.896703005 CEST5878453192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:41.931121111 CEST53587848.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:42.371321917 CEST6397853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:42.390798092 CEST53639788.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:49.369277000 CEST6293853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:49.382922888 CEST53629388.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:48:56.355611086 CEST5570853192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:48:56.369214058 CEST53557088.8.8.8192.168.2.3
                                                            Apr 8, 2021 02:49:03.066452980 CEST5680353192.168.2.38.8.8.8
                                                            Apr 8, 2021 02:49:03.080234051 CEST53568038.8.8.8192.168.2.3

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                            Apr 8, 2021 02:47:22.374803066 CEST192.168.2.38.8.8.80x421bStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:29.144176960 CEST192.168.2.38.8.8.80x225fStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:35.207701921 CEST192.168.2.38.8.8.80xd91cStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:42.209163904 CEST192.168.2.38.8.8.80x1511Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:48.389548063 CEST192.168.2.38.8.8.80x509fStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:54.659351110 CEST192.168.2.38.8.8.80x214eStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:01.586961985 CEST192.168.2.38.8.8.80x485dStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:08.553947926 CEST192.168.2.38.8.8.80x927dStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:14.635277033 CEST192.168.2.38.8.8.80x1542Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:20.674544096 CEST192.168.2.38.8.8.80x18e1Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:27.741358042 CEST192.168.2.38.8.8.80x8571Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:34.736381054 CEST192.168.2.38.8.8.80xb8b1Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:42.371321917 CEST192.168.2.38.8.8.80xb51cStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:49.369277000 CEST192.168.2.38.8.8.80x233bStandard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:56.355611086 CEST192.168.2.38.8.8.80x95f1Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:49:03.066452980 CEST192.168.2.38.8.8.80x3db4Standard query (0)nassiru1144.ddns.netA (IP address)IN (0x0001)

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                            Apr 8, 2021 02:47:22.394206047 CEST8.8.8.8192.168.2.30x421bNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:29.163738966 CEST8.8.8.8192.168.2.30x225fNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:35.221071959 CEST8.8.8.8192.168.2.30xd91cNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:42.221930027 CEST8.8.8.8192.168.2.30x1511No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:48.402282953 CEST8.8.8.8192.168.2.30x509fNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:47:54.679435968 CEST8.8.8.8192.168.2.30x214eNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:01.599728107 CEST8.8.8.8192.168.2.30x485dNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:08.567161083 CEST8.8.8.8192.168.2.30x927dNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:14.648689032 CEST8.8.8.8192.168.2.30x1542No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:20.694863081 CEST8.8.8.8192.168.2.30x18e1No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:27.754797935 CEST8.8.8.8192.168.2.30x8571No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:34.835853100 CEST8.8.8.8192.168.2.30xb8b1No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:42.390798092 CEST8.8.8.8192.168.2.30xb51cNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:49.382922888 CEST8.8.8.8192.168.2.30x233bNo error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:48:56.369214058 CEST8.8.8.8192.168.2.30x95f1No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)
                                                            Apr 8, 2021 02:49:03.080234051 CEST8.8.8.8192.168.2.30x3db4No error (0)nassiru1144.ddns.net79.134.225.30A (IP address)IN (0x0001)

                                                            Code Manipulations

                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            Analysis Process: AIC7VMxudf.exe PID: 4872 Parent PID: 5648

                                                            General

                                                            Start time:02:47:00
                                                            Start date:08/04/2021
                                                            Path:C:\Users\user\Desktop\AIC7VMxudf.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Users\user\Desktop\AIC7VMxudf.exe'
                                                            Imagebase:0x690000
                                                            File size:1182208 bytes
                                                            MD5 hash:D14D623AD514F6EF05FB94541868B29C
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Yara matches:
                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, Author: Florian Roth
                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, Author: Joe Security
                                                            • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                            Reputation:low

                                                            Chronological Activities

                                                            Analysis Process: schtasks.exe PID: 2044 Parent PID: 4872

                                                            General

                                                            Start time:02:47:03
                                                            Start date:08/04/2021
                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp'
                                                            Imagebase:0xad0000
                                                            File size:185856 bytes
                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: conhost.exe PID: 4928 Parent PID: 2044

                                                            General

                                                            Start time:02:47:03
                                                            Start date:08/04/2021
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff6b2800000
                                                            File size:625664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: RegSvcs.exe PID: 6136 Parent PID: 4872

                                                            General

                                                            Start time:02:47:04
                                                            Start date:08/04/2021
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            Imagebase:0x350000
                                                            File size:45152 bytes
                                                            MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Chronological Activities

                                                            Analysis Process: RegSvcs.exe PID: 6100 Parent PID: 4872

                                                            General

                                                            Start time:02:47:04
                                                            Start date:08/04/2021
                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                            Imagebase:0x450000
                                                            File size:45152 bytes
                                                            MD5 hash:2867A3817C9245F7CF518524DFD18F28
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:.Net C# or VB.NET
                                                            Reputation:high

                                                            Chronological Activities

                                                            Disassembly

                                                            Code Analysis

                                                            Reset < >

                                                              Analysis Process: AIC7VMxudf.exe PID: 4872 Parent PID: 5648 AIC7VMxudf.exeCOMMON

                                                              Executed Functions

                                                              Function 02A56E10, Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID: N
                                                              • API String ID: 0-1130791706
                                                              • Opcode ID: 7fe403d25efe22056b12d89b8aebba2ff758a35ebd4b3781b4576e00aa564007
                                                              • Instruction ID: 3442e40dd8c8a47a6e25b8ff37721ad013e022bfc177d655145fb2d6dab4fab5
                                                              • Opcode Fuzzy Hash: 7fe403d25efe22056b12d89b8aebba2ff758a35ebd4b3781b4576e00aa564007
                                                              • Instruction Fuzzy Hash: 3B611170D00228CFDB04DFAAC5486EEFBB6BF89304F54856AC405BB294DB344A4ACF54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A5B4F0, Relevance: .9, Instructions: 905COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e6565162b2d5ca0a8f2e596b0963f6fe4ad82bfb879860ca646d0dcebaa69696
                                                              • Instruction ID: 6f20d42ba559f93167e2b9e8b4dc456630d8177c80fce142956008c9ccca65b0
                                                              • Opcode Fuzzy Hash: e6565162b2d5ca0a8f2e596b0963f6fe4ad82bfb879860ca646d0dcebaa69696
                                                              • Instruction Fuzzy Hash: F5826D30A00625DFCB14CF68D584AAFBBF2BF48319F158959E905DB2A9DB31ED41CB60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A5A7B0, Relevance: .9, Instructions: 898COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 7583d02d0bfdc24d9d694523bcd669c049a4d89a142cb81e10ddfd2fb77863b7
                                                              • Instruction ID: 5f81c9c306746d73c6cb08fdf21ab50a933fe626416ef965e6cf65a2073389be
                                                              • Opcode Fuzzy Hash: 7583d02d0bfdc24d9d694523bcd669c049a4d89a142cb81e10ddfd2fb77863b7
                                                              • Instruction Fuzzy Hash: 8D725F70B001299FDB14DFA5C884BAEBBF2BF88309F158569E9069B355DB30DD45CBA0
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A570C0, Relevance: .3, Instructions: 268COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a80b441a69204395c03e2b284672d9cda454810b63ce215899381810ba88694a
                                                              • Instruction ID: 8144c407d6f469c96e99bbf562a4985e35290455e5f350299a10458d109fadc6
                                                              • Opcode Fuzzy Hash: a80b441a69204395c03e2b284672d9cda454810b63ce215899381810ba88694a
                                                              • Instruction Fuzzy Hash: 36918034F482289BCB089F7598642BEB6B7BFC8714B19886DD806E7384DF349C16C791
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A588E1, Relevance: .2, Instructions: 173COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: e51cd3ecdb3914754c8fac5fafa6980633ca274ae8b20772fb677d876f15fcdb
                                                              • Instruction ID: 4e250ec9324470f5a8012d77ae369e1052946f21320fcff6a9c28eb8be91b570
                                                              • Opcode Fuzzy Hash: e51cd3ecdb3914754c8fac5fafa6980633ca274ae8b20772fb677d876f15fcdb
                                                              • Instruction Fuzzy Hash: 3371D374E002189FDB14DFA9D854BAEBBF2BF88300F24C06AD909AB395DB305946CF54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A55655, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 02A55711
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: d719b5324279c9d821d00bc7d7d94a03040c6a28ca3a2f618e5fd3f4e8e2711e
                                                              • Instruction ID: 3310052f92b25e5beee0478d9c67a0c865cf1aacfbe4377af5309ae465b11bf1
                                                              • Opcode Fuzzy Hash: d719b5324279c9d821d00bc7d7d94a03040c6a28ca3a2f618e5fd3f4e8e2711e
                                                              • Instruction Fuzzy Hash: D141F2B0C00629CFDB24CFA9C9847CEBBF5BF49308F25856AD409AB251DB756949CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02A53ED8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateActCtxA.KERNEL32(?), ref: 02A55711
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203896517.0000000002A50000.00000040.00000001.sdmp, Offset: 02A50000, based on PE: false
                                                              Similarity
                                                              • API ID: Create
                                                              • String ID:
                                                              • API String ID: 2289755597-0
                                                              • Opcode ID: 5a0876f1b07108360c774f388deb59307c0a4a0691d6fb4e22c0bc57f75ca2d8
                                                              • Instruction ID: dcea3ddfeb172954e234c11d85d94271a8595c4cc5e0629baf1d46ede8973258
                                                              • Opcode Fuzzy Hash: 5a0876f1b07108360c774f388deb59307c0a4a0691d6fb4e22c0bc57f75ca2d8
                                                              • Instruction Fuzzy Hash: 3C41F0B0C00628CFDB24CFA9C988BDEBBF5BF48308F618569D409AB250DB746945CF90
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0296D1AD, Relevance: .0, Instructions: 45COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203850152.000000000296D000.00000040.00000001.sdmp, Offset: 0296D000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 814123807a4bd9b2eca3422eaa556049fa7cbc5479850eef8cc07994c3f52912
                                                              • Instruction ID: d3e987bb207a25b57b9c686756120e00382bcd74956e7bbb9214a593719d1681
                                                              • Opcode Fuzzy Hash: 814123807a4bd9b2eca3422eaa556049fa7cbc5479850eef8cc07994c3f52912
                                                              • Instruction Fuzzy Hash: 27012B71508344DAEB108A25CC887B3BFDCEF45278F0AC519ED244B242C778D844C6B1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0296D1AC, Relevance: .0, Instructions: 36COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.203850152.000000000296D000.00000040.00000001.sdmp, Offset: 0296D000, based on PE: false
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a5c3c5343ebebd004e1f94d15d07bd748d33e39d4e673b571606df0088edad01
                                                              • Instruction ID: 30962e4bfa98ae56d73cf9f59e385257438fcb5008d7f006036a4a719a9ed8f9
                                                              • Opcode Fuzzy Hash: a5c3c5343ebebd004e1f94d15d07bd748d33e39d4e673b571606df0088edad01
                                                              • Instruction Fuzzy Hash: 13F06271504244AAEB208A15CC88BA3FFDCEF81774F18C55AED185B286C3799844CAB1
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions